IT Examiner School eBook May 2025

Internal Use Only

SDLC: Closing • Confirmation that all project deliverables have been completed and accepted by stakeholders. • Post-implementation review to assess whether objectives and requirements were met. • Archive project documentation for audit and knowledge-sharing purposes. • Integration into existing control framework and processes, including cybersecurity. • Feedback and lessons learned to improve future project planning and execution. • Ensure ongoing support and maintenance responsibilities are formally transitioned.

1. Initiation

5. Closing

2. Planning

4. Monitoring & Controlling

3. Executing

Internal Use Only

Request and Approval Changes should begin with a formal request and be approved by the appropriate level of management or governance body. Testing Changes are thoroughly tested in a controlled environment to validate both functionality and security, including regression testing to ensure existing capabilities are not disrupted. Implementation Changes deployed using approved, controlled rollout procedures, ideally during predefined change windows to minimize business impact. Backup & Backout System backups should be taken prior to implementation, and documented backout plan must be in place in case the change needs to be reversed. Documentation Changes clearly documented, including updates to system architecture, configuration files, and user manuals, with an audit trail maintained for accountability.. User Notification and Training Users affected by the change are notified in advance and provided with any necessary training or guidance to support a smooth transition.

Development & Acquisition Change Control Practices