July 7, 2022

Change Control - The Whys and the Whats

Change Management is the process of managing the integrity, and availability of your IT environment (e.g., hardware, software, firmware) when modifications are introduced.

Why should you manage change?

Overseeing change in your IT environment ensures that only necessary and approved modifications are introduced. It is a means to ensure that changes are planned and well-executed to ward off business impacts while ensuring resource efficiencies.

What factors should you consider when preparing for a change?

  • Review the impacts
  • Define the change procedures
  • Identify resources to execute change
  • Perform pre-testing (when possible)
  • Schedule the change when it will not disrupt business
  • Know your backout procedures

  • Next obtain necessary approvals. Having an approval process ensures that the person requesting the change has been given the authorization to make the change.

    When you assess whether the change will impact business processes and when a change should be executed, there is much to ponder. Many changes can be made without impact on a business system. That is, if the change goes well. But you may want to ask the question, what if the change goes poorly and a disruption were to occur? Or perhaps it is a known disruption, so you plan to do it after hours. Even in this case, communication with the business may be warranted. If someone was planning to put in extra hours or had a process running in the evening, then a disruption could prevent the process from completing. Communication allows them to adjust or raise a voice of concern.

    Change Management encompasses multiple levels of the IT process. Large-scale changes like the implementation of a new type of firewall. Operational changes, like the firmware upgrade for a virtual host. And don't forget to consider how change impacts your business continuity plans and network diagrams when a major infrastructure change occurs.

    Most importantly, do not fear the change control process as it can be as simple as an email describing what is about to be changed and why, or a formal ticket system tracking approvals. Whatever process you choose, it should include keeping a log of what has changed, why, who made the change, and ideally allow key stakeholders to ask questions. Time to get ready for change!

    Authored by: Renee Keffer

    You May Want to Read More:

    The Scope of SARs - Something Old and Something New - WST

    January 28th, 2021

    Did you know that filing Suspicious Activity Reports...

    In with the new year, out with the Flash - WST

    January 21st, 2021

    The writing has been on the wall for a while now ...

    Back to Basics: Understanding Risk Concepts - WST

    January 15th, 2021

    People often make judgements and decisions about risk...

    Keep your institution off the evening news.

    Contact Us