The purpose of this policy is to define the requirements for system and information integrity controls. These controls include business processes and coding and deployment standards focused on the timely identification and remediation of system vulnerabilities (e.g. software flaws or coding errors) to ensure the integrity of systems and the information they process or store.