Risks, Vulnerabilities and Threats
Unauthorized programs, improper data file versions, or incorrect or outdated system version/revision is used in production.
Control Objectives and Operational Goals
- Documentation: track all changes made to software, tables, and systems for historical purposes. Include who requested changes, who made coding changes, testing results, implementation, and signoff by appropriate management
- Limit users to Test System access whenever possible
- Separation of duties of people actually implementing the changes vs. coding
Timely application of system patches