Significant Change Process

The Significant Change Process specifies how agencies detect, document and evaluate major modifications to a cloud service that could affect its security posture, requiring a reassessment and possible re-authorization. It establishes criteria, responsibilities and timelines for impact analysis, updates to the system security plan, and approval procedures to ensure continued compliance with federal risk management requirements.