Is Modifying a Security Setting a Change

March 28th, 2014 | Posted by Don Boylan in Change Management | Configuration Management

We are using Oracle ERP and want to change the restriction on passwords from 6 characters to 8 characters. This will be done through standard functionality within the application.

Can anyone tell me if they consider this a candidate for the CM process?

It seems that we are taking CM a little to far when we start reaching into application provided functionality.


It sounds like you talking about making a change that will affect both written organizational Policies and affect training documentation. If this is the case, and you have version controlled your documents, then yes. You are in fact making a change that will affect the Attributes of items that should be considered Configuration Items. But the Configuration Items whose attributes are changing may not be the application’s, they may be the documentation surrounding the application.

I say “should be” because I don’t know how mature your Configuration Management process is. But even if your Config process is non-existent, you should think in terms of “Would  this change affect hardware, software, or associated documentation that should be kept in a controlled state?”

You can follow any responses to this entry through the RSS 2.0 You can leave a response, or trackback.

Leave a Reply

Your email address will not be published. Required fields are marked *