CONFIGURATION MANAGEMENT28.1 Object

CONFIGURATION MANAGEMENT
28.1 Objective
The objective of this Policy is to manage the configuration and optimizing the IT infrastructure, resources and capabilities, and accounting for IT assets.
28.2 Policy
a) Configuration management procedure must be defined and in practice to support management and logging of all changes to the configuration repository.
b) Configuration management process must integrate with change management, incident management and problem management procedures.
c) A supporting tool and a central repository must be established to contain all relevant information on configuration items to monitor and record all assets and changes to assets.
d) Baseline configuration items must be maintained for every system and service as a checkpoint to which to return after changes.
e) IT infrastructure must implement a configuration repository to capture and maintain configuration management items. The repository includes but not limited to the following:
(i) hardware configuration setting (Operation System / Firmware)
(ii) software configuration setting (Respective IT Applications Support)
(iii) Database configuration setting (IT DBA Support)
f) Periodically review the configuration data to verify and confirm the integrity of the current and historical configuration.
g) Deployment of new server hardware, operating systems, services, and applications must be reviewed and sign off by IT Security
h) Server equipment operating systems must only be installed from Group approved source. Server equipment must operate with only licensed versions of the operating system and software.
i) IT must perform assessment of server equipment on a regular basis, to ensure all the configuration records are up to date and accurate. (eg. Hardening baseline and approved configuration still remind as approved)