Change Management¶
Classification: CONFIDENTIAL — Internal Use Only
The GPUS-IT Change Management program ensures that all modifications to infrastructure are planned, reviewed, tested, and documented before being applied to production. It protects system stability, preserves the audit trail required by CIS Controls and PCI DSS, and prevents unintended outages.
Scope¶
All changes to production systems are in scope, including:
- Configuration changes on SKY, RAIN, SUN, or WIND
- DNS zone file additions, modifications, or deletions
- DHCP reservation or pool changes
- Firewall rule additions or removals
- OS updates, package installs, or kernel changes
- GCP infrastructure changes (Terraform, Cloud Run, VPN, firewall)
- Backup configuration or retention policy changes
- Any change that modifies files tracked by AIDE
Change Types¶
| Type | Definition | Approval Required | Lead Time |
|---|---|---|---|
| Standard | Pre-approved, low-risk, well-understood procedure (e.g., adding a DHCP reservation) | Pre-approved template | None |
| Normal | Planned change requiring review before implementation | IT Manager or delegate | ≥ 24 hours |
| Emergency | Unplanned change required to restore service or address a P1/P2 incident | IT Manager verbal approval | Immediate; document within 2 hours |
Sections¶
| Document | Purpose |
|---|---|
| Change Management Policy | Mandatory requirements and governance |
| Change Procedure | Step-by-step process for Normal and Standard changes |
| Change Log | Running record of all production changes |
| Standard Change Templates | Pre-approved templates for common tasks |
Integration with Infrastructure Operations¶
Every change completed on SKY, RAIN, SUN, or WIND must also complete the Post-Change Checklist: AIDE baseline update, asset inventory log entry, and DNSSEC re-sign if zone files were modified.
Change Management · v1.1 · 2026-03-14 · GPUS-IT · Classification: CONFIDENTIAL — Internal Use Only