01233 743 240

Change Management Policy

1. Purpose

This policy defines Flowbird Ltd’s approach to managing changes to systems, applications, infrastructure, and processes in a controlled and secure manner, reducing the risk of disruption or security incidents.

2. Scope

This policy applies to all changes that may impact:

  • Information systems and applications

  • Infrastructure and cloud services n- Information security controls

  • Services provided to clients

3. Change Management Principles

  • Changes are planned, assessed, approved, implemented, and reviewed.

  • Security, availability, and business impact are considered before changes are made.

  • Changes are proportionate to the size, risk, and complexity of the environment.

4. Change Types

Changes are categorised as:

  • Standard changes – low-risk, repeatable changes following approved procedures

  • Normal changes – changes requiring assessment and approval prior to implementation

  • Emergency changes – changes required to resolve incidents or critical issues

5. Change Process

For applicable changes, Flowbird Ltd follows these steps:

  1. Change request – description, scope, and rationale for the change

  2. Impact assessment – assessment of security, operational, and business impact

  3. Approval – approval by appropriate management or technical authority

  4. Implementation – controlled execution of the change

  5. Testing and validation – where appropriate

  6. Review – post-change review to confirm success and identify lessons learned

6. Emergency Changes

Emergency changes may be implemented to restore service or address critical risks. Such changes are documented and reviewed retrospectively.

7. Segregation and Access

Where practicable, development, testing, and production environments are logically separated. Access to make changes is restricted to authorised personnel.

8. Documentation and Records

Records of significant changes are maintained in an appropriate format and retained for audit and operational purposes.

9. Review and Compliance

This policy is reviewed periodically and updated as required. Failure to comply may result in disciplinary or contractual action.

Approved by: Senior Management
Organisation: Flowbird Ltd
Review cycle: Annual or upon significant change