Change Management: Monitor
Activity logs provide numerous ways to monitor system change activity to determine if change management procedures are correctly implemented and being followed. Change Managers can setup alerts to be notified when changes have been performed. This allows Change Managers to determine that changes indicated in the documentation have actually been implemented in the manner and at the time prescribed.
In addition, Change Managers can use these alerts to determine whether critical hardware and software changes were performed had gone through the Change Management process for approval.
Monitoring the changes made to critical IT infrastructure allows the IT organization to anticipate and detect problems that arise due to the changes. Businesses must also ensure that requests for program changes, system changes, and maintenance (including changes to system software) are standardized, documented, and subject to formal change management procedures.
IT organizations should:
- Have reports that identify all changes to network devices, systems and applications and ensure that all changes are authorized. The most efficient way to identify configuration changes is at the time of the modification. Administrators should setup alerts so that any changes to the configuration, authorized or otherwise, are detected and notified.
- Have reports that monitor all changes to the production environment and compare the changes to documented approvals utilizing alerts and reports on policy modifications, groups activities, escalated privilege activities, permissions changed.
- Validate that application software and data storage systems are properly configured to provision access based on the individual’s demonstrated need to view, add, change or delete data.