RydSecure recently detected an unauthorized change to a critical security control in one of their information systems. After investigating the incident, the IT team determined that the change was made by an employee who did not follow proper change management procedures. What should RydSecure do to address this issue? (Select the best answer)