YALE-MSS-5.4: Manage all changes to the system through a change control process

A change control process is used to track and manage updates, modifications, and patches to a given system. The process entails a workflow wherein changes are planned, reviewed and authorized, tested, and ultimately deployed to production. Planning includes documenting the proposed changes, along with steps to back out the changes should something go wrong.

For all ITS-owned systems, review and authorization of changes must be handled through the ITS Change Advisory Board (CAB). For more information about the CAB and ITS' change management process, please see Yale Policy 1615.

The use of a change control process ensures that:

• It is understood which changes need to go through the process (e.g., applying patches, installing an application) and which are exempted (e.g., updates to user accounts, database management)
• There is always a plan to reverse a production change that would otherwise cause an outage
• There is analysis, testing, and oversight of changes

At a minimum, a change control process should be put into effect so that:

• All changes to the IT system are analyzed to ensure the security posture is not weakened
• An audit trail for changes to the IT system is maintained to account for when changes were made and by whom
• Before production deployment, all changes are tested for vulnerabilities in a non-production environment that isn't Internet-accessible.

IT Systems owned or managed by Yale Information Technology Services (ITS, or “Central IT”) must go through the ITS CAB. See Yale Policy 1615 and Procedure 1615 PR.01 for more details.