SOC 2
Security Change Management
CC8.1
The entity authorizes designs develops or acquires configures documents tests approves and implements changes to infrastructure data software and procedures to meet its objectives.
Manages Changes Throughout the System Lifecycle—A process for managing system changes throughout the lifecycle of the system and its components (infrastructure data software and procedures) is used to support system availability and processing integrity. Authorizes Changes—A process is in place to authorize system changes prior to development.Designs and Develops Changes—A process is in place to design and develop system changes.Documents Changes—A process is in place to document system changes to support ongoing maintenance of the system and to support system users in performing their responsibilities. Tracks System Changes—A process is in place to track system changes prior to implementation. Configures Software—A process is in place to select and implement the configuration parameters used to control the functionality of software. Tests System Changes—A process is in place to test system changes prior to implementation. Approves System Changes—A process is in place to approve system changes prior to implementation. Deploys System Changes—A process is in place to implement system changes.Identifies and Evaluates System Changes—Objectives affected by system changes are identified and the ability of the modified system to meet the objectives is evaluated throughout the system development life cycle.Identifies Changes in Infrastructure Data Software and Procedures Required to Remediate Incidents—Changes in infrastructure data software and procedures required to remediate incidents to continue to meet objectives are identified and the change process is initiated upon identification. Creates Baseline Configuration of IT Technology—A baseline configuration of IT and control systems is created and maintained.Provides for Changes Necessary in Emergency Situations —A process is in place for authorizing designing testing approving and implementing changes necessary in emergency situations (that is changes that need to be implemented in an urgent timeframe). Protects Confidential Information—The entity protects confidential information during system design development testing implementation and change processes to meet the entity’s objectives related to confidentiality. Protects Personal Information—The entity protects personal information during system design development testing implementation and change processes to meet the entity’s objectives related to privacy.
Click here to Start your FREE trial today!
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- HIPAA
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- NIST-CSF
- CIS Framework Controls V8
Click here to Start your FREE trial today!