4.2 - CompTIA A+ Core 2

Documented business procedures

Rollback plan

• Rollback plan: A document that outlines how to revert system changes in case of failure or error.

Backup plan

• Backup plan: A plan to accomplish an objective in case of a problem encountered during a procedure (e.g., how to install a firewall update if the Wi-Fi isn’t working).

Sandbox testing

• Sandbox testing: Testing software in an isolated environment, with no connection to the real world or real production systems.

Responsible staff members

• Responsible staff members: Valuable team members who assist in the change management process (e.g., IT team to implement changes, business customers, organization sponsor).

Change management

• Change management: A formal process for managing change - avoids downtime, confusion, and mistakes.

Request forms

• Change management request form: A document that requests permission to make a change. Includes change purpose, scope, and type.

Purpose of the change

• Purpose (changes): Determines the reasoning behind the change - why is it being done?

Scope of the change

• Scope (changes): Determines a change’s effects - may be limited to a single server or an entire site

Change type

Standard change

• Standard change: A low-risk, pre-approved change. Happens all the time and is well documented (e.g., replacing the monitor on a user’s desk).

Normal change

• Normal change: A medium-risk change that is not urgent. Follows the full change management process (e.g., updating a DMBS software, replacing a core switch).

Emergency change

• Emergency change: A high-risk change that must be implemented immediately (e.g., patching a zero-day vulnerability).

Date and time of change

Change freeze

• Change freeze: Scheduled periods where no changes can occur (e.g., Nov 15 through to Jan 5).

Maintenance windows

• Maintenance windows: Schedule downtime periods to implement changes (e.g., Sundays @ 2 am).

Affected systems/impact

Risk analysis

• Risk analysis: Quantitative/qualitative determination of a risk. Analyzes the risk behind making a change and the risk behind not making a change.

Risk level

• Risk levels: Values/labels that determine the potential impact of a risk (e.g., low, medium, high).

Change board approvals

• Change board: A formal advisory group that reviews, accepts, or rejects proposed changes.

Implementation

Peer review

• Implementation/peer review: The process of assessing proposed changes with the involvement of team members to ensure quality and effectiveness before full deployment.

End-user acceptance

• End-user acceptance: Gathering feedback from end-users to confirm that the implemented changes meet their needs and expectations, ensuring a smoother transition and user satisfaction.