This Tactical Tier control triangle seeks to ensure that system changes are impact assessed, approved and implemented smoothly, that updates and fixes are timely, and that the organisation’s technology infrastructure remains up-to-date, secure, and aligned with its operational and strategic goals while minimising disruption risks to business operations.

This control rolls down from the Manage Capability Domain and cascades into: 3.3.2.1-Manage Change Request, 3.3.2.2-Manage Change Release, and 3.3.2.3-Manage ICT Currency controls.

---

Control Mappings:
Cobit:2019 ➡️ BAI05; BAI05.06
PCI:DSSv4.01 ➡️ 6; 6.5; 6.5.1; 6.5.2; 12.4.2; 12.5.2
ISO27001:2022 ➡️ 8; 8.1
ISO38500:2024 ➡️ 5.8.2; 6; 6.3
ITIL:v4 ➡️ GM6; GM8; SM17