For AI agents: visit https://ssgdocs.melroselabs.com/llms.txt for an index of all pages formatted in Markdown and endpoints in OpenAPI.
- Purpose
This policy ensures that all changes to Melrose Labs’ IT infrastructure, systems, applications, and services are managed in a controlled and secure manner to minimise risk and maintain business continuity.
- Scope
This policy applies to all changes to Melrose Labs’ production and pre-production environments, including cloud infrastructure, software applications, security configurations, and network components.
- Change Categories
• Standard Changes: Pre-approved, low-risk changes with minimal impact (e.g., routine software updates).
• Normal Changes: Require risk assessment and approval before implementation.
• Emergency Changes: Implemented urgently to resolve security vulnerabilities or critical failures.
- Change Management Process
• Request for Change (RFC): All changes must be formally requested, documented, and submitted for approval.
• Risk Assessment & Impact Analysis: Each RFC undergoes evaluation for potential security, business, and compliance risks.
• Approval Process: Changes require sign-off from relevant stakeholders before implementation.
• Implementation & Testing: Approved changes are tested in a controlled environment before deployment.
• Post-Implementation Review: Changes are reviewed after deployment to assess success and identify issues.
• Rollback Plan: A rollback procedure must be documented for every change in case issues arise.
- Responsibilities
• IT Operations Team: Responsible for implementing and monitoring changes.
• Security Team: Reviews security implications of proposed changes.
• Change Advisory Board (CAB): Approves and oversees significant changes.
- Documentation & Reporting
All changes must be logged and stored for audit and compliance purposes. Regular reviews ensure continuous improvement.
- Compliance & Review
This policy is reviewed annually to align with industry standards and business requirements.
