Change Management Procedure – Template 1
The objective of this procedure is to ensure the integrity and availability of Company’s information and to prevent damages from uncontrolled changes to all IT and physical infrastructure services that support Company’s systems.
An application or system may be changed to correct a flaw, to accommodate business changes, or to enhance functionality. A change is any action which alters or modifies the production environment, including hardware, software, data communications, etc. This includes the promotion of software from the development environment to test/quality assurance or production environment. Adequate change control offers the major security benefit of protecting the integrity of programs and data by not allowing unauthorized changes. Procedures for requesting, authorizing, prioritizing, scheduling, distributing and communicating changes must be established.
This procedure is intended to document the change management process implemented at the Company.
CONTENT
1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. REQUIREMENTS
3.1 CHANGE MANAGEMENT COMMITTEE
3.2 CHANGE MANAGEMENT PROCESS
3.3 EMERGENCY CHANGES
3.4 SOFTWARE UPGRADES, PATCHES, SECURITY UPDATES
3.5 INFORMATION SECURITY REQUIREMENTS
3.6 DOCUMENTATION
3.7 TRAINING
3.8 POST-IMPLEMENTATION REVIEW (PIR)
4. ROLES AND RESPONSIBILITIES
4.1 DEPARTMENT MANAGER(S)
4.2 IT DIVISION (INFORMATION SECURITY DEPARTMENT)
4.3 EMPLOYEE
4.4 BUSINESS DEPARTMENT (OR BPD – BUSINESS PROCESS DIVISION)
5. EXCEPTIONS
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
Pages: 17
Review Change Management Procedure – Template 1.