|
Booklet:
Development
and Acquisition Section: Maintenance Subsection: Emergency Modifications |
|||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||
Emergency
modifications are periodically needed to correct software problems or
restore processing operations quickly. Although the changes must be completed
quickly, they should also be implemented in a well-controlled manner.
Emergency change standards should include procedures similar to those
for routine change controls. However, the standards should include abbreviated
change request, evaluation, and approval procedures to ensure changes
are made quickly. The standards should be designed to ensure management
completes detailed evaluations and documentation of emergency changes
as soon as possible after implementation.
Whenever possible, emergency changes should be tested prior to implementation.
If management is unable to thoroughly test emergency modifications before
installation, it is critical that they appropriately backup files and
programs and have established back-out procedures in place.
Appropriate backups, established back-out procedures, and detailed documentation
enhance management’s ability to reverse changes if they cause system
disruptions. Detailed documentation also enhances management’s ability
to analyze the impact of any changes during post-change evaluations. At
a minimum, emergency change procedures should require:
|
|
Pre-change reviews and authorizations; | |
|
|
Pre-change testing (in segregated testing environments); | |
|
|
Backup/backout procedures; | |
|
|
Documentation that includes: | |
 |
Descriptions of a change; | |
|
Reasons for implementing or rejecting a proposed change; | |
|
The name of the individual who made the change; | |
|
A copy of the changed code; | |
|
|
|
The date and time a change was made; and |
|
|
Post-change evaluations. | |
