@twist3done InfoSec sets policies, IT Ops implements them, Audit verifies. Traditional separation of duties.