3.4.2 Change Requirement Definition and Approval
| No: 43028139 | Date(g): 4/11/2021 | Date(h): 29/3/1443 |
Effective from 2021-11-04 - Nov 03 2021
To view other versions open the versions tab on the right
Principle
Changes to information assets should be formally defined, documented and approved by relevant asset owner prior to implementing the change in the information assets.
Control Requirements
| 1. | Change requirements should be formally initiated by the requestor of the change. |
| 2. | Change requirements should specify both functional and non-functional requirements, where applicable. |
| 3. | Change requirements should be formally reviewed and approved by the concern asset owner. |
| 4. | Any changes in the information assets should be assessed for their impact on the systems prior to implement the change. |
| 5. | Any change in the information assets should be endorsed by the Change Advisory Board (48") prior deploying to the production environment. |
| 6. | Any changes in the information assets should be reviewed and approved by the cyber security function before submitting to ‘CAB’ (required as per the Saudi Central Bank Cyber Security Framework, 3.3.7 Change Management, Control Requirements, 4 - d). |