Change Management and Control Policy



Download 85.34 Kb.
Page13/13
Date09.05.2021
Size85.34 Kb.
1   ...   5   6   7   8   9   10   11   12   13

Change Monitoring

  1. All changes will be monitored once they have been rolled-out to the production environment. Deviations from design specifications and test results will be documented and escalated to the solution owner for ratification.

  • Roles and Responsibilities





    ROLE

    FUNCTIONAL RESPONSIBILITIES

    Members of the Board

    • Members of the Board shall ensure that the necessary information security controls are implemented and complied with as per this policy.

    Information Security Manager

    • Establish and revise the information security strategy, policy and standards for change management and control with input from interest groups and subsidiaries;

    • Facilitate and co-ordinate the necessary counter measures to change management and control initiatives and evaluate such policies and standards;

    • Establish the security requirements for change management and control directives and approval of the change management and control standards and change control/ version control products;

    • Co-ordinate the overall communication and awareness strategy for change management;

    • Acts as the management champion for change management and control;

    • Provide technical input to the service requirements and co-ordinate affected changes to SLA’s where applicable.

    • Establish and co-ordinate appropriate interest group forums to represent, feedback, implement and monitor change management and control initiatives; and

    • Co-ordinate the implementation of new or additional security controls for change management.

    Operations Manager


    • Implement, maintain and update the change management and control strategy, baselines, standards, policies and procedures with input from all stakeholders;

    • Approve and authorise change management and control measures on behalf of the ;

    • Ensure that all application owners are aware of the applicable policies, standards, procedures and guidelines for change management and control;

    • Ensure that policy, standards and procedural changes are communicated to applicable owners and management forums;

    • Appoint the necessary representation to the interest groups and other forums created by each company for Information Security Management relating to change management and control;

    • Establish and revise the information security strategy, policy and standards for change management and control;

    • Facilitate and co-ordinate the necessary change management and control initiatives within each company;

    • Report and evaluate changes to change management and control policies and standards;

    • Co-ordinate the overall communication and awareness strategy for change management and control;

    • Co-ordinate the implementation of new or additional security controls for change management and control

    • Review the effectiveness of change management and control strategy and implement remedial controls where deficits are identified;

    • Provide regular updates on change management and control initiatives and the suitable application;

    • Evaluate and recommend changes to change management/ version control solutions; and

    • Co-ordinate awareness strategies and rollouts to effectively communicate change management and control mitigation solutions in each company.

    • Establish and implement the necessary standards and procedures that conform to the Information Security policy;

    • Responsible for approving, authorising, monitoring and enforcing change management initiatives and related security controls within all companies and divisions;

    • Ensure that all solution owners are aware of policies, standards, procedures and guidelines for change management and control.

    • Ensure the compliance of this policy and report deviations to the Information Manager.

    IT Service Provider

    • Shall comply with all change management and control statements of this policy.

    Solution Owners

    • Shall comply with all information security policies, standards and procedures for change management and control; and

    • Report all deviations.

    Table 1 Roles and Responsibilities
    1. Compliance

          1. Any person, subject to this policy, who fails to comply with the provisions as set out above or any amendment thereto, shall be subjected to appropriate disciplinary or legal action in accordance with the Disciplinary Code and Procedures. Company Information Security policies, standards, procedures and guidelines shall comply with legal, regulatory and statutory requirements.

    2. IT Governance Value statement

          1. Changes that materially affect the financial process must be evaluated and reported quarterly. Financial system upgrades or replacements will require new certification. The implication is that Sarbanes-Oxley compliance is reliant on the changes you make to the operational systems and procedures.

    3. Policy Access Considerations

          1. Access to this policy shall be granted to:


    • All IT personnel

    • Business Unit Management teams

    • Executive Directors


    Share with your friends:
  • 1   ...   5   6   7   8   9   10   11   12   13




    The database is protected by copyright ©essaydocs.org 2020
    send message

        Main page