To identify requirements for information system changes, last minute problems that could happen need to be planned for. Access controls are required for information systems to prevent unauthorized access and are needed to protect the system and data. Controls should be implemented and plans made to address any issues that could arise with access to appropriately secure the system.