The objective of the Change Management Procedure is to ensure the integrity and availability of Company’s information and to prevent damages from uncontrolled changes to all IT and physical infrastructure services that support Company’s systems.
An application or system may be changed to correct a flaw, to accommodate business changes, or to enhance functionality. A change is any action which alters or modifies the production environment, including hardware, software, data communications, etc. This includes the promotion of software from the development environment to test/quality assurance or production environment. Adequate change control offers the major security benefit of protecting the integrity of programs and data by not allowing unauthorized changes. Procedures for requesting, authorizing, prioritizing, scheduling, distributing and communicating changes must be established.
This procedure is intended to document the change management process implemented at the Company.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3.1 CHANGE MANAGEMENT COMMITTEE
3.2 CHANGE MANAGEMENT PROCESS
3.3 EMERGENCY CHANGES
3.4 SOFTWARE UPGRADES, PATCHES, SECURITY UPDATES
3.5 INFORMATION SECURITY REQUIREMENTS
3.8 POST-IMPLEMENTATION REVIEW (PIR)
4. ROLES AND RESPONSIBILITIES
4.1 DEPARTMENT MANAGER(S)
4.2 IT DIVISION (INFORMATION SECURITY DEPARTMENT)
4.4 BUSINESS DEPARTMENT (OR BPD – BUSINESS PROCESS DIVISION)
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
This bundle contains all the products listed in the Program Development and Change Management section. Take advantage of the 25% OFF when buying the bundle!
The objective of the Cryptographic Controls Standard is to outline the minimum information security controls which must be applied when cryptographic services and solutions are utilized by the Company. Specifically, this Standard focuses on key management requirements, acceptable algorithms, appropriate key lengths, and raises pertinent regulatory considerations relating to the use of cryptography.
Adequate Capacity Management Policy must be defined and implemented at the Company, in order to be possible to correctly monitor the performance of the existing or future Company systems, to forecast their future evolution and identify possible bottlenecks.