CobiT definition:
All changes, including emergency maintenance and patches, relating to infrastructure and applications within the production environment are formally managed in a controlled manner. Changes (including those to procedures, processes, system and service parameters) are logged, assessed and authorised prior to implementation and reviewed against planned outcomes following implementation. This assures mitigation of the risks of negatively impacting the stability or integrity of the production environment.
Control over the IT process of
Manage changes
that satisfies the business requirement for IT of
responding to business requirements in alignment with the business strategy, whilst reducing solution and service delivery defects and rework
by focusing on
controlling impact assessment, authorisation and implementation of all changes to the IT infrastructure, applications and technical solutions; minimising errors due to incomplete request specifications; and halting implementation of unauthorised changes
is achieved by
- Defining and communicating change procedures, including emergency changes
- Assessing, prioritising and authorising changes
- Tracking status and reporting on changes
and is measured by
- Number of disruptions or data errors caused by inaccurate specifications or incomplete impact assessment
- Amount of application or infrastructure rework caused by inadequate change specifications
- Percent of changes that follow formal change control processes
Control objectives:
AI6 Manage Changes
AI6.1 Change Standards and Procedures
AI6.2 Impact Assessment, Prioritisation and Authorisation
AI6.3 Emergency Changes
AI6.4 Change Status Tracking and Reporting
AI6.5 Change Closure and Documentation
Check out the links for details on the control objectives.
Related posts:
- PO9 Assess and Manage IT Risks CobiT definition: A risk management framework is created and maintained. The framework documents a common and agreed-upon level of IT...
- PO7 Manage IT Human Resources CobiT definition: A competent workforce is acquired and maintained for the creation and delivery of IT services to the business....
- PO8 Manage Quality CobiT definition: A QMS is developed and maintained that includes proven development and acquisition processes and standards. This is enabled...
- PO10 Manage Projects CobiT definition: A programme and project management framework for the management of all IT projects is established. The framework ensures...
- PO5 Manage the IT Investment CobiT definition: A framework is established and maintained to manage IT-enabled investment programmes and that encompasses cost, benefits, prioritisation within...
