What would you do if a system could not support standard IT security agents but still needed to meet compliance requirements?