Increasingly, technology systems are tightly integrated and interdependent. As a result, creating a central change control oversight function is a sound practice for management of the change process. This may be a specialized change control or management committee in a large, complex institution, or a technology steering committee in a small, noncomplex institution. All changes should flow through the oversight function, which should include appropriate representation from business lines, support areas, technology management, information security, and internal audit. In establishing a framework for managing change, a policy should be present describing minimum standards and including such factors as notification, oversight, and control. Control standards should address risk, testing, authorization and approval, timing of implementation, post-installation validation, and back-out or recovery.