This slide describes the various aspects of controlling
operational software.
The objective of this control is to ensure that procedures
are in place to control the implementation of software on
operation systems. To minimise the risk of corruption of
operational systems, the following controls should be
considered:
Updating of program libraries should be done only by the
nominated librarian upon appropriate management authorisation
If possible, operating systems should only hold executable code
Executable code should not be implemented on an operational
system until evidence of successful testing and user acceptance is
obtained, and the corresponding program source libraries have
been updated
An audit log should be maintained of all updates to operational
program libraries
Previous versions of software should be retained as a contingency
measure