The objective of the Change Management Procedure is to define the approach and overall framework for software developments and the way they are implemented within the Company’s information systems.
The result of software development activity is an application or application module referred subsequently as Product.
A Product can be developed starting from a set of business requirements:
a. as a change request for a new/modified functionality of an existing application.
b. as an emergency change request for a new/modified functionality of an existing application.
c. as a customization – based on an existing software package which is adapted to match the existing requirements and business model;
d. as a totally new application – when a customized solution does not cover specific business requirements, no alternative solution exists or from cost efficiency considerations;
According to applicability domains, Products can be used inside a department (for specific, particular use) or over more than one department.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. RESPONSIBILITY MATRIX / TASKS DETAILS
3.1 REQUIREMENTS ANALYSIS
3.2 NEW CONTRACT
3.3 CHANGE REQUEST
3.4 FUNCTIONAL ANALYSIS
3.6 TECHNICAL AND DESIGN ANALYSIS
3.7 ACCEPTANCE TESTS DESIGN
3.11 CONDITIONAL ACCEPTANCE TESTING
3.12 ERROR FIX
3.13 IMPLEMENTATION IN PRODUCTION ENVIRONMENT
3.14 LAUNCH AND RUN IN PRODUCTION ENVIRONMENT
3.15 FINAL ACCEPTANCE
3.16 REVIEW AND AUTHORIZATION
3.17 IMPLEMENTATION AND TESTING ON TEST ENVIRONMENT
3.18 IMPLEMENTATION IN PRODUCTION ENVIRONMENT
3.19 EVALUATION AND DOCUMENTATION
4. PERIODIC REVIEW OF OUTSTANDING ISSUES
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
This bundle contains all the products listed in the Program Development and Change Management section. Take advantage of the 25% OFF when buying the bundle!
This IT Risk Standard details the requirements with respect to Network Security. It addresses requirements which must be incorporated into the Company network design, in order to mitigate risks associated with remote access and interconnected networks.