× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2002

Re: Change Control

--
[ Picked text/plain from multipart/alternative ]
Hector,

(Sorry for the delay, I'm out of the country at present)

In a message dated 6/3/02 3:55:00 PM Eastern Daylight Time,
hsanchez@driscollchildrens.org writes:


> I work for a Children's Hospital in South Texas.  We are a pretty small shop
> as far as the AS/400 goes.  3 programmers and 2 operators.  I used to work
> for our Electric Utility and in a much bigger shop.  None of the
> Programmers/Analyst had Security Rights to Change Live Objects, Source Code
> or Files.  Everything was done in Test and we had someone in charge of
> Change Control to move everything over once we got the proper signatures.
>
> Recently we had an I/S audit and the auditors are requiring us to use some
> form of Change Control.  The other 2 programmers are very much against this
> and so far we have avoided doing such.  So my question is this, are most
> 400 shops small and dont do Change Control, or are we unique in not doing
> so?


I've always been a big advocate of structured change control, even if it's
just on paper.  Sometimes the industry, rather than the size of the shop,
determines the requirement from an IT audit perspective.  Pharmaceutical
companies, banks, and hospitals are held to tighter EDP audit restrictions
than are most other shops.  I consulted to a hospital with a shop identical
in size to yours many years ago.  The problem there was that they had no
change management or segregated development machine, and the development
staff often made "quick fixes" while signed on under the QSECOFR profile
fixing tuning or configuration problems, which locked all of the users out of
the "fixed" programs.

Change management is good.  Write your own if you cannot afford one of the
available products.  Developers resisting its' implementation are either not
that good, or consider their access to be more important than operating the
business in a professional manner.  Which is _NOT_ good...

JMHO,

Dean Asmussen
Enterprise Systems Consulting, Inc.
Fuquay-Varina, NC  USA
E-mail:  DAsmussen@aol.com

"Beware of programmers bearing screwdrivers."  -- Old CrossTalk Saying

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.