A company's change management procedure requires that any modifications to the IT infrastructure undergo a review process. Before final approval, which document should primarily guide the decision on whether the change is in line with organizational security policies and standards?
Acceptable Use Policy (AUP)
Information Security Policies
Software Development Lifecycle (SDLC) document
Business Continuity Plan (BCP)