CM-12 Change Management

Rollback / Back-out Plans

Failed changes can be recovered from.

Domain: Change Management
Control type: Preventive
Automated / manual: Manual
Frequency: Per event
Framework reference: COBIT BAI07

What good looks like

Changes include a documented (ideally tested) rollback plan.

Risk if it fails

Inability to recover from a failed change.

How Tess tests it

2 tests — each concludes only on cited evidence.

Template requires rollback plan

Design

Procedure: Inspect the change template.
Expected: Rollback field present.
Sample: 1 (design inspection)
Evidence: Change records with rollback plans.

Rollback plan documented pre-deploy

Operating

Procedure: Sample changes.
Expected: Rollback documented before deployment.
Sample: Judgmental, by population (e.g. 10–25)
Evidence: Change records with rollback plans.

Evidence Tess looks for

Change records with rollback plans.

More in Change Management

CM-01 Change Management Policy CM-02 Change Request & Documentation CM-03 Change Authorisation CM-04 Testing / UAT Before Production

Want Tess to test CM-12 against your evidence?