All changes will be monitored once they have been rolled-out to the production environment. Deviations from design specifications and test results will be documented and escalated to the solution owner for ratification.
Roles and Responsibilities
Members of the Board
Members of the Board shall ensure that the necessary information security controls are implemented and complied with as per this policy.
Information Security Manager
Establish and revise the information security strategy, policy and standards for change management and control with input from interest groups and subsidiaries;
Facilitate and co-ordinate the necessary counter measures to change management and control initiatives and evaluate such policies and standards;
Establish the security requirements for change management and control directives and approval of the change management and control standards and change control/ version control products;
Co-ordinate the overall communication and awareness strategy for change management;
Shall comply with all change management and control statements of this policy.
Shall comply with all information security policies, standards and procedures for change management and control; and
Report all deviations.
Table 1 Roles and Responsibilities
Any person, subject to this policy, who fails to comply with the provisions as set out above or any amendment thereto, shall be subjected to appropriate disciplinary or legal action in accordance with the Disciplinary Code and Procedures. Company Information Security policies, standards, procedures and guidelines shall comply with legal, regulatory and statutory requirements.
Changes that materially affect the financial process must be evaluated and reported quarterly. Financial system upgrades or replacements will require new certification. The implication is that Sarbanes-Oxley compliance is reliant on the changes you make to the operational systems and procedures.