CM-12: Management Approval for Production Changes

Control Description

Each change to the in-scope applications and related databases must be approved by a member of management prior to promotion into the production environment. Update for all types of changes as applicable: application, database, operating system, configuration, infrastructure, firewalls, etc.

Plain Meaning

Before any change can be deployed to production, a manager must review and approve it. This applies to all types of changes including code updates, database modifications, infrastructure changes, configuration updates, and security settings. This ensures that someone in a leadership position has reviewed the change and understands its potential impact before it goes live.

---

Progressive Delivery capabilities in Jira Software

• Progressive Delivery capabilities in Jira Software
• Jira Release Approval Example

GitHub Pull Request Management Approval Workflow

Related Links

Official Documentation

• GitHub Branch Protection Rules
• GitHub CODEOWNERS
• GitHub Pull Request Reviews
• AWS EKS Deployment Strategies
• SOC 2 Change Management Requirements

Implementation Resources

• GitHub Actions for Approval Workflows
• ArgoCD for GitOps
• Kubernetes RBAC

Tools and Automation

• GitHub Branch Protection
• Slack API for Notifications
• Email Templates for Management Communication
• Pulumi for Infrastructure Management