SOC 2 (Systems and Organization Controls)

Requirement

CC8.1: Change management procedures

Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.

The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives. /desc

Points of focus:

- Manages Changes Throughout the System Lifecycle
- Authorizes Changes
- Designs and Develops Changes
- Documents Changes
- Tracks System Changes
- Configures Software
- Tests System Changes
- Approves System Changes
- Deploys System Changes
- Identifies and Evaluates System Change
- Identifies Changes in Infrastructure, Data, Software, and Procedures Required to Remediate Incidents
- Creates Baseline Configuration of IT Technology
- Provides for Changes Necessary in Emergency Situations
- Protects Confidential Information
- Protects Personal Information

Fulfill this requirement by completing the tasks below ->

This requirement is part of the framework:

SOC 2 (Systems and Organization Controls)

Other requirements of the framework

CC8.1: Change management procedures

Best practices

How to implement:

CC8.1: Change management procedures

This policy on

CC8.1: Change management procedures

provides a set concrete tasks you can complete to secure this topic. Follow these best practices to ensure compliance and strengthen your overall security posture.

The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives. /desc

Points of focus:

Read below what concrete actions you can take to improve this ->

Frameworks that include requirements for this topic:

No items found.

How to improve security around this topic

In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.

Here's a list of tasks that help you improve your information and cyber security related to

CC8.1: Change management procedures

Task name

Priority

Task completes

Complete these tasks to increase your compliance in this policy.

Critical

No other tasks found.

Complete these tasks in Cyberday ISMS ->

How to comply with this requirement

In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.

Here's a list of tasks that help you comply with the requirement

CC8.1: Change management procedures

of the framework

SOC 2 (Systems and Organization Controls)

Task name

Priority

Task completes

Complete these tasks to increase your compliance in this policy.

Critical

Maintaining confidentiality agreements

Critical

High

Normal

Low

Personnel security

Cyber security in contracts

Maintaining confidentiality agreements

This task helps you comply with the following requirements

Članak 30.1.i (Ljudskih resursa): Sigurnost ljudskih resursa NIS2 Croatia

9.6 §: Henkilöstöturvallisuus ja tietoturvakoulutus Kyberturvallisuuslaki

6.1.2: Non-disclosure agreement management TISAX

2.1.2: Staff compliance with information security policies TISAX

9.7.1: Personnel commitment to Confidentiality TISAX

Definition of done and testing principles

Critical

High

Normal

Low

Development and cloud

Secure development

Definition of done and testing principles

This task helps you comply with the following requirements

14.2.9: System acceptance testing ISO 27001

14.2.3: Technical review of applications after operating platform changes ISO 27001

8.29: Security testing in development and acceptance ISO 27001

CC8.1: Change management procedures SOC 2

PR.IP-2: A System Development Life Cycle to manage systems is implemented.CyberFundamentals

Separation of production, testing and development environments

Critical

High

Normal

Low

Development and cloud

Secure development

Separation of production, testing and development environments

This task helps you comply with the following requirements

Članak 30.1.e: Sigurnost u nabavi, razvoju i održavanju mrežnih i informacijskih sustava NIS2 Croatia

9.3 §: Tietojärjestelmien hankinta ja kehittäminen Kyberturvallisuuslaki

5.2.2: Seperation of testing and development environments TISAX

30 § 3.5°: L'acquisition, du développement et de la maintenance des réseaux et des systèmes d'information NIS2 Belgium

2.1.6: Use separate environments for development, test and production NSM ICT-SP

Change management procedure for significant changes to data processing services

Critical

High

Normal

Low

Development and cloud

Secure development

Change management procedure for significant changes to data processing services

This task helps you comply with the following requirements

Članak 30.1.e: Sigurnost u nabavi, razvoju i održavanju mrežnih i informacijskih sustava NIS2 Croatia

9.3 §: Tietojärjestelmien hankinta ja kehittäminen Kyberturvallisuuslaki

5.2.1: Change management TISAX

5.3.1: Information Security in new systems TISAX

30 § 3.5°: L'acquisition, du développement et de la maintenance des réseaux et des systèmes d'information NIS2 Belgium

Guidelines for secure development

Critical

High

Normal

Low

Development and cloud

Secure development

Guidelines for secure development

This task helps you comply with the following requirements

Članak 30.1.e: Sigurnost u nabavi, razvoju i održavanju mrežnih i informacijskih sustava NIS2 Croatia

9.3 §: Tietojärjestelmien hankinta ja kehittäminen Kyberturvallisuuslaki

30 § 3.5°: L'acquisition, du développement et de la maintenance des réseaux et des systèmes d'information NIS2 Belgium

2.1.5: Use a secure software development method NSM ICT-SP

2.1.8: Maintain the software code developed/used by the organisation NSM ICT-SP

Source code management

Critical

High

Normal

Low

Development and cloud

Secure development

Source code management

This task helps you comply with the following requirements

14.2.6: Secure development environment ISO 27001

9.4.5: Access control to program source code ISO 27001

8.4: Access to source code ISO 27001

8.31: Separation of development, test and production environments ISO 27001

CC8.1: Change management procedures SOC 2

Listing authorized users for publishing code changes

Critical

High

Normal

Low

Development and cloud

Secure development

Listing authorized users for publishing code changes

This task helps you comply with the following requirements

14.2.7: Outsourced development ISO 27001

14.2.2: System change control procedures ISO 27001

12.5: Control of operational software ISO 27001

12.5.1: Installation of software on operational systems ISO 27001

8.30: Outsourced development ISO 27001

General rules for reviewing and publishing code

Critical

High

Normal

Low

Development and cloud

Secure development

General rules for reviewing and publishing code

This task helps you comply with the following requirements

14.2.3: Technical review of applications after operating platform changes ISO 27001

14.2.2: System change control procedures ISO 27001

TEK-14: Ohjelmistojen turvallisuuden varmistaminen Julkri

8.28: Secure coding ISO 27001

8.32: Change management ISO 27001

Evaluation process and documentation of significant security-related changes

Critical

High

Normal

Low

Risk management and leadership

Risk management

Evaluation process and documentation of significant security-related changes

This task helps you comply with the following requirements

Članak 30.1.a: Politike analize rizika i sigurnosti informacijskih sustava NIS2 Croatia

7 §: Riskienhallinta Kyberturvallisuuslaki

5.2.1: Change management TISAX

30 § 3.1°: L'analyse des risques et à la sécurité des systèmes d'information NIS2 Belgium

2.10.1: Include security in the organisation’s change management process NSM ICT-SP

System portfolio management and proactive design of portfolio

Critical

High

Normal

Low

System management

Data system procurement

System portfolio management and proactive design of portfolio

This task helps you comply with the following requirements

14.1.1: Information security requirements analysis and specification ISO 27001

CC8.1: Change management procedures SOC 2

Complete these tasks in Cyberday ISMS ->

The ISMS component hierachy

When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.

Framework

Sets the overall compliance standard or regulation your organization needs to follow.

Requirements

Break down the framework into specific obligations that must be met.

Tasks

Concrete actions and activities your team carries out to satisfy each requirement.

Policies

Documented rules and practices that are created and maintained as a result of completing tasks.