How to identify and prevent Unauthorized Changes ?

What are Unauthorized Changes?

Changes implemented without all relevant approvals provided are categorized as Unauthorized Changes.

Identifying Unauthorized Changes

The Configuration Management process has the primary role in the detection of Unauthorized Changes. Configuration Audits performed by the Configuration Management team on a regular or random basis identify mismatches between the CMDB and the environment (i.e.: how it should be vs. how it actually is). Discovery tools are used to perform configuration audits which identify the state of the environment at any point in time. The result is then compared against the information in the CMDB to identify unauthorized Changes.

Handling Unauthorized Changes / non-compliance

All detected Unauthorized Changes and process non-compliance must be reported to the Change Management Process Owner. The Change Management Process Owner will define the follow-up actions, consulting with the relevant Change Assessors. The follow-up actions will include at least a Change Request to be created to document the activities performed, and may include one or more of the following:

·      The unauthorized activities might be rolled back

·      The CMDB might be updated

·      A new Change Request might be submitted to implement corrective measures

Prevention of Unauthorized Changes

All Unauthorized Changes must be investigated to identify any possible consequences to the environment. The investigation should also aim to reveal the reason behind any such Change. The findings of the investigation might be presented in CAB Meetings in order to ensure process compliance in the future.