S 2.429 Measuring the success of change requests
Initiation responsibility: Change Manager, Head of IT
Implementation responsibility: Change Manager
Management processes such as patch and change management must be improved, optimised and adapted to the changing conditions in the organisation in a continuous manner. The way this safeguard is implemented in the organisation also indicates the maturity level of the patch and change management process.
The testing of hardware, software or configuration changes carried out in advance is mainly used to check if the changes generally work properly in the expected area of application. As changes are to eliminate malfunctions in most cases, it is necessary to subsequently obtain an evaluation on the success of the change from the submitters of the change request.
For this purpose, it is absolutely necessary to perform so-called subsequent tests. As a prerequisite, reference systems must be selected as quality assurance systems. In addition, it must be ensured that the subsequent tests are performed by those specialist users who are familiar with the business processes of the organisation and are able to assess errors, if any.
If the change was necessary from a security perspective, the subsequent tests must be initiated by the Change Manager and carried out by the specialist users.
The results of the subsequent tests and evaluation are documented within the framework of the patch and change process. For the Change Manager, the Change Advisory Board and the security management, data to improve the process is thus made available.