Be sure to set up controls around who gets to adjust the capacity (your IT department is key here), how new capacities should be reported, what the minimal security and permission requirements are, ...