Help Desk – Change Controls considerations
April 17, 2010Package software support Considerations:
Third party development and/or maintenance
Project Review by Management
Restriction on Transfer to Production
Documentation
Change Control Procedures:
Emergency Changes
Segregation of Test and Production
Approval of system testing
Training in new systems
Computer Operations
Operations Procedures
Supervision of Operations:
Communications Management
Documentation of Procedures
Monitoring of Operations
Network capacity review
Authorization/Testing of Upgrades
Documentation
Suitability
Records
Security
Control over Utilities
Policy and Management:
Authorizing software purchases
Authorizing hardware purchases
Security and Control
Uploading
Procedural Control and Documentation:
End User Development
Documentation
Testing
Built-in Controls
Management and Policy:
Supplier Monitoring
Service Agreement
Level of Dependency
Software Quality
Monitoring third-party
Business Continuity:
Risk Assessment-Business Disruption
Business Continuity
Workarounds
Site Hardening
Disruption Prevention/Minimization
Back Up Frequency
Changes in systems software which may impact recovery
Physical Security:
Access to premises
Security awareness of staff ie to challenge unescorted visitors