This third information Technology mailer is focused on IT Program Change Management.  You can also get a copy of Backup and Restoration and IT Security by clicking on the hyperlinks.

The 8 simple actions every company should take to enhance program change management:

1. Implement a formal change management process that not only ensures quality control (i.e., documentation standards and use of scripts), but also includes initiation, applicability, prioritization, authorization, testing and approval for migrating changes to production.

2. Maintain separate environments or instances for development, testing and production.

3. Restrict developer’s access to production environments to ensure that unauthorized, untested, or unapproved changes do not signifi cantly or catastrophically impact business operations.

4. Implement an emergency change management process that allows for expediting changes while still ensuring that the changes that go through quality controls are authorized, tested and approved.

5. Implement a formal patch management process where all patches applied are reviewed for applicability and are subject to testing and approval prior to migrating them to production. This should include operating systems, databases and applications.

6. Back-out procedures should be developed in the event that a change introduces production failures. This would rely on the backup and restore controls discussed in the fi rst IT mailer in the series.

7. If feasible, implement a program change management tool to ensure standardization, quality controls and ongoing monitoring.

8. Implement a formal change management process administered by an IT led cross-functional group. This will bring a sound protocol and transparency to the change management process and reduce unplanned outages.

    

Our Technology Assurance & Advisory Services team helps clients achieve quantum leaps in their ability to manage operations and improve performance with cost effective solutions. We assess how technology drives a client's business and create a plan to enable business strategies. The result: technology solutions that drive your bottom line.

Here is a list of services that we offer.

Information Risk Management

• SAS70 Reviews – Type I & Type II*
• Encryption Advisory
• Agreed Upon Procedures*
• Readiness Assessment
• Enterprise-Wide Risk Assessment
• Operational Audits
• Technology Audits
• Outsourcing
• Co-Sourcing

Operational Effectiveness

• IT Governance
• Process Improvement
  • Business Process Reviews
  • Policies, Procedures & Documentation
  • Application Controls Reviews
• Project Support Office
  • System & Process Implementation
• Performance Monitoring
  • Metrics – IT & Operational
  • Service Level Agreements
  • Infrastructure Monitoring & Analysis

Privacy & Compliance

• Compliance Function Assessments
• Privacy & Regulatory Compliance*
  • Sarbanes-Oxley Act (Internal or External)
    • General IT Controls
    • Application Specific IT Controls
  • Gramm-Leach-Bliley Act (Privacy)
  • ISO Assistance
• Policies & Procedures

Technology Consulting

• Attack & Penetration Testing
• Security Strategy & IT Strategy
• Software Selection
• Enterprise Security Architecture Design & Implementation
• Network Design, Implementation & Maintenance
• ERP Selection & Implementation
• Business Continuity & Disaster Recovery Planning

For more information on these services and more, please contact:

* Provided exclusively by UHY LLP, a licensed CPA firm.