SSG Guides

Change Management Policy

Suggest Edits
  1. Purpose
    This policy ensures that all changes to Melrose Labs’ IT infrastructure, systems, applications, and services are managed in a controlled and secure manner to minimise risk and maintain business continuity.
  2. Scope
    This policy applies to all changes to Melrose Labs’ production and pre-production environments, including cloud infrastructure, software applications, security configurations, and network components.
  3. Change Categories
    • Standard Changes: Pre-approved, low-risk changes with minimal impact (e.g., routine software updates).
    • Normal Changes: Require risk assessment and approval before implementation.
    • Emergency Changes: Implemented urgently to resolve security vulnerabilities or critical failures.
  4. Change Management Process
    • Request for Change (RFC): All changes must be formally requested, documented, and submitted for approval.
    • Risk Assessment & Impact Analysis: Each RFC undergoes evaluation for potential security, business, and compliance risks.
    • Approval Process: Changes require sign-off from relevant stakeholders before implementation.
    • Implementation & Testing: Approved changes are tested in a controlled environment before deployment.
    • Post-Implementation Review: Changes are reviewed after deployment to assess success and identify issues.
    • Rollback Plan: A rollback procedure must be documented for every change in case issues arise.
  5. Responsibilities
    • IT Operations Team: Responsible for implementing and monitoring changes.
    • Security Team: Reviews security implications of proposed changes.
    • Change Advisory Board (CAB): Approves and oversees significant changes.
  6. Documentation & Reporting
    All changes must be logged and stored for audit and compliance purposes. Regular reviews ensure continuous improvement.
  7. Compliance & Review
    This policy is reviewed annually to align with industry standards and business requirements.

Updated 3 days ago