A policy setting out the minimum governance requirements for manging changes to IT systems.
The Organisation should ensure that its production systems are trustworthy and operate in compliance with all relevant laws, regulations and contractual obligations, and retain their trustworthiness and compliance over time. Furthermore changes should meet the organisation’s requirements for the protection of Sensitive Personal Information and Restricted Data.
The characteristics and risks of a system, activity, or change will dictate the formality of the change controls. Quality assurance, security, audit, network, legal, compliance and end-users must be appropriately involved in the change process.
Failure to implement appropriate change controls can result in operational disruptions or degrade a systems performance, security or compliance.