ISO/IEC 27001 methodology for mitigating change management risks in critical telecommunications systems

Abstract

In telecommunications companies, critical information systems play an essential role in ensuring business continuity and the delivery of quality services. However, these systems are subject to changes and/or updates due to rapid technological evolution, the need for process improvement, and compliance with regulatory standards. If these modifications are not properly managed, they can introduce significant risks, such as system failures, unauthorized access, or loss of data integrity.

Despite the importance and necessity of implementing robust controls in change management, many organizations lack a systematic methodology to mitigate these risks effectively. This is exacerbated in critical environments where a lack of confidentiality, integrity, and availability (CIA) of systems can lead to service interruptions, reputational damage, and substantial economic losses.

In this context, the need arises to design an information security methodology based on the ISO/IEC 27001 standard, with the objective of preventing Information Technology (IT) risks associated with change management in critical systems. This approach seeks to strengthen technological governance and ensure that modifications are carried out in a controlled and effective manner, minimizing vulnerabilities and ensuring operational continuity.