This sample policy helps to define the current change management processes in an organization. The scope of this document is limited to development and changes to applications; database structures; and IT infrastructure (including hardware, system software and configurations).
In this sample, the owner of these standards is with approval from the Audit Sub-Committee of the Board. This approval is implied by their annual review. The Corporate CIO and/or CISO may approve interim changes to policies and standards, in order to respond to any vulnerability, incorporate technical advances, or adjust to changing business procedures.