System Change Control Process
Any changes which may materially impact the security or stability of the IT infrastructure within Turtlestack Automation Ltd. will be appraised as follows.
Determine Change Significance
The proposed change should be classified as Minor, Significant, Major
Minor
Changes that will not significantly impact the security or stability of the IT infrastructure. These may include routine updates or minor configuration adjustments.
Significant
Changes that could have a moderate impact on the security or stability of the IT infrastructure but are not likely to cause severe disruptions. Examples include updates to critical software applications or changes to security policies.
Major
Changes that may seriously impact the access or mechanisms of security. Examples include OS changes, alternative VPN/VM configurations, or significant changes to network architecture.
Assess Change Impact
Minor
- Record changes in the Change Log
Significant
- Notify Security Lead of intended change prior to implementation
- Record changes in the Change Log
Major
- Create a risk assessment and impact appraisal summary in concert with the Security Lead
- Work to mitigate identified risks and record actions in the risk assessment.
- Record changes in the Change Log
Implement
Following the implementation of the change ensure that any lessons learned are captured in the lessons learned log.
| Title | System Change Control Process | |
|---|---|---|
| Document Type | Process | |
| Document ID | Version | Issued |
| TSCOSER002 | 1 | 06/06/2024 |
| Review Process | N/A | |
| Approved | Issued | Reviewer |
| PRB | PRB | PRB |