Change Control & Configuration Management
CCC domain controls.
Change Management Policy and Procedures
Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for managing the risks associated with applying changes to organization assets.
Quality Testing
Follow a defined quality change control, approval and testing process with established baselines, testing, and release standards.
Change Management Technology
Manage the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc.
Unauthorized Change Protection
Restrict the unauthorized addition, removal, update, and management of organization assets.
Change Agreements
Include provisions limiting changes directly impacting CSCs owned environments/tenants to explicitly authorized requests within service level agreements.
Change Management Baseline
Establish change management baselines for all relevant authorized changes on organization assets.
Detection of Baseline Deviation
Implement detection measures with proactive notification in case of changes deviating from the established baseline.
Exception Management
Implement a procedure for the management of exceptions, including emergencies, in the change and configuration process.
Change Restoration
Define and implement a process to proactively roll back changes to a previous known good state in case of errors or security concerns.