Traditional IT processes supporting change management rely on a clear separation of the environments involved in the software development lifecycle (SDLC). Developments and Unit Tests are performed in the “Development” environments, Quality Assurance and User Tests are conducted in the User Acceptance Testing (UAT) environments, and the “Production” environment is the sacred place where only real-life transactions and activities are performed.

While this approach efficiently mitigates the IT risks related to the change management process, it’s based on how companies historically maintained and operated their information systems (fewer releases, central Enterprise Resource Planning system (ERP), fewer interfaced applications, etc.). Today, companies are moving toward more fluid and granular models, based on interconnected services versus “end-to-end” applications, making testing in UAT environments less relevant in terms of risk coverage and operability. Though the traditional waterfall model for the development lifecycle is no longer being adopted, we see the emergence of DevOps models, pushing the cannons of traditional IT General Control (ITGC) frameworks.