In a small organization, developers may release emergency changes directly to production. Which
of the following will BEST control the risk in this situation?
A.
Approve and document the change the next business day
B.
Limit developer access to production to a specific timeframe
C.
Obtain secondary approval before releasing to production
D.
Disable the compiler option in the production machine
Explanation:
It may be appropriate to allow programmers to make emergency changes as long as they are
documented and approved after the fact. Restricting release time frame may help somewhat;
however, it would not apply to emergency changes and cannot prevent unauthorized release of
the programs. Choices C and D are not relevant in an emergency situation.