Introduce corporate policies and processes to develop secure baseline builds, and manage the configuration and use of your ICT systems. Remove or disable unnecessary functionality from ICT systems, and keep them patched against known vulnerabilities. Failing to do this will expose your business to threats and vulnerabilities, and increase risk to the confidentiality, integrity and availability of systems and information.