Change Release Checklist

A change release checklist pulls together the key components of your change control process.

There are various change control steps to ensure system development activities are high quality; ie. reducing or avoiding bugs, performance issues, and security vulnerabilities in your software.


The modern approach to software development is using agile practices with short sprints for each release. Accordingly, the modern change controls are best formed into a release management checklist that holistically combines the key checks, approvals, and steps for the code changes that go into each release.


The Release Management Checklist is the detailed steps and responsibilities. The Change Control Policy sets the requirements and governance activities for your Engineering or development function. The Segregation of Duties is how to ensure the change control steps aren’t bypassed inappropriately. These three in combination can form your controlled approach to change management that meets industry security standards like SOC 2, ISO 27001, and the Consumer Data Right. 


What goes into a release management checklist? 


The checklist itself should reflect the requirements set out in your defined Change Management Policy. It translates these into a practical method of documenting and tracking the completion of those requirements. An “off the shelf” or “out of the box” checklist may help to get you started, but it should really be tailored to your company.


The checklist includes the steps and responsibilities of your developers, quality reviewers, management, and other related functions like customer support/success, system operations, and even sales and marketing. You should consider the level of detail included in this checklist to align to what works best in practice to both demonstrate the requirements were met but also provide a succinct and user-friendly tracker that is useful as a management tool. 


An example Change Release Checklist is included below to outline the type of steps that are usually captured.


The CDR Perspective


The Change Release Checklist pulls together activities that demonstrate Secure Coding, which is one of the 24 information security requirements.

  • Secure coding: Changes to the accredited data recipient’s systems (including its CDR data environment) are designed and developed consistent with industry-accepted secure coding practices, and are appropriately tested prior to release into the production environment.

About AssuranceLab


AssuranceLab is a modern cybersecurity audit firm. We're experts in the latest software and cloud providers. We guide your team through the compliance practices in a way that fits your environment and culture. We work closely with clients through our agile and collaborative approach; saving time, costs, and headaches along the way.


Change Release Checklist Example





Product Management

Backlog and sprint plan agreed




User stories defined




Acceptance criteria defined




Release plan agreed





Design work




Design work review








Peer review




Unit testing




Development team sign off





QA Plan and tests defined




Testing complete




Bugs logged




Defect resolution plan agreed




All defects resolved or signed off




QA team approval




Services & Internal Operations

Impact assessment completed




Impacted users advanced notification




User guides, training materials updated




Internal system documentation updated




Communications plan agreed




Internal teams notified, trained




Release Management

All changes tested and approved




Roll-back plan defined




Operations team approval




Released to production




Release notes sent




Post-implementation verification




Some additional information in one line