Allow Lists and Deny Lists

• An Allow List specifies entities permitted to access a resource
• A Deny List lists entities prevented from accessing a resource
• Review both lists when proposing changes to prevent unintended access restrictions or grants
• Essential for maintaining system functionality and security

Restricted Activites

• Certain tasks labeled as ‘restricted’ due to their impact on system health or security
• Verify proposed changes for any restricted activities
• Prevent data breaches and operational disruptions by understanding restrictions

Downtime

• Any change, even minor, carries the risk of causing dowintime
• Estimate potential downtime and assess its negative effects against benefits
• Schedule changes during maintenance windows to minimize impacts on end users

Service and Application Restarts

• Some changes, like installing security patches, require service or application restarts
• Restarting critical services can be disruptive, potentially causing data loss or backlog
• Consider the implications of restarts, especially for key servers

Legacy Applications

• Older software or systems still in use due to functionality and user needs
• Legacy applications are less flexible and more sensitive to changes