Network Security Associates, Inc.

Types of Change

Below is a list of the 4 Types of Change that we identify and work with on a regular basis. Managing change is a critical part of ensuring the smooth day-to-day business operations, ensuring data security, as well as minimizing downtime for changes. Please take a moment to read the Types of Change and their descriptions listed below.

• Sensitive Requests

  These types of requests usually have to do with changes to a Manager or Supervisor – where discretion is important, and high levels of access are being adjusted.

• High Risk/Impact MACs

  These are moves/adds/changes that have a high security risk or the potential to impact a larger percentage of users. Some of the more common requests in this category are: Remote access, password resets, change a user permission level, new users, vendor access, etc.

• Low Risk/Impact MACs

  These are moves/adds/changes that are less impactful/risky and more common day-to-day type of MAC. Some common examples are moving a computer, installing a fax line, etc.

• Break/Fix

  This is your most common, everyday request – something is “broken” and it needs to be fixed. This is usually listed as “Everyone” but some organizations like to have all support requests filtered through a single employee or have multiple employees as approvers.

Network Security Associates, Inc.

List of Approvers

• The below table should be filled out with the list of users and the types of Change they can request.

• At least 1 user is required for each Change Type and a single user can be responsible for all types.

• Rank – Hierarchy or precedence of approvers, with 1 being the person with the most authority (normally an owner), 2 for the person with the next greatest authority, and so on. Often used when two people submit the same request with different parameters – for example, if 2 users both have High Risk/Impact MAC Change Approval, which user has the final say?

• Everyone – If “Everyone” will have authority over a change type, simply check the associated box(s). For instance, if “Everyone” can approve Break/Fix requests, enter a checkmark in the Break/Fix column. Allowing “Everyone” to approve all request types is not recommended and is a security risk.