Manage Changes - Morland-Austin

IT GRC Knowledge Base » IT Compliance Management » IT Compliance Management – SOX 404 » SOX IT Controls » Manage Changes

This article provides an overview of SOX 404 control Manage Changes.

The typical SOX 404 IT controls for Manage Changes are often divided by change type (emergency, standard etc.) and by system tier (application, database, server, network etc.) however the basic documentation required is the same.

Description: A documented change management approval process exists and is enforced.

Control Objective: Changes cannot be made to the production environment without following the appropriate process and gaining approval.

Typical Evidence:

There is a documented change management process in place.
The process defines/uses change types and categories.
The process defines the actors involved in change process.
The document includes a list of approvers for each type of change.
There is adequate segregation of duties.
The process defines pre and post deployment testing.

For more information please contact Morland-Austin at info@morland-austin.com.

Find your way around our IT GRC Framework Educate & Explore

Where next?

Increase your knowledge
Links & relationships within the framework

Find out how Manage Changes link(s) and relate(s) to:

Speak to one of our experts

Our IT GRC experts can help you with guidance and consultancy on ‘IT Compliance Management – SOX 404’