3.4.8 System Configuration Management
| No: 43028139 | Date(g): 4/11/2021 | Date(h): 29/3/1443 |
Effective from 2021-11-04 - Nov 03 2021
To view other versions open the versions tab on the right
Principle
System Configuration Management Process should be defined, approved, communicated and implemented to maintain a reliable and accurate information about configuration items ('CIs') for Member Organization's information assets.
Control Requirements
| 1. | The configuration management process should be defined, approved, implemented and communicated by the Member Organizations. | |
| 2. | The configuration management process should be monitored and periodically evaluated. | |
| 3. | The configuration management process should address the following, but not limited to: | |
| a. | roles and responsibilities for carrying out configuration management; | |
| b. | identification and recording of configuration items and their criticality with respect to its supporting business processes; | |
| c. | interrelationships between configuration items among various information assets; and | |
| d. | periodic verification of configuration items. | |
| 4. | Member Organizations should implement configuration management database (‘CMCB’) to identify, maintain, and verify information related to Member Organization's Information assets. | |