110 Information Technology Change Control and Management
The following table shows who is responsible for ensuring compliance with the policy requirements listed below.
Requirement | All Users | System Owners | System Custodians/ Administrators | Departments, Schools, Units |
---|---|---|---|---|
Baseline configurations for assets will be tested and approved by the OIS (p. 3). | ✔ | |||
System owners will develop, maintain, and follow appropriately formal procedures for change management that consider risks to confidentiality, integrity, and availability of information resources (p. 2). | ✔ | |||
System owners will develop and maintain documented processes for managing security changes (p. 3). | ✔ |
Summary of Policy
Organizational Assets that Require Information Security Change Control and Management (110.01)
Configuration items include any system or infrastructure components, documents, or other items that need to be managed to prevent errors in critical and important WashU information resources. Please visit the WashU IT Asset Management (ITAM) page for additional information.
Change Process (110.02)
System Owners within departments and schools will develop and maintain documented processes, informed by system and information classification, for managing security changes.
Change Management Monitoring (110.03)
The OIS and System Owners will develop processes to detect and mitigate change-related security.
Change Management Awareness and Training (110.04)
The OIS will develop training and awareness campaigns pertaining to security-related changes.
Full Text of Policy
Policy 110 Information Technology Change Control and Management
The policy outlines processes for maintaining the security and integrity of information assets throughout their lifecycles.
Related Information
111 Information Security for Software Development, Management, and Administration
This policy establishes secure application development and procurement practices for departments and schools at Washington University in St. Louis (WashU).