+DEV-06 Risk Assessment, Categorisation and Prioritisation of Changes
---+DEV-06.01B
---+DEV-06.02B
---+DEV-06.01AC
|
1. Übersicht
DEV-06 Risk Assessment, Categorisation and Prioritisation of Changes
-
| Bezeichnung |
Standard |
|
DEV-06.01B
|
In accordance with the applicable policies, changes are subject to a risk assessment evaluating its potential impact on the overall cloud service in scope. In addition, when multiple changes are implemented concurrently, their mutual interactions and cumulative effects are also subject to the risk assessment in order to identify potential conflicts or dependencies. All identified risks and dependencies are categorised and prioritised accordingly.
|
|
DEV-06.02B
|
If the risk associated to a planned change is high, appropriate mitigation measures are taken before deploying the change in the cloud service's production environment.
|
|
DEV-06.01AC
|
In accordance with the contractual agreements, meaningful information about the occasion, time, duration, type and scope of the change is submitted to authorised bodies of the cloud service customer so that they can carry out their own risk assessment before the change is made available in the production environment. Regardless of the contractual agreements, this is done for changes that have the highest risk category based on their risk assessment. This does not include changes without an effect on the service usage or security posture of the service.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|