AI3.3 Infrastructure Maintenance
Develop a plan for maintenance of the environment. Ensure that change management procedures govern all changes. Include business requirements, patch management, upgrades, and security factors in the plan.
Illustrative Controls and the TIBCO LogLogic Solution
Unauthorized and unplanned changes to the environment present a significant risk to the infrastructure and associated data integrity and availability. To counter this risk, all changes to critical financial systems must be managed in a formal and controlled manner.
To satisfy this objective, the change management policy should include formal requests, implementation planning, approvals, testing, risk assessment, and contingency planning. System changes must be monitored to ensure that modifications occur only in conjunction with approved requests and plans.