Change Release Checklist

Written by Paul Wenham | May 12, 2021 2:03:39 AM

A change release checklist pulls together the key components of your change control process.

There are various change control steps to ensure system development activities are high quality; ie. reducing or avoiding bugs, performance issues, and security vulnerabilities in your software.

 

The modern approach to software development is using agile practices with short sprints for each release. Accordingly, the modern change controls are best formed into a release management checklist that holistically combines the key checks, approvals, and steps for the code changes that go into each release.

 

The Release Management Checklist is the detailed steps and responsibilities. The Change Control Policy sets the requirements and governance activities for your Engineering or development function. The Segregation of Duties is how to ensure the change control steps aren’t bypassed inappropriately. These three in combination can form your controlled approach to change management that meets industry security standards like SOC 2, ISO 27001, and the Consumer Data Right. 

 

What goes into a release management checklist? 

 

The checklist itself should reflect the requirements set out in your defined Change Management Policy. It translates these into a practical method of documenting and tracking the completion of those requirements. An “off the shelf” or “out of the box” checklist may help to get you started, but it should really be tailored to your company.

 

The checklist includes the steps and responsibilities of your developers, quality reviewers, management, and other related functions like customer support/success, system operations, and even sales and marketing. You should consider the level of detail included in this checklist to align to what works best in practice to both demonstrate the requirements were met but also provide a succinct and user-friendly tracker that is useful as a management tool. 

 

An example Change Release Checklist is included below to outline the type of steps that are usually captured.

 

The CDR Perspective

 

The Change Release Checklist pulls together activities that demonstrate Secure Coding, which is one of the 24 information security requirements.

  • Secure coding: Changes to the accredited data recipient’s systems (including its CDR data environment) are designed and developed consistent with industry-accepted secure coding practices, and are appropriately tested prior to release into the production environment.

About AssuranceLab

 

AssuranceLab is a modern cybersecurity audit firm. We're experts in the latest software and cloud providers. We guide your team through the compliance practices in a way that fits your environment and culture. We work closely with clients through our agile and collaborative approach; saving time, costs, and headaches along the way.

 

Change Release Checklist Example

Task

Owner

Status

Comments

Product Management

Backlog and sprint plan agreed

 

 

 

User stories defined

 

 

 

Acceptance criteria defined

 

 

 

Release plan agreed

 

 

 

Development

Design work

 

 

 

Design work review

 

 

 

Development

 

 

 

Peer review

 

 

 

Unit testing

 

 

 

Development team sign off

 

 

 

Testing

QA Plan and tests defined

 

 

 

Testing complete

 

 

 

Bugs logged

 

 

 

Defect resolution plan agreed

 

 

 

All defects resolved or signed off

 

 

 

QA team approval

 

 

 

Services & Internal Operations

Impact assessment completed

 

 

 

Impacted users advanced notification

 

 

 

User guides, training materials updated

 

 

 

Internal system documentation updated

 

 

 

Communications plan agreed

 

 

 

Internal teams notified, trained

 

 

 

Release Management

All changes tested and approved

 

 

 

Roll-back plan defined

 

 

 

Operations team approval

 

 

 

Released to production

 

 

 

Release notes sent

 

 

 

Post-implementation verification