Title.
Also, I am writing up a firewall change management policy for class. The corporation it is for is a large company. Who approves firewall changes for this type of corporation? Is there a person specifically for this type of thing? What is their position title? Is it a collective of people?
Usually there is a change management team, they should be a mixture of people aware of the business processes that the company needs, and technically savvy IT people that can describe and defend the technical side of the changes needing to be done.
Low priority change management items can be approved by one person and then be implemented by the firewall admin. Low priority is not effecting anybody, merely opening up a port or two to add functionality for something new for example. Or remove an obsolete and outdated firewall rule not used anymore. ie. no noticeable effect to anyone.
For medium or high priority change items (ie. a change that is necessary for one reason or another but WILL disrupt some existing processes) there may be a change management team meeting once a week to discuss those changes. That way the change management team can weigh in on the changes, and everybody on the business process, and IT side, is fully aware of impending firewall changes.
Granted I am not the most experienced when it comes to this subject, but there you have a brief rundown as I have seen done.
Facebook
Twitter