UnixTime

Research Note

Change Management Procedure

Use this procedure to define how changes to systems, infrastructure, applications, code, networks, cloud resources, and operational environments are controlled.

On this page

When to use this

Use this procedure to define how changes to systems, infrastructure, applications, code, networks, cloud resources, and operational environments are controlled.

Procedure outline

  1. Change request is raised.
  2. Business, technical, security, privacy, and operational impact are assessed.
  3. Testing, rollback, communication, and implementation plans are prepared.
  4. Authorized roles approve or reject the change.
  5. Change is implemented in the approved window.
  6. Implementation is monitored.
  7. Post-implementation review is completed.
  8. Records and documentation are updated.

Minimum requirements

  • Change scope is defined.
  • Security impact assessment is mandatory.
  • Approval level is risk-based.
  • Testing is evidenced.
  • Rollback/failback is defined.
  • Emergency change path is controlled.
  • Change history is retained.