Section 21: Change Management

Q: What does Section 21 of The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR) deal with?

Section 21 TITCAR pertains to "Change Management". It is part of the The Information Technology (Certifying Authorities) Rules, 2000, a legislation enacted by the Parliament of India. Section 21 of The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR) governs change Management. As verified on 19 May 2026.

Q: Is Section 21 TITCAR still in force?

Yes, Section 21 of the The Information Technology (Certifying Authorities) Rules, 2000 is currently in force across the Republic of India.

Q: What is धारा 21 TITCAR?

धारा 21 TITCAR is the Devanagari Hindi reference for Section 21 of the The Information Technology (Certifying Authorities) Rules, 2000. Section 21 of The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR) governs change Management. As verified on 19 May 2026.

Q: What is Dhara 21 TITCAR?

Dhara 21 TITCAR is the Roman Hindi reference for Section 21 of the The Information Technology (Certifying Authorities) Rules, 2000. "Dhara" means "Section" in Hindi. Section 21 of The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR) governs change Management. As verified on 19 May 2026.

Q: How to cite Section 21 of The Information Technology (Certifying Authorities) Rules, 2000?

Cite as: "Section 21, The Information Technology (Certifying Authorities) Rules, 2000 (TITCAR)" in legal briefs. For academic writing, use the BlueBook format: The Information Technology (Certifying Authorities) Rules, 2000, § 21 (India).

Law on Tips Editorial Board

21.1

Change Control.-(1) Procedures for tracking and managing changes in application software, system software, hardware and data in the production system shall be established. Organisational responsibilities for the change management process shall be defined and assigned.

(2)

A risk and impact analysis, classification and prioritisation process shall be established.

(3)

No changes to a production system shall be implemented until such changes have been formally authorised. Authorisation procedures for change control shall be defined and documented.

(4)

Owners/Users shall be notified of all changes made to production system which may affect the processing of information on the said production system.

(5)

Fall-back procedures in the event of a failure in the implementation of the change process shall be established and documented.

(6)

Procedures to protect, control access and changes to production source code, data, execution statements and relevant system documentation shall be documented and implemented.

(7)

Version changes of application software and all system software installed on the computer systems and all communication devices shall be documented. Different versions of application software and system software must be kept in safe custody.

21.2

Testing of Changes to Production System.-(1) All changes in computer resource proposed in the production system shall be tested and the test results shall be reviewed and accepted by all concerned parties prior to implementation.

(2)

All user acceptance tests in respect of changes in computer resource in production system shall be performed in a controlled environment which includes: (i) Test objectives, (ii) A documented test plan, and (iii) Acceptance criteria.

21.3

Review of Changes.-(1) Procedures shall be established for an independent review of programme changes before they are moved into a production environment to detect unauthorised of malicious codes.

(2)

Procedures shall be established to schedule and review the implementation of the changes in computer resource in the production system so as to ensure proper functioning.

(3)

All emergency changes/fixes in computer resource in the production system shall be reviewed and approved.

(4)

Periodic management reports on the status of the changes implemented in the computer resource in the production system shall be submitted for management review.