The purpose of the Systems Change Control Policy is to implement change and control the risks that could potentially arise with the implementation of new objectives. System change control will allow for new changes to be implemented quickly and accurately. System change control also ensures that new hardware can support the new production environment. This Systems Change Control Policy Template includes what the enterprise must do, how the enterprise must do it, and customizing the template to individual enterprise requirements.
Risks Addressed by Policy:
- Without system change control, the potential exists that changes could be made to the information system that, either intentionally or unintentionally, degrade the security of the information system, subjecting it to a greater degree of risk.
- Without the system change, information could potentially be corrupted/destroyed.
- The system change prevents exposure of poor reputation risk.