A change release checklist pulls together the key components of your change control process.
There are various change control steps to ensure system development activities are high quality; ie. reducing or avoiding bugs, performance issues, and security vulnerabilities in your software.
The modern approach to software development is using agile practices with short sprints for each release. Accordingly, the modern change controls are best formed into a release management checklist that holistically combines the key checks, approvals, and steps for the code changes that go into each release.
The Release Management Checklist is the detailed steps and responsibilities. The Change Control Policy sets the requirements and governance activities for your Engineering or development function. The Segregation of Duties is how to ensure the change control steps aren’t bypassed inappropriately. These three in combination can form your controlled approach to change management that meets industry security standards like SOC 2, ISO 27001, and the Consumer Data Right.
What goes into a release management checklist?
The checklist itself should reflect the requirements set out in your defined Change Management Policy. It translates these into a practical method of documenting and tracking the completion of those requirements. An “off the shelf” or “out of the box” checklist may help to get you started, but it should really be tailored to your company.
The checklist includes the steps and responsibilities of your developers, quality reviewers, management, and other related functions like customer support/success, system operations, and even sales and marketing. You should consider the level of detail included in this checklist to align to what works best in practice to both demonstrate the requirements were met but also provide a succinct and user-friendly tracker that is useful as a management tool.
An example Change Release Checklist is included below to outline the type of steps that are usually captured.
The CDR Perspective
The Change Release Checklist pulls together activities that demonstrate Secure Coding, which is one of the 24 information security requirements.
- Secure coding: Changes to the accredited data recipient’s systems (including its CDR data environment) are designed and developed consistent with industry-accepted secure coding practices, and are appropriately tested prior to release into the production environment.
About AssuranceLab
AssuranceLab is a modern cybersecurity audit firm. We're experts in the latest software and cloud providers. We guide your team through the compliance practices in a way that fits your environment and culture. We work closely with clients through our agile and collaborative approach; saving time, costs, and headaches along the way.
Change Release Checklist Example
|
Task |
Owner |
Status |
Comments |
|
Product Management |
|||
|
Backlog and sprint plan agreed |
|
|
|
|
User stories defined |
|
|
|
|
Acceptance criteria defined |
|
|
|
|
Release plan agreed |
|
|
|
|
Development |
|||
|
Design work |
|
|
|
|
Design work review |
|
|
|
|
Development |
|
|
|
|
Peer review |
|
|
|
|
Unit testing |
|
|
|
|
Development team sign off |
|
|
|
|
Testing |
|||
|
QA Plan and tests defined |
|
|
|
|
Testing complete |
|
|
|
|
Bugs logged |
|
|
|
|
Defect resolution plan agreed |
|
|
|
|
All defects resolved or signed off |
|
|
|
|
QA team approval |
|
|
|
|
Services & Internal Operations |
|||
|
Impact assessment completed |
|
|
|
|
Impacted users advanced notification |
|
|
|
|
User guides, training materials updated |
|
|
|
|
Internal system documentation updated |
|
|
|
|
Communications plan agreed |
|
|
|
|
Internal teams notified, trained |
|
|
|
|
Release Management |
|||
|
All changes tested and approved |
|
|
|
|
Roll-back plan defined |
|
|
|
|
Operations team approval |
|
|
|
|
Released to production |
|
|
|
|
Release notes sent |
|
|
|
|
Post-implementation verification |
|
|
|