| 1. A CM plan shall be established and implemented, and the CM plan shall include how software change requests (SCRs) are prepared, submitted, processed, and tracked. |
2. The IAM/IAO and the site’s lead developer/programmer shall authorize and document the roles, responsibilities, and privileges for all personnel allowed to make software development changes.
3. The System Administrator shall institute access controls limiting the software developer accounts to the minimum number of privileges needed to perform their assigned duties.