What is the primary reason an organization would use emergency change control for an application?

Using emergency change control for an application is primarily justified when there is a high probability of a significant impact on operations. This type of change control is designed to address urgent situations that could negatively affect business operations, service delivery, or compliance. When a situation arises that could lead to substantial risks or disruptions, emergency change control allows for rapid implementation of necessary changes to mitigate those risks.

In scenarios where significant impacts to operations are anticipated, standard change management processes may not be quick enough to address the issue, leaving the organization vulnerable. Emergency change control provides a structured process to expedite critical changes while still ensuring that necessary controls and documentation are followed, albeit in a more streamlined fashion.

The other options don't align as closely with the primary purpose of emergency change control. For instance, while an application owner's request for new functionality is important, it doesn't inherently require an emergency process. Similarly, the use of agile methodologies is about iterative development rather than urgent changes. Lastly, although a security patch from an operating system vendor may necessitate prompt attention, it is generally handled through routine change control procedures unless there is an immediate threat to system integrity or operations. Thus, the correct choice underscores the necessity of swift action in response to potential operational impacts.