This paper presents a process-oriented approach to manage organizational change needed to improve information security compliance. The approach uses Business Aligned Information Security  anagement (BAISeM) and principles that have been derived from standards like ITIL, CObIT and ISO 27001. In order to illustrate the approach, the context of IT service continuity is selected as an example.