The Advanced Change Management system uses a set of policy records called Strongpoint Change and Approval Policies which define:
- The level of change management required for a given change (e.g. modification of a script vs. a search).
- The level of approval required and the participants in that approval process.
For more details on Strongpoint Change/Approval Policies, please see Set Up Default Policies and Change/Approval Policy Fields.
When Process Issues or Change Requests are created, Strongpoint analyzes the impacted customizations and processes. It identifies the change policy that applies based on the IT risk from the Customization Record and the process risk from the Process Records.
The Strongpoint Change and Approval Policy also determines the change level required for any detected changes to be compliant. This ensures that even changes that do not go through the planned change management process are analyzed against the policy for compliance. Please see for more details.
For example, a company may have four policies:
- A Default Policy that applies to any customization or process without a specific policy. This generally requires that scripted changes go through a relatively high level of review compared to non-scripted changes.
- A Financial Processes Policy that applies to the core financial processes. Under this policy, for example, any changes to the financial processes could require full development and testing and approval of the CFO.
- A Critical Operational Processes Policy that applies to vital operational processes or customizations such as those comprising a critical integration. This policy might require approval by the CFO as well as the expert owners of the specific objects concerned.
- A Controls Policy that specifically applies to key reports and controls listed on the policy that need very specific approval to modify and ensures there are no changes without a proper audit review.
Once in place, Strongpoint’s policies remind users of the level of change management required as well as monitors the changes that do occur and raises alerts to IT if there are any change violations.