Description
Planned changes are evaluated for potential security impact. The classification of all processes and systems involved in the change is reviewed and adjusted where necessary. In projects, sufficient resources including time, manpower and budget are allocated to perform a security assessment and ensure compliance with the information security policy
Specification
Changes are registered and subjected to an impact analysis, change proces includes formal approval from a change board.
ISO 27001 & 27002:2022
8.1,
A8.32
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
CH.01 Normen en procedures voor aanpassingen
CH.02 Impact assessment, prioriteren en autoriseren