CM-15 Change Management

Database / Schema Change Control

DB structure and data changes are controlled.

Domain: Change Management
Control type: Preventive
Automated / manual: Hybrid
Frequency: Per event
Framework reference: COBIT BAI07

What good looks like

DB schema/data changes are reviewed, approved, tested and applied via controlled migrations.

Risk if it fails

Data corruption/integrity loss.

How Tess tests it

3 tests — each concludes only on cited evidence.

DB change/migration process defined

Design

Procedure: Inspect the process.
Expected: Controlled DB changes.
Sample: 1 (design inspection)
Evidence: Migration scripts, approvals, test evidence.

DB changes approved and tested

Operating

Procedure: Sample DB changes.
Expected: Approved and tested.
Sample: Judgmental, by population (e.g. 10–25)
Evidence: Migration scripts, approvals, test evidence.

Migration scripts version-controlled & reviewed

Operating

Procedure: Inspect scripts.
Expected: Controlled execution.
Sample: Judgmental, by population (e.g. 10–25)
Evidence: Migration scripts, approvals, test evidence.

Evidence Tess looks for

Migration scripts, approvals, test evidence.

More in Change Management

CM-01 Change Management Policy CM-02 Change Request & Documentation CM-03 Change Authorisation CM-04 Testing / UAT Before Production

Want Tess to test CM-15 against your evidence?