A written systems management policy should include an overview of the system and its objectives, selected features, and general operation, as well as a diagram of the access control system's configuration. Often, mistakes are made when new features are implemented or existing features are adjusted and no quality assurance testing is performed; these mistakes may involve staggered connection times, time zones, and anti- passback. Other elements that need to be highlighted in computer security guidelines include alarm management, which ensures that operators receive the alarm and respond promptly and efficiently; passwords and operators; periodic access control reports to provide management with the information necessary to audit and maintain the system's data integrity; badges; system backups and maintenance; and a disaster recovery program, which encompasses both planning for contingency responses and managing emergency operations.