Yes. One of the 65 requirements documented in our report was about security, compliance to security standards and policies, and so forth. We would agree that if you standardize those and centralize the monitoring and enforcement, the probability's higher that you would have better outcomes.
On February 13th, 2012. See this statement in context.