Internal compliance policies typically correspond to external certification requirements (ISO, HIPPA, COBIT). In order to obtain or retain the external certifications, adhering to internal policies is essential. When your application portfolio does not meet compliance policies, you face possible security breach, costly maintenance due to custom extended support, and the potential of discontinued certification. The risks of non-compliant applications for IT departments include: Running unsupported software Inability to embrace new technology (such as Windows 7) Potential application failure Diminished productivity due to downtime Loss of competitive edge