Controlled Maintenance SOP

  • 2 minutes to read

Purpose

This SOP establishes the guidelines for conducting maintenance on the OSC’s Information Systems to ensure security, compliance, and operational integrity. It includes requirements for maintenance tool approval, authorization, and documentation.

Scope

This procedure applies to all organizations utilizing Compliance-as-a-Service and is intended for internal use by the Organization seeking certification (OSC).

Section 1: Organization seeking certification (OSC) Steps

Step 1: Plan Maintenance Activities

  • Schedule maintenance in advance to minimize disruption.
  • Identify the required tools and verify they are listed in Appendix A.
  • Ensure personnel performing maintenance are qualified and follow best practices.

Step 2: Perform Scheduled Maintenance

  • Follow manufacturer guidelines and industry best practices.
  • Use only authorized tools as listed in Appendix A.
  • Conduct maintenance activities efficiently while ensuring minimal impact on system operations.

Step 3: Document and Review Maintenance Activities

  • Maintain detailed records of changes made, tests performed, and any issues encountered.
  • Retain maintenance documentation for no less than 90 days.
  • Conduct internal reviews to ensure compliance with organizational policies.

Section 2: Maintenance Management and Compliance

Managing Maintenance Procedures

  • Ensure maintenance tools remain authorized and up to date.
  • Review maintenance schedules to align with operational requirements.
  • Validate documentation to confirm changes made and issues resolved.
  • Retain maintenance records for compliance audits.

Post-Maintenance Review

  • Conduct periodic reviews of maintenance activities to ensure adherence to policies.
  • Revoke authorization for tools that no longer meet compliance standards.
  • Update maintenance procedures as required.

Appendix A: Approved Maintenance Tools

The following tools are authorized for maintenance on [ORGANIZATION] Information Systems:

  • Windows Optimize Drives (defragment and optimize)
  • Windows Disk Cleanup
  • Windows Performance Monitor
  • Windows Resource Monitor
  • Windows Event Viewer
  • Windows Quick Assist

Additionally, any FedRAMP-compliant maintenance tools may be used provided they align with organizational security policies.

Review & Maintenance

This SOP will be reviewed annually or as required based on updates to compliance regulations or organizational policies. Changes must be documented and approved prior to implementation.