Testing updates and emergency changes: Things don't always go as planned and the information security professional should not expect that to change when it comes to implementing an information system. The information security professional should be available during the implementation phase of the system to assist with changes that were not anticipated during the design phase. Having the information security professional present ensures that security guidance can be provided for any required changes to the design of the information system, helping to ensure an acceptable level of security. Additionally, the information security professional can test the new changes to the design to validate that the security controls are functioning as expected and not impacting the system being implemented.