Welcome » IT Booklets » Information Security » II Information Security Program Management » II.C Risk Mitigation » II.C.10 Change Management Within the IT Environment
Management should have a process to
introduce changes to the environment in a controlled manner.
Changes to the IT environment include the following:
The IT environment consists of operating systems,An operating system is fundamental software that
supports and manages software applications, allocates system
resources, provides access and security controls, maintains file
systems, and manages communications between end users and hardware
devices. middleware,Middleware is software that
connects two or more software components or applications.
applications, file systems, and communications protocols. The
institution should have an effective process to introduce
application and system changes, including hardware, software, and
network devices, into the IT environment. The process for
introducing software should encompass securely developing,
implementing, and testing changes to both internally developed and
Application and system control considerations for introducing
changes to the IT environment before implementation should include
Refer to the IT Handbook's "Development and
Acquisition" booklet for more information.