The purpose of the security management practice is to ensure that the security-related activities are adequately planned, documented and executed throughout the product’s life-cycle. If care is not taken in planning and supporting the activities related to security, then those activities can be rendered ineffective due to inadequate resources, insufficient time or process inefficiencies. Similarly, misalignment of the product’s security needs with related organizational processes such as configuration management, information technology policies and procedures and supply chain management can jeopardize the effectiveness of the secure product development life-cycle.