diff --git a/Processes/Quality Management/COSO/ITGC.md b/Processes/Quality Management/COSO/ITGC.md
index 9b6f1c0..4291993 100644
--- a/Processes/Quality Management/COSO/ITGC.md	
+++ b/Processes/Quality Management/COSO/ITGC.md	
@@ -22,9 +22,9 @@
 
 | Overview             | Component | Situation                                                    | Evidences                          |
 | -------------------- | --------- | ------------------------------------------------------------ | ---------------------------------- |
-| Frequency of changes | A         | Often changes are required for various reasons (e.g. functionality enhancement changes in business processes, etc.) | CHANGELOG<br />Software validation |
-| Frequency of changes | OS, DB    | Changes are made for each release of security patches/upgrades | Software validation                |
-| Frequency of changes | N, O      | Changes are made for each release of patches/upgrades        | Software validation                |
+| Frequency of changes | A         | Often changes are required for various reasons (e.g. functionality enhancement changes in business processes, etc.) | CHANGELOG<br />[Third Party Software Validation - New](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20New.md)<br />[Third Party Software Validation - Update](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20Update.md) |
+| Frequency of changes | OS, DB    | Changes are made for each release of security patches/upgrades | [Third Party Software Validation - New](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20New.md)<br />[Third Party Software Validation - Update](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20Update.md)                |
+| Frequency of changes | N, O      | Changes are made for each release of patches/upgrades        | [Third Party Software Validation - New](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20New.md)<br />[Third Party Software Validation - Update](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20Update.md)                |
 
 ### Assessment of Design Effectiveness
 
@@ -32,7 +32,7 @@
 | ---- | ------------------------------------------------------------ | --------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
 | 1    | How are policies and procedures for development and maintenance prepared? | A, OS, DB, N, O | Policies and procedures for development and maintenance are described in a formal way. Documentations are prepared by the IT team and authorized by the head of IT | Process: [Development](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/01_Development.md)<br />Process: [Support & Service](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/04_Support%20%26%20Service.md)<br />Policies: [IT](https://github.com/Karaka-Management/Organization-Guide/tree/master/Policies%20%26%20Guidelines/IT) |
 | 2    | How are roles and responsibilities concerning development and maintenance defined? | A, OS, DB, N, O | Roles and responsibilities concerning development and maintenance are clearly defined in the IT process and policies. IT personnel incl. service vendors perform changes | Process: [Development](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/01_Development.md)<br />Process: [Support & Service](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/04_Support%20%26%20Service.md)<br />[Organigram](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/01_Development.md) |
-| 3    | How are changes tested and their results approved?           | A, OS, DB, N, O | Before updates for third party software are performed on the servers they are tested in a testing environment. Self-developed software changes are tested according the development process. | [Third party: Software validation](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20New.md)<br />Process: [Development](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/01_Development.md)<br />Internal: Test protocols |
+| 3    | How are changes tested and their results approved?           | A, OS, DB, N, O | Before new third party software is installed or updates for third party software are performed on the servers they are tested in a testing environment. Self-developed software changes are tested according the development process. | [Third Party Software Validation - New](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20New.md)<br />[Third Party Software Validation - Update](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20Update.md)<br />Process: [Development](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/01_Development.md)<br />Internal: Test protocols |
 | 4    | How are changes approved for their migration to the production environment? | A, OS, DB, N, O | The change in the production environment is approved by the head of IT for third party software and for self-developed changes according the development process. | [Third party: Software validation](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20New.md)<br />Process: [Development](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/01_Development.md)<br />Internal: Merge protocol |
 | 5    | What procedures are in place for preventing/detecting unauthorized changes to the production environment? | A, OS, DB, N, O | Only the head of IT can install updates on the servers. Only the head of IT has the necessary IT authentication and IT permission. For self-developed changes all changes, merges can only be performed from authorized personnel and all merges are logged in merging protocols. | [Permission List](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Permission%20List.md)                                              |
 
