CobiT definition:
All changes, including emergency maintenance and patches, relating to infrastructure and applications within the production environment are formally managed in a controlled manner. Changes (including those to procedures, processes, system and service parameters) are logged, assessed and authorised prior to implementation and reviewed against planned outcomes following implementation. This assures mitigation of the risks of negatively impacting the stability or integrity of the production environment.
Control over the IT process of
Manage changes
that satisfies the business requirement for IT of
responding to business requirements in alignment with the business strategy, whilst reducing solution and service delivery defects and rework
by focusing on
controlling impact assessment, authorisation and implementation of all changes to the IT infrastructure, applications and technical solutions; minimising errors due to incomplete request specifications; and halting implementation of unauthorised changes
is achieved by
- Defining and communicating change procedures, including emergency changes
- Assessing, prioritising and authorising changes
- Tracking status and reporting on changes
and is measured by
- Number of disruptions or data errors caused by inaccurate specifications or incomplete impact assessment
- Amount of application or infrastructure rework caused by inadequate change specifications
- Percent of changes that follow formal change control processes
Control objectives:
AI6 Manage Changes
AI6.1 Change Standards and Procedures
AI6.2 Impact Assessment, Prioritisation and Authorisation
AI6.3 Emergency Changes
AI6.4 Change Status Tracking and Reporting
AI6.5 Change Closure and Documentation
Check out the links for details on the control objectives.
No related posts.