New and major system changes should follow necessary procedures and a managed implementation process, with planning, authorization, testing, and contingency plans in place. Any changes should be preserved as records, and the organization should update operating documentation and user protocols accordingly. Procedures to change any controls should cover the whole system development process and be integrated where possible. ICT continuity arrangements, plus responses and recovery protocols, should be reviewed and updated as necessary.