Organizations should carefully consider the potential impacts of employing the assessment procedures defined in this Special Publication when assessing the security and privacy controls in operational systems. Certain assessment procedures, particularly those procedures that directly impact the operation or function of the hardware, software, or firmware components of an information system, may inadvertently affect the routine processing, transmission, or storage of information supporting organizational missions or business functions. For example, a critical information system component may be taken offline for assessment purposes or a component may suffer a fault or failure during the assessment process. Organizations should also take the necessary precautions to ensure that organizational missions and business functions continue to be supported by information systems and that any potential impacts to operational effectiveness resulting from assessment activities are considered in advance.