CC8.1SOC 2Change management - manages system changes
The entity authorizes, designs, develops, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures.
- Trust Service Criterion
- CC
- Audit period
- type-2
- Points of focus
- Changes are requested and approved
- Testing is performed before production release
- Emergency changes are reviewed after implementation