Information security or quality management is a mixture of various parameters such as product, policies, risk, process and PEOPLE. In fact I would argue that people is the most critical element for both information security and quality.
According to CIPD:
Change management matters because, although change is taking place at an ever-increasing pace, there is evidence that suggests that most change initiatives fail. For example, CIPD research suggests that less than 60% of re-organisations met their stated objectives which are usually bottom line improvement.
In addition by having a strong communication plan and by involving as many people as possible all the way through the project often means that you step through the Kubler-Ross curve much quicker and you come out the other end with the buy in of the organisation and the people in that organisation.
This is how you then suddenly have a great platform to further improve your business from.