Security

Change Control Systems

As many of us know, any kind of change in the world of IT can be ridden with possible errors, security risks, unseen costs, and potential headaches; implementing a change control system is necessary to ensure that these possible repercussions are minimized. Since all the systems, programs, and networks we utilize daily are connected, even minor changes, such as, for example, moving a particular user’s desk to another department, can open up various challenges. A well-built change control system uses an action plan on whom to tell before the move is performed, who needs to authorize the move, what systems, programs, and networks need to be edited for the move, as well as ensuring that documentation is performed.

When I first started working at my organization right after I finished my undergraduate’s degree, much of the systems and processes, such as disaster recovery plans and change control systems, were not yet built; in the past few years, I have taken this challenge upon myself and created new methods for ensuring what we do is done correctly. For our change control system, I decided to make it quite simple to help gradually introduce my coworkers to the process. For example, when I implemented a new ticketing system for the whole company to use, I created several Google Docs for each department’s manager to suggest alterations and edits. Furthermore, whenever a new change was suggested, an automated ticket would be created and sent to me for further review; while this began the process, I would then move the proposed change up the ladder to my manager and finally our company’s owner, depending on the varying difficulty or cost of the change. While my change control system is relatively bare-bones, I have seen enormous success with both usage and effectiveness. I also create and use an audit/changelog for each system I build, setup, or manage; this allows any changes that have been verified and completed to be quickly identified.

Change control systems, however they are created or used, ensure the confidentiality, integrity, and availability of an organization’s data, systems, networks, or programs by carefully selecting proposed changes after review, thus preventing random occurrences, such as a new IT employee’s sudden alteration of the admin password for a specific account, without informing anyone else. Without change control systems, the digital landscape would be similar to the wild west, a lawless land of chaotic system changes, leaving us in the field to attempt to establish order.

References

Otero, A. R. (2019). Information Technology Environment and IT Audit. In Change Control Management. (Fifth ed., pp. 265-290). Boca Raton, Florida: CRS Press.

Otero, A. R. (2019). Information Technology Environment and IT Audit. In Systems Acquisition, Service Management, and Outsourcing. (Fifth ed., pp. 345-372). Boca Raton, Florida: CRS Press.

Categories: Security

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s