Change management
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer:
To manage changes in an effective way, the first thing you have to do is to define a change management policy, to explain to all interested parties how changes to information systems are controlled. In this policy you will define what is to be considered as a change (e.g., the addition, modification or removal of any authorized, planned, or supported component that could have an effect on IT services.).
Depending on the complexity of the environment and competence level of the team, you may also consider the development of change procedures to detail specific activities to be performed (e.g., procedure to change firewall rules, or update a database management system).
To see how a change management policy looks like, I suggest you to take a look at the free demo of our Change Management Policy at this link: https://advisera.com/27001academy/documentation/change-management-policy/
This article will provide you further explanation about change management:
- How to manage changes in an ISMS according to ISO 27001 A.12.1.2 https://advisera.com/27001academy/blog/2015/09/14/how-to-manage-changes-in-an-isms-according-to-iso-27001-a-12-1-2/
Comment as guest or Sign in
Sep 30, 2018