Statement

West Texas A&M University must control changes to the information systems to determine potential security impacts prior to change implementation.

Applicability

This control applies to all West Texas A&M network information resources. The intended audience for this control includes all information resource owners, custodians, and users of information resources.

Implementation

WTAMU shall adopt a change management processes to ensure secure, reliable, and stable operations to which all offices that support information systems adhere. The change management process shall incorporates the following:

Formal approval by either the system owner, University administration or system administrator.

All change request, including approvals, shall documented via the University IT Service Management tool and maintained within that system. Request shall include:

• Identification, classification, and priority of the change
• Impact analysis of the change
• Backout plans

The SANS team shall review and discuss all changes during their weekly scheduled meeting. The SANS team shall be made up of administrators from various internal IT teams responsible for Systems, Applications, Networking, and Security.