• No unauthorized changes to the code can be made to a production system either
intentionally or inadvertently
• No unauthorized changes to the data of a production system can be made either
intentionally or inadvertently
• Every change to either the code or the data of a production system produces
sufficient audit trail to identify the source of the change and the authorization
• The existence of sufficient controls ensuring the above three items can be
independently verified
For many organizations these functions are clearly defined and implemented in an existing
Configuration Management operation that is not a part of the development organization. If
that function does not exist, or if it fails to fully perform these functions, the penalties can be
severe.