Content Options:

Content Options

View Options:


You are viewing the version of the document as on 2025-12-01.

CTPS 4.6 Requirement 5: Change management

CTPS 4.6.1R

1A critical third party must ensure that it has a systematic and effective approach to dealing with changes to a systemic third party service, including changes to the processes or technologies used to deliver, maintain or support a systemic third party service, including by:

  1. (1)

    implementing appropriate policies, procedures and controls to manage effectively the resilience of any change to a systemic third party service;

  2. (2)

    implementing any change to a systemic third party service in a way that minimises appropriately the risk of any CTP operational incident occurring; and

  3. (3)

    ensuring that prior to being implemented, any change is appropriately risk-assessed, recorded, tested, verified and approved.