This standard is intended to guide the reader through the process of securely managing business applications, both internally developed and externally sourced, regardless of whether locally installed or cloud based. Centred around stocktaking, documenting and actively managing those applications, this standard should enable the visibility of all business utilised applications, ensuring all are appropriately assessed for risk, appropriately controlled, and managed in such a way as to not introduce cyber security risk going forward.