Change Management Policy

This Change Management Policy is effective dated: June 01, 2024

Control Document: GEF-PP-017, Ver. 1.0

Purpose

The purpose of this Change Management Policy is to ensure that all changes to galaxefi‘s (“Company”) information systems, infrastructure, and business processes are managed in a controlled and systematic manner. This policy aims to minimize the risk of disruption, maintain the integrity of services, and ensure compliance with legal and regulatory requirements.

Scope

This policy applies to all employees, contractors, vendors, and other stakeholders involved in initiating, approving, implementing, or managing changes to the Company’s information systems, infrastructure, and business processes. It covers:

  • Software and hardware changes
  • Network and infrastructure changes
  • Business process changes
  • Configuration changes

Definitions

  • Change: Any addition, modification, or removal of information systems, infrastructure, or business processes that could impact services.
  • Change Request: A formal proposal for a change, including details of the change, its rationale, and its potential impact.
  • Change Management Committee (CMC): A group responsible for reviewing, approving, and overseeing changes.
  • Emergency Change: A change that must be implemented immediately to resolve a critical issue or mitigate a significant risk.

Objectives

The Company aims to achieve the following objectives:

  • Ensure changes are introduced in a controlled and coordinated manner.
  • Minimize the risk of disruptions to services.
  • Ensure changes are documented and traceable.
  • Maintain compliance with legal, regulatory, and contractual requirements.
  • Improve the efficiency and effectiveness of change implementation.

Change Management Process

Change Request Submission

  • All changes must be initiated through a Change Request (CR) submitted to the Change Management Committee.
  • The CR must include a detailed description of the change, its rationale, potential impact, risk assessment, and rollback plan.

Change Review and Approval

  • The CMC will review the CR to assess its feasibility, risks, and impact on existing systems and processes.
  • The CMC will categorize the change as:
    • Standard Change: Pre-approved, low-risk changes that follow a predefined process.
    • Normal Change: Changes that require review and approval by the CMC.
    • Emergency Change: Urgent changes that require expedited review and approval.
  • The CMC will approve or reject the CR based on its assessment.

Change Planning

  • Approved changes will be planned in detail, including scheduling, resource allocation, and communication plans.
  • A change implementation plan will be developed, outlining the steps required to implement the change and the associated timeline.

Change Implementation

  • The change will be implemented according to the approved plan.
  • All relevant stakeholders will be informed of the change implementation schedule and potential impact.
  • Changes must be implemented in a controlled manner, with appropriate monitoring to ensure they proceed as planned.

Change Testing and Validation

  • Changes must be tested in a controlled environment before being applied to production systems.
  • Testing must ensure that the change achieves its intended objectives without introducing new issues.
  • Validation must confirm that the change has been implemented successfully.

Change Documentation

  • All changes must be documented, including the CR, implementation plan, testing results, and post-implementation review.
  • Documentation must be stored in a centralized repository accessible to relevant stakeholders.

Post-Implementation Review

  • A post-implementation review must be conducted to assess the success of the change and identify any issues or lessons learned.
  • Feedback from the review will be used to improve future change management processes.

Roles and Responsibilities

  • Change Management Committee (CMC): Responsible for reviewing, approving, and overseeing changes. The CMC may include members from IT, security, operations, and other relevant departments.
  • Change Requester: Responsible for submitting the CR and providing necessary details for review.
  • IT Department: Responsible for implementing changes and ensuring technical feasibility.
  • Business Units: Responsible for assessing the impact of changes on business processes and ensuring alignment with business objectives.
  • Employees and Stakeholders: Responsible for adhering to change management procedures and participating in testing and validation activities.

Emergency Change Procedures

  • Emergency changes must be reviewed and approved by the CMC on an expedited basis.
  • The CR for an emergency change must include a clear justification for the urgency and potential risks.
  • Emergency changes must be documented and reviewed after implementation to ensure proper controls were maintained.

Policy Review and Updates

  • This policy will be reviewed annually and updated as necessary to ensure its effectiveness and alignment with industry best practices and regulatory requirements.
  • Changes to this policy will be communicated to all employees and stakeholders.

Quick Contact

By adhering to this Change Management Policy, galaxefi commits to ensuring that all changes are managed in a controlled, efficient, and effective manner, minimizing risks and ensuring the integrity of its information systems and business processes. For questions or concerns about this Policy, please use the following form: