In a small organization, developers may release emergency changes directly to production. Which of the
following will BEST control the risk in this situation?
A.
Approve and document the change the next business day
B.
Limit developer access to production to a specific timeframe
C.
Obtain secondary approval before releasing to production
D.
Disable the compiler option in the production machine
Explanation:
It may be appropriate to allow programmers to make emergency changes as long as they are documented and
approved after the fact. Restricting release time frame may help somewhat; however, it would not apply to
emergency changes and cannot prevent unauthorized release of the programs. Choices C and D are not
relevant in an emergency situation.