permissions. The tracking of changes ensures that changes are
            completed correctly, that no unauthorized changes have been
            made, and that all changes have been tested before deployment.

            The change management process will also coordinate the
            scheduling of changes to ensure that a change is done at the time
            most suited for the business. Changes should not be done at
            operationally critical times unless an emergency change is
            needed.

            The final step in the change control process is notifying
            management of the completion of the change.
            A part of the change control process should be the notification
            of the potential change to the business continuity and disaster
            recovery teams. This ensures the BCP and DR plans can be
            updated. It also ensures that the correct files, applications, and
            configurations are being backed up.




            Backups

            Equipment failure is to be expected, and hardware has a Mean
            Time Between Failure (MTBF) rating that indicates the expected
            lifespan  of  the  device.  Organizations  should  have  an  asset
            tracking system that is tracking equipment and ensuring that the
            equipment is being maintained and replaced on a scheduled basis.
            Many  organizations  can  find  that  they  have  previously
            undiscovered  vulnerabilities  since  they  are  running  equipment
            and systems that are well past their expected lifespan.
            To be ready for equipment failure or the accidental deletion of
            files,  it  is  important  to  have  backups  of  all  system  files,