5. Explain why it is important to retest following any changes made (AC 1.5)

Retesting after any changes have been made is essential. Whether it's changes to the system, software upgrade, software patches, configuration changes or new hardware installations, there's always a risk of introducing a new vulnerability. Even a seemingly insignificant change can unintentionally weaken the security. This can be done by alteration to the system functionality, creating a loophole or exposing previously hidden risks.

This is why retesting for vulnerabilities after making changes is so important. This process is known as remediation verification testing.

If you do the remediation process well, this will ensure that previously identified vulnerabilities have been properly fixed, no new security gaps have been introduced, that security measures work as expected and compliance and security standards are maintained.