Risk Assessment & Impacts Analysis.

This paragraph shall describe anticipated risk of the proposed change. The risk assessment may include risk, risk factor, risk likelihood and risk treatment that is aligned to enterprise risk framework. (refer to Information Security Risk Management procedure KRA-DOC-010 on the KRAhub)

3.2. Table 1: Sample Risk Assessment

Example

Example 1

Incident/inadiquate control

The system takes time to configure and there is no parallel systems to host the services during deployment

Risk statement

There is risk of service unavailability arising from long deployment periods

Risk Rating [1-25] Probability* impact

(3*3)=9

Proposed Controls

Deploy at night and on no tax due dates period when there is low system usage. Inform the concerned stake holders

Impacts during Systems Integrations.

This paragraph shall describe anticipated impacts on the user, acquirer, developer, and support agency(ies) during the integration of the change with other systems. These impacts may include development or modification of databases; training; parallel operation of the new and existing systems; impacts during testing of the new system; and other activities needed to aid or monitor development and integration.

Table 2: Sample Impact Analysis

No

Impact Analysis Check List

Impact Rating [High/Med/Low]

Comments

4.0 Rollback Plan

This paragraph shall state the rollback strategy anticipated in the event of the change needs to be rolled back. Include the activities, tasks required, scripts required to effect the rollback, back up requirements and restoration strategy required to implement the rollback

5.0 WORK PLAN

Activities Dates: From & to Duration in (months/days/ weeks/hours) Responsibility
ISO 9001:2015 CERTIFIED
INFORMATION AND COMMUNICATIONS
TECHNOLOGY
DATABASE/SYSTEM CHANGE: REQUEST FOR CHANGE (RFC)
System change
Database change

 

  1. RFC Prepared by:

 

 

Signature:

_____________________

Date:______________

Name:

Name :

Title: System Analyst

 
  1. Reviewed by:

 

 

Signature:

______________________

Date:______________

Name:

Name :

Title: Manager ICT

 
  1.  Recommended by :

 

 

Signature:

_____________________

Date:_______________

Name:

Name :

Title: Manager BTO/Projects

 
  1. Approved  by :

 

 

Signature:

_____________________

Date:_______________

Name:

Name :

Title: DC ICT

 

 

Final Approval by the Owner (HOD)

 

Title: ___________________________________

 

Signature: _______________________________                 Date: ___________

 

Commissioner (C&BC/DTD/CSS/SIRM/LS&BC/I&SO/I&E)/HOD

(Please tick as Appropriate)