Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Change management

  Quote
Guest
Guest user Created:   Feb 18, 2020 Last commented:   Feb 18, 2020

Change management

What guidance can be offered for implementing a change management procedure that takes into account a technology company who is continuously changing? We are implementing a CI/CD (continuous integration and continuous deployment) pipeline and unsure about the best way to handle change for both software and cloud infrastructure to meet ISO 27001 requirements. Any sample policies or guidance in this are would be very helpful.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 18, 2020

Included in your toolkit there is a Change Management Policy which can help you define how changes to the information systems are controlled, fulfilling requirements of control A.12.1.2 Change management from ISO 27001 Annex A. This template covers the minimum requirements for managing changes, so it can be adapted to include any specificity regarding CI/CD

You can find this template in folder 08_Annex_A_Security_Controls >> A.12_Operations_Security

This article will provide you a further explanation about the change management:
- How to manage changes in an ISMS according to ISO 27001 A.12.1.2 https://advisera.com/27001academy/blog/2015/09/14/how-to-manage-changes-in-an-isms-according-to-iso-27001-a-12-1-2/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 18, 2020

Feb 18, 2020

Suggested Topics