Systems Development and Maintenance Archives - Findings

Are modifications to existing systems or implementations of new systems tested in a test environment before they are deployed in production?

Are modifications to existing systems or implementations of new systems tested in a test environment before they are deployed in production?

Is acceptance testing part of pre-deployment testing and does it involve both the IT and business stakeholders?

Is acceptance testing part of pre-deployment testing and does it involve both the IT and business stakeholders?

Is there a change management process for changes to system, to include configuration changes and patching?

Is there a change management process for changes to system, to include configuration changes and patching?

Is there a log that records all changes, including who reviewed the changes, testing performed, back out plans, acceptance/denial, and who performed the changes?

Is there a log that records all changes, including who reviewed the changes, testing performed, back out plans, acceptance/denial, and who performed the changes?

Does your organization develop using the SDLC?

Does your organization develop using the SDLC?

Is security an important component in the evaluation and selection of technology solutions?

Is security an important component in the evaluation and selection of technology solutions?

Is a risk assessment performed prior to the installation of new infrastructure?

Is a risk assessment performed prior to the installation of new infrastructure?

Is there a process for monitoring vulnerabilities introduced by hardware or software vendors and the availability of patches?

Is there a process for monitoring vulnerabilities introduced by hardware or software vendors and the availability of patches?