change-management
Safeguard articles tagged "change-management" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Unapproved Change Risk in the Software Supply Chain
How unreviewed code, dependency, and pipeline changes create supply chain breaches like SolarWinds and XZ Utils - and how to detect them before attackers do.
SOC 2 Type II for Engineering Teams: What Auditors Actually Check
Auditors don't start with your policies — they sample your PRs, tickets, and access reviews. Here's what a SOC 2 Type II observation window actually tests, control by control.
SOX IT Controls Meet Software Controls
Sarbanes-Oxley IT general controls predate modern software delivery. Here's how change management, access, and segregation of duties controls actually look when applied to CI/CD pipelines and software components.
ISO 27001 Annex A Controls That Touch Your Build Pipeline
ISO 27001:2022 has 93 Annex A controls, and about a dozen land squarely on CI/CD. Here's the control-by-control map from clause number to pipeline artifact.
Security Impact Analysis for Dependency Updates
Updating a dependency is not just a version bump. Here is how to assess the security impact of dependency changes before they reach production.