HOT
Thursday, May 22 2025
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
Written by January 21, 2024

Change Management Policy for Server Images and Configurations

IT Policy Article

EDC Inc Change Management Policy for Server Images and Configurations

This policy outlines the procedures and responsibilities for managing changes to server images and configurations at EDC Inc. It is designed to ensure the integrity, reliability, and security of our IT infrastructure.

Scope

This policy applies to all EDC Inc employees, contractors, and third parties who are responsible for managing, maintaining, or implementing changes to server images and configurations. This includes, but is not limited to, the IT Server Operations, IT Server Build Operations, IT-SOC, Corporate Physical Security, IT Security Operations, IT Monitoring Operations, IT Database Operations, and IT Audit and Compliance departments.

Policy

Read moreData Protection and Privacy Policy

All changes to server images and configurations must be managed in a controlled manner. This includes the following:

  • Changes must be documented and approved by the Change Audit Board (CAB) before implementation.
  • Changes must be tested in a controlled environment before being implemented in the production environment.
  • Changes must be scheduled and communicated to all relevant stakeholders.
  • Changes must be reviewed and approved by the IT Security Operations department to ensure they do not compromise the security of the IT infrastructure.
  • Changes must be logged in the Configuration Management Database (CMDB).

Roles and Responsibilities

The IT Server Operations department is responsible for managing the implementation of changes to server images and configurations. This includes scheduling changes, communicating changes to stakeholders, and ensuring changes are implemented correctly.

Read moreNetwork Security Policy

The IT Server Build Operations department is responsible for testing changes in a controlled environment before they are implemented in the production environment.

The IT-SOC is responsible for managing incidents related to changes to server images and configurations.

Read moreAccess Control Policy

The Corporate Physical Security department is responsible for ensuring the physical security of servers during the implementation of changes.

The IT Security Operations department is responsible for reviewing and approving changes to ensure they do not compromise the security of the IT infrastructure.

Read moreIncident Response and Management Policy

The IT Monitoring Operations department is responsible for monitoring the implementation of changes and reporting any issues to the IT-SOC.

The IT Database Operations department is responsible for managing changes to database server images and configurations.

Read moreDisaster Recovery and Business Continuity Plan

The IT Audit and Compliance department is responsible for auditing changes to ensure they comply with this policy and any relevant laws and regulations.

Exceptions

Exceptions to this policy must be approved by the IT Security Operations department. An “IT Exception” may be granted in cases where it is not feasible to comply with the policy. However, alternative measures must be implemented to ensure the integrity, reliability, and security of the IT infrastructure.

Patching

Read moreAcceptable Use Policy for IT Resources

All servers must be patched every 30 days. The IT Server Operations department is responsible for managing OS patching. Exceptions to this requirement must be approved by the IT Security Operations department.

Policy Compliance

Failure to comply with this policy may result in disciplinary action, up to and including termination of employment. Any suspected violations of this policy should be reported to the IT Audit and Compliance department immediately.

Policy Review

Read moreInformation Security Policy

This policy will be reviewed annually by the IT Audit and Compliance department. Any changes to the policy will be approved by the CAB and communicated to all relevant stakeholders.

Summary

This policy provides a framework for managing changes to server images and configurations at EDC Inc. It outlines the procedures for implementing changes, the roles and responsibilities of different departments, and the requirements for exceptions and patching. By adhering to this policy, we can ensure the integrity, reliability, and security of our IT infrastructure.

You may also like

Team Department Details

Links and Services

Contact Information for Customers who need support.

Leave a Reply

Your email address will not be published. Required fields are marked *