T3.2.3 - CHANGE MANAGEMENT Implementation Guidance
The entity shall control the changes to information systems.
Back to T3.2.3 - P4 - CHANGE MANAGEMENT
Operational systems and application software should be subject to strict change management control. In particular, the following items should be considered:
- A. Identification and recording of significant changes
- B. Planning and testing of changes
- C. Assessment of the potential impacts, including security impacts, of such changes
- D. Formal approval procedure for proposed changes
- E. Communication of change details to all relevant persons
- F. Fallback procedures, including procedures and responsibilities for aborting and recovering from unsuccessful changes and unforeseen events
Formal management responsibilities and procedures should be in place to ensure satisfactory control of all changes to equipment, software or procedures. When changes are made, an audit log containing all relevant information should be retained.
Back to T3.2.3 - P4 - CHANGE MANAGEMENT
