Change Management Policy

This Change Management Policy establishes a structured framework for managing changes to the organization's ICT systems and processes in compliance with the Digital Operational Resilience Act (DORA). It aims to minimize risks, maintain operational resilience, and ensure regulatory adherence during the implementation of changes.

• Change Categorization: Defines changes as standard (routine), normal (requiring assessment and approval), or emergency (urgent risks/incidents).
• Documentation: Requires detailed Change Requests (CRs) with risk assessments, impact analyses, and rollback plans.
• Approval Process: Involves the Change Advisory Board (CAB) for review and approval based on predefined criteria.
• Testing and Validation: Mandates testing changes in controlled environments before deployment to ensure safety and effectiveness.
• Post-Implementation Review: Evaluates the success of changes and identifies opportunities for process improvement.

This policy ensures that all ICT changes are managed securely and efficiently, supporting organizational resilience and compliance with regulatory requirements.