Change Management Auditing Article Index for
Change Management 		Website Links For
Change Management 		 

Information About

Change Management Auditing
APPAREL
BABY
BEAUTY
BOOKS
CAR TOYS
CELL PHONES
DVD'S
ELECTRONICS
GOURMET FOOD
GROCERIES
HEALTH & PERSONAL
HOME & GARDEN
JEWELRY
MUSIC
MUSIC INSTRUMENTS
OFFICE PRODUCTS
SOFTWARE
SPORTING GOODS
TOOLS & HARDWARE
TOYS
VIDEO GAMES
SHOPPING HOME
MORE SHOPPING...



Information Technology Change Management is aimed at limiting unauthorized changes and errors and disruption from changes. A Change Management control system sets out procedures to analyze, implement, and review changes to Information Technology infrastructure. As a result, Change Management is an important factor in the Security of a system.


WEAK CHANGE MANAGEMENT CONTROL RISKS



CONTROL COMPONENTS

  • Change Management procedures are documented and followed

  • Formal Process for requesting changes

  • --- The request should be formal, written, and stored for reference.

  • Change requests are prioritized

  • --- All incoming change requests should be prioritized based on urgency, benefits, and ease of correction. This ensures that resources are utilized appropriately.

  • Impact assessment

  • --- Each change should be assessed for its impact to the system and on business processes. Documentation of this assessment should be stored with the request.

  • Control of implementation

  • --- Implementation of changes should be limited by automated and/or manual controls. Unauthorized changes should be periodically searched for.

  • Emergency process

  • --- Policies should clearly define what qualifies as an emergency change. Generally, these changes are restricted to errors that significantly affect functionality, business processes, or vulnerabilities. Emergency changes can override some controls, but not others. For instance, documentation can be prepared after the change, but authorization is still necessary.

  • Documentation is updated

  • --- Documentation (for developers and users) should be updated when changes to the system are implemented.

  • Maintenance changes

  • --- Maintenance tasks and changes should be logged and included in Change Management procedures.

  • New Software releases

  • --- New Software releases require additional controls including back ups, version control, and a more secure implementation.

  • Software Distribution

  • --- A Software Distribution process tracks compliance with license agreements. Noncompliance can have disastrous Financial and legal results.

  • Approval

  • --- All changes should be approved after consideration of resources, other changes in process, impact of the change, urgency, and stability of the system.

  • Segregation Of Duties

  • --- Initiation, approval, and implementation of changes should be performed by different personnel so that undesired changes are not made.

  • Post-Implementation

  • --- Procedures exist to monitor the effectiveness of the Change Management policies.



SEE ALSO



EXTERNAL LINKS