14. Change Management Components in the Workplace

Change management happens in a cycle.

• There is no real stopping point.
• It is continuous, so the environment must be continuously monitored.

Change Process

• Any requested change must go through the appropriate approvals.
• The organization must be prepared for rollback if needed.
• If a change does not work, the system must be able to return to the legacy system (older system already in use).

Responsibility

• Change management is an organization-wide process.
• It often falls on information security professionals to coordinate the effort.
• They may also provide oversight and governance depending on the size of the organization.
• In some organizations, it may fall under:
  • IT
  • Development
  • Quality management
  • Risk management

Common Theme

• Change management includes input from:
  • End users
  • IT
  • Development
  • Information security
  • Management
  • This helps ensure that changes are:
    • Properly tested
    • Approved
    • Communicated before implementation