Can anybody offer me some advice on ultra secure change control for changes made to Active Directory settings? I am really after an opinion on what works for you (in your setup, and essentially so we can use some of the advice to form some ultra secure change control processes that satisfy our auditors.
We have a 3rd party IT FM, and recently an independent security review raised concerns the process of change control in the our network should be improved. I take there advice on board, and I really want to go to town ensuring change control procedures are super efficient and secure here, so I wondered if there are any good advice you can give us, i.e. the level of review and authorisation before a change goes live into our domains, the level of testing before a change goes live, the documented procedures we need to have in place from our side, and what the IT FM need on there side etc etc.
Any best practice will be helpful, or even any lessons learnt you found at your setup which perhaps failed audits / security reviews, and how you plugged the gaps to get your change control procedures ultra secure and satisfying these security reviews / external audits?