IT Change Management Controls are integral to ensuring the completeness, accuracy, integrity and privacy of data. A robust change management process provides management with assurance only authorized and tested changes to systems and infrastructures are implemented. As such, the audit or compliance professional must have a solid understanding of the corresponding controls and IT operations best practices. In this course, attendees learn how to ensure proper controls have been identified and implemented to ensure data integrity and adequately protect corporate assets, company trade secrets and customer data.
Change within the IT environment is often a requirement of business operations. Without the ability to effectively manage change, a company could experience system outages, loss of data and/or data integrity issues. Unauthorized or untested modifications can provide the opportunity for a security breach that could result in not only negative publicity but also regulatory sanctions. During this course, attendees will become familiar with the components of a proper change management program that ensures standardized procedures are applied to all modifications.
Additionally, we discuss opportunities to identify how the change management process can be made more effective and ensure requested changes are safe prior to deployment. Lastly, we walk through policy and procedure analysis, review sample logs and discuss test procedures that can be performed to verify controls are in place.
Learning Objectives
- Explore IT Change Control Compliance Requirements and Best Practices.
- Discover the best practices related to Change Management Processes.
- Recognize audit procedures performed when auditing the Change Management Process.
- Identify audit documentation methodologies and requirements.
Included In Certifications
This course is included in the following Certification Programs:
10 CoursesInformation Technology Auditor Certification
- Understanding Information Technology Governance and the Application of NIST
- Performing a Security Risk Assessment
- Auditing Data Security IT Computer Controls
- Auditing Third Party Service Providers and Cloud Environments
- Auditing Automated Business and Financial Transaction Processes
- Auditing Logical Security and Logical Access Controls
- Auditing Change Management
- Auditing the Network
- The Importance of Incident Response, Disaster Recovery and Business Continuity Planning
- Information Technology Audit Summary
13 Reviews (47 ratings)
Prerequisites
No advanced preparation or prerequisites are required for this course.