The objective of the Change Management Policy is to ensure the integrity and availability of Company’s information and to prevent damages from uncontrolled changes to all IT and physical infrastructure services that support Company’s finance, marketing, customer operations, human resource and billing systems.
The Change Management Policy is intended to provide a guideline to be followed for change management at Company. Specific change management procedures must be developed by each Department at the Company managing a change request type (e.g. for patch management, the system administrators will develop a patch management procedure). Depending on the change (type, impact, etc.) some of the steps or documents mentioned in this procedure may be suppressed.
An application or system may be changed to correct a flaw, to accommodate business changes, or to enhance functionality. A change is any action which alters or modifies the production environment, including hardware, software, data communications, etc. This includes the promotion of software from the development environment to test/ quality assurance or production environment. Adequate change control offers the major security benefit of protecting the integrity of programs and data by not allowing unauthorized changes. Procedures for requesting, authorizing, prioritizing, scheduling, distributing, documenting and communicating changes must be established.
Change management includes, but is not limited to modifications of the following: platforms (e.g. migrating to a different IT environment), networking, hardware, operating systems, monitoring and control tools, databases, legacy systems and applications.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. CHANGE MANAGEMENT PROCESS
3.1 CHANGE REQUESTS
3.2 CHANGE APPROVAL
3.3 CHANGE EXECUTION
3.4 TESTING AND IMPLEMENTATION
3.5 EMERGENCY CHANGES
4. ROLES AND RESPONSIBILITIES
4.1 DEPARTMENT MANAGER(S)
4.2 INFORMATION SECURITY TEAM
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
This bundle contains all the products listed in the Program Development and Change Management section. Take advantage of the 25% OFF when buying the bundle!
The objective of this policy is to define standards, procedures, and restrictions for end users who are connecting a personally-owned device to Company’s organization network for business purposes.