SB.1.011 Security in projects and changes
Planned changes are evaluated for potential security impact. The classification of all processes and systems involved in the change is reviewed and adjusted where necessary. In projects, sufficient resources including time, manpower and budget are allocated to perform a security assessment and ensure compliance with the information security policy
Changes are registered and subjected to an impact analysis, change proces includes formal approval from a change board.