An organization has recently installed a security patch, which crashed the production server. To minimize the probability of this occurring again, an IS auditor should: 
A、apply the patch according to the patch's release notes. 
B、ensure that a good change management process is in place. 
C、thoroughly test the patch before sending it to production. 
D、approve the patch after doing a risk assessment.