Security procedures are considered a critical component of an organization’s overall security program (Dunham 2018). They provide guidance on how to implement, enable and enforce existing security controls; and on how to execute security relevant business processes in a consistent and concerted manner (Ibid.). At the same time, they are to be considered controls in their own right. Same as other components of a security program, they require constant fine-tuning in order to remain effective and efficient over time. This entry highlights a number of triggers or incentives for organizations to upgrade existing security procedures or to implement new ones. It further positions script analysis as a promising tool to ensure that controls and procedures remain effective and fit for purpose.