Documentation
HECVAT Full v3.0.6
Change Management
CHNG-13

Question CHNG-13

Do procedures exist to provide that emergency changes are documented and authorized (including after-the-fact approval)?

Weight15
High RiskNo
RequiredYes
Compliant AnswerYes

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Describe plans to implement procedure ensuring that emergency changes are documented and authorized.

Answering "YES"

Summarize implemented procedures ensuring that emergency changes are documented and authorized.

Reason for Question

In the context of the CIA triad, this question is focused on system integrity, ensuring that system changes are only executed by authorized users. In the event of emergency changes, accountability and post-action review is expected.

Follow-Up Inquiries

Follow-up with a robust question set if a vendor cannot clearly state full control of the integrity of their system(s).

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]