What kind of things in a windows environment, i.e. users/computers/servers/AD would typically go through "change control"?
90% of our IT service is outsourced - and we dont have a documented change management policy.
However - if for example we want a new user setting up - it can be logged as a service request - but it needs approval from either our in house IT managers before it is ok'd and the 3rd party can set them up in AD. Does that constiture effective change control?
Do we need a documented policy if our call logging system enforces approval?
WHeres the risk of us not having an internal change control documented policy?
And what other areas in windows could we test to see certain activities went through change control?