2023 IT Examiner School

Types of Changes Can usually be implemented in the normal course of business. Should be formal & include procedures for: Routine Changes • Requesting • Evaluating • Approving • Testing • Installing • Documenting software modifications

Emergency Changes

Updates that are so important that they need to be implemented as soon as possible. Should be tested prior to implementation when possible. If not possible, backup files back-out procedures are critical. • Descriptions of a change • Reasons for implementing or rejecting a proposed change • Name of the individual who made the change • Copy of the changed code • Date and time a change was made • Post-change evaluations

Disposal

End-of-Life Support

Decommissioned

The point when a vendor ceases support for a product or service. When support ends, the vendor no longer makes code improvements or provides patches to address newly discovered security weaknesses. (Vulnerabilities) Vendors typically work to prepare customers for end of support. Management should have a formalized policy on End-Of-Life assets.

Involves the orderly removal of surplus or obsolete hardware, software, or data. Part of management’s processes should be to have a defined, expected life span for hardware and software. Primary tasks include the transfer, archiving, or destruction of data records. Management should transfer data from production systems in a planned and controlled manner that includes appropriate backup and testing procedures.