Paramount in the implementation is safeguarding the assets of the organization. This means allowing only authorized employees to have access to parts of the application, the data, or the business processes in which they are responsible. Users should have their own log-in and password with expiration dates and account lockouts. In a hosted environment, the system should provide added security for those who work from home. The system should log itself out after a certain amount of time. The policies and procedures should be well documented (in accordance with Sarbanes Oxley). The policies and procedures documentation should reside with the company in a secure location. Last, the project manager should own all documentation regarding the implementation and change control.