CISM Certified Information Security Manager – Question1092 - CISM Certified Information Security Manager

What is the MOST appropriate change management procedure for the handling of emergency program changes?

A. Formal documentation does not need to be completed before the change
B. Business management approval must be obtained prior to the change
C. Documentation is completed with approval soon after the change
D. All changes must follow the same process

Correct Answer: C

Explanation:

Explanation:
Even in the case of an emergency change, all change management procedure steps should be completed as in the case of normal changes. The difference lies in the timing of certain events. With an emergency change, it is permissible to obtain certain approvals and other documentation on “the morning after” once the emergency has been satisfactorily resolved. Obtaining business approval prior to the change is ideal but not always possible.