Overview
This policy outlines the procedures for managing changes and updates to internal computer systems within InContext Solutions to ensure operational continuity and minimize unexpected downtime.
Purpose
The purpose of this policy is to establish a structured approach for implementing changes and updates to ensure they are carried out effectively, safely, and with minimal disruption to services.
Scope
This policy applies to all network switches, firewalls, and servers utilized by InContext Solutions.
Policy
1. Change Request Process
- All change requests must be submitted via email to: changemanagement@incontextsolutions.com. This centralized email ensures that all requests are documented and tracked.
2. Risk Assessment Assignment
- Upon receipt, each change request will be assigned a risk assessment to determine the potential impact on systems and services.
3. Risk Assessment Classifications:
- Minimal Risk: Changes classified as minimal involve little or no risk of failure, and the procedures for implementation are well understood and documented. These changes can be made without additional approval.
- Significant Risk: Changes classified as significant require careful planning and must be evaluated for potential impact on services. These changes cannot proceed without explicit approval.
4. Implementation of Changes
- If a change is classified as Minimal Risk, the individual initiating the change may carry it out as specified in their request.
- If a change is classified as Significant Risk, the requester must coordinate a discussion via email chat with relevant stakeholders to review the implications of the change. Approval from designated authorities is required before proceeding.
5. Ticket Closure
- After a change has been successfully implemented, the associated ticket must be closed. This closure documentation should include a summary of the change, results of the implementation, and any issues encountered during the process.
Policy Compliance
Compliance Measurement
The Information Security (Infosec) Team is responsible for verifying compliance with this policy. This may be achieved through various methods, including:
- Routine audits of change requests and implementations.
- Review of ticket closures and documentation to ensure all changes have been adequately logged and assessed.
Exceptions
Any exceptions to this policy must be formally submitted and will only be granted with prior approval from the Information Security Team. Requests for exceptions should include a justification for deviation from established procedures.
Revision History
| Date of Change | Responsible | Summary of Change |
|---|---|---|
| March 2026 | ICS InfoSec Team | Published to Trust Center |