Change Control

Change Control - Important Considerations Before Making Changes to your IT Systems

Omer Aslim selfie
By: Omer Kaan Aslim
June 28, 2020
Change control procedures are the backbone of any mature cybersecurity program. We offer a list of items IT teams should consider before deploying changes to their production environment.

Change control procedures are a critical part of a cybersecurity program. Change controls ensure that changes to your systems are authorized, timely and that potential risks associated with a change are considered. An organization with robust change control procedures will experience less system downtime and improved security. Below is a list of items you should consider before implementing changes to your information system.
- Determine Who is ultimately responsible for carrying out the proposed change.
- Determine hich personnel will be responsible for implementing the proposed change.
- Document the proposed change in detail. Another IT team member should be able to understand the proposed change by reading your documentation.
- Document the justification for the proposed change.
- Document the urgency of the change. Is it scheduled or is it an urgent unscheduled change needing immediate action?
- Identify which systems you will deploy the proposed changes to.
- Determine any potential security impacts of the proposed change.
- Determine the functional impact the proposed change will have on your environment.
- Determine the potential impact of not implementing the proposed change.
- Determine if the proposed change result in any system integration issues.
- Determine if the proposed change require any changes to be made to other existing systems.
- Determine a set date for implementing the proposed change.
- Create a plan for implementing the proposed change.
- Identify any funding or other resource requirements for implementing the proposed change.
- Receive approval to implement the proposed change from relevant stakeholders?
In conclusion all changes made to your systems need to be documented, approved, and tested before deployment to your production environment. This helps you maintain order and security in your information system.
 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance