A company's change management procedure requires that any modifications to the IT infrastructure undergo a review process. Before final approval, which document should primarily guide the decision on whether the change is in line with organizational security policies and standards?
Software Development Lifecycle (SDLC) document
Acceptable Use Policy (AUP)
Business Continuity Plan (BCP)
Information Security Policies