Statement

West Texas A&M University must analyze changes to the information systems to determine potential security impacts prior to change implementation.

Applicability

This control applies to all West Texas A&M network information resources. The intended audience for this control includes all information resource owners, custodians, and users of information resources.

Implementation

• Changes to information systems must go through a formal change request and be approved by the information owner prior to the completion of the changes.
• Any changes that impact directly impact the security of a system or controls currently in place must also be reviewed by the security office prior to the completion of the changes.