Change Management Policy

System failure may result in the loss of the latest updates, patches, etc. As a result, installation of new update and patches are required.

Prior to the implementation on the new system/application to production all the updates and patches must be applied.

During security audit, if a missing update/patch has been identified, it’s necessary to apply the missing updates/patch.

• Is accountable for ensuring that the “Change Management Procedure” is properly communicated and understood within its respective area of delegation or functions. Netspective Communications LLC senior management is responsible for defining, approving, and implementing the “Change Management Procedure” in its Directorate.
  - Evaluate the change request in terms of business needs.

• The Information Security Department is responsible for ensuring the development, implementation, and maintenance of the Change Management Procedure.

• Submitting change requests for approval using Netspective Communications LLC approved procedures and tools.
  - Ensuring proper testing has been performed and documentation has been developed prior to changes implementation to the production environment.

• Evaluate the change request in terms of priority, importance, and necessity and provide the specific reasons for acceptance or rejection of change request.

• Responsible for providing a secure processing environment that protects the confidentiality, integrity, and availability of information; ensuring changes to systems, networks, and applications in the production environment are made in accordance with the “Change Management Procedure”.

• Perform all the necessary testing (functional, security, etc)

• Implement the required/approved changes.
  - Maintain a current record of all changes applied to production environment.

• A procedure trigger is activated

• New system/ application acquisition and implementation.

• Change request on infrastructure or applications.
  - Incident handling.

A business request or a technical requirement has to be identified; a change request form has been submitted to the Senior Management.

• Review the change request form and evaluate the need for change in term of business needs.
  - Approve Major change requests.

• Approval: submit to IT Related Departments. Proceed to step 3
  - Rejection: inform requester. Go to step 7

• Review and evaluate the change request form in terms of priority, importance, necessity, nature of the change, mainly the need of configuration changes, i.e. changes to the configuration of IT assets (networks, systems, applications) and the effect on the business process.

• Categorize the change 1: - Major Chang 2: - Minor Chang 3: - Urgent Change
  - For major change approval contact to senior management.

• Approval: Minor and Urgent changes will be approved within IT department. Proceed to step 4.
  - Rejection: inform senior management. Go to step 7

• Successful: implement change request. Proceed to step 5
  - Non-successful: inform senior management. Got to step 7

Implement the approved/necessary changes in production environment.

• Update the specific change history log for the system/application.
  - Inform related departments to update related Documentation.

• If the Implementation of Change is not successful, the whole change process will be rolled out.
  - Inform the Management