CM-04 Change Management

Testing / UAT Before Production

Changes are validated before release.

Domain
Change Management
Control type
Preventive
Automated / manual
Manual
Frequency
Per event
Framework reference
COBIT BAI03/BAI07; MAS TRM – SDLC

What good looks like

Changes are tested (functional/UAT/regression) with documented results and sign-off pre-prod.

Risk if it fails

Defective changes degrade integrity/availability.

How Tess tests it

4 tests — each concludes only on cited evidence.

Testing gate required pre-prod

Design
Procedure
Inspect the process.
Expected
Testing mandatory before release.
Sample
1 (design inspection)
Evidence
Test plans/results, UAT sign-off.

Test evidence exists for sampled changes

Operating
Procedure
Inspect test results.
Expected
Results documented.
Sample
Judgmental, by population (e.g. 10–25)
Evidence
Test plans/results, UAT sign-off.

UAT/business sign-off before release

Operating
Procedure
Inspect sign-offs.
Expected
Signed off pre-release.
Sample
Judgmental, by population (e.g. 10–25)
Evidence
Test plans/results, UAT sign-off.

Failed tests resolved before deploy

Operating
Procedure
Inspect test outcomes.
Expected
No deployment on failed tests.
Sample
Judgmental, by population (e.g. 10–25)
Evidence
Test plans/results, UAT sign-off.

Evidence Tess looks for

Test plans/results, UAT sign-off.

More in Change Management

CM-01 Change Management Policy CM-02 Change Request & Documentation CM-03 Change Authorisation CM-05 Environment Segregation

Want Tess to test CM-04 against your evidence?

Book a demo