Change Controls, Including Application Software, DBMS Software, and Operating System Software

Risks, Vulnerabilities and Threats 

  • Unauthorized programs, improper data file versions, or incorrect or outdated system version/revision is used in production.


Control Objectives and Operational Goals

  • Policies
  • Procedures
  • Documentation: track all changes made to software, tables, and systems for historical purposes. Include who requested changes, who made coding changes, testing results, implementation, and signoff by appropriate management
  • Limit users to Test System access whenever possible
  • Separation of duties of people actually implementing the changes vs. coding
  • Timely application of system patches