DASA Technology Services will implement a change management system to review, monitor, and track changes that are made to the Division’s production technology environment. This will be a Division-wide effort.
Included in this initiative:
- Documentation of changes including the type of change, reason for change, user/system owner testing results and approval
- Prioritization of changes (e.g., classifying changes as normal or emergency)
- A log of changes that are being performed within the division or within the applicable units
- Impact assessment prior and subsequent to making system changes, where appropriate
- COBIT AI 3.3 Infrastructure Maintenance – develop a strategy and plan for infrastructure maintenance, and ensure that changes are controlled in line with the organization’s change management procedure. Include periodic reviews against business needs, patch management, and upgrade strategies, risks, vulnerabilities assessment and security requirements.
- COBIT AI6.1 Change Standards and Procedures – setup formal change management procedures to handle in a standardized manner all requests (including maintenance and patches) for changes to applications, procedures, processes, system and service parameters, and underlying platforms.
- COBIT AI6.2 Impact Assessment, Prioritization and Authorization – assess all requests for change in a structured way to determine the impact on the operational system and its functionality. Ensure that changes are categorized, prioritized and authorized.
- COBIT AI6.3 Emergency Changes – define a process for defining, raising, testing, documenting, assessing and authorizing emergency changes that do not follow the established change process.
- COBIT AI6.4 Change Status Tracking and Reporting – Establish a tracking and reporting system to document rejected changes, communicate the status of approved and in-process changes, and complete changes. Make certain that approved changes are implemented as planned.
- COBIT AI6.5 Change Closure and Documentation – whenever changes are implemented, update the associated system and user documentation and procedures accordingly.