Version | 1.0 |
Owner | Head of Engineering |
Last Updated On |
|
Last Updated by | |
Approved by |
To ensure the correct and secure operation of information processing systems and facilities.
All ecoPortal information systems that are business critical and/or process, store, or transmit company data. This Policy applies to all employees of ecoPortal and other third-party entities with access to ecoPortal networks and system resources.
Both technical and administrative operating procedures shall be documented as needed and made available to all users who need them.
Changes to the organization, business processes, information processing facilities, production software and infrastructure, and systems that affect information security in the production environment and financial systems shall be tested, reviewed, and approved prior to production deployment. All significant changes to in-scope systems and networks must be documented.
Change management processes shall include:
Processes for planning and testing of changes, including remediation measures
Documented managerial approval and authorization before proceeding with changes that may have a significant impact on information security, operations, or the production platform
Advance communication/warning of changes, including schedules and a description of reasonably anticipated effects, provided to all relevant internal and external stakeholders
Documentation of all emergency changes and subsequent review
A process for remediating unsuccessful changes
The use of processing resources and system storage shall be monitored and adjusted to ensure that system availability and performance meets ecoPortal requirements.
Human resource skills, availability, and capacity shall be reviewed and considered as a component of capacity planning and as part of the annual risk assessment process.
Scaling resources for additional processing or storage capacity, without changes to the system, can be done outside of the standard change management and code deployment process.