All companies must implement effective yet practical controls for ensuring product quality and the continuity of operations. Some of these controls are used for maintaining the security and quality of information processing. Are your information security controls suitable for your needs? What are they and what is their current state?
In some companies, information security work may be erratic when it should be a well-managed, continuous process. Having a comprehensive information security policy may be good, but it will be of little use without considering how to enforce it in day-to-day operations.