Properly maintaining an IT control framework is the first step toward achieving a sustainable IT compliance program. To uncover best practices for maintaining an IT control framework, Forrester spoke with companies from a variety of industries having domestic and international IT operations. Our research uncovered three best practice areas: establishing a central control library, exercising adequate governance, and monitoring the environment for changes. Integrating these best practices into an IT compliance program provides the capability to sustain compliance with laws, regulations, industry standards, corporate policies, and contractual obligations while keeping the number of IT controls manageable.