Skip to content
Archived content. You are viewing v1 of SME Digital Advisor — the original multi-section site (risks, scenarios, policies, OWASP, flashcards). Go to current site →

Change control for growing businesses

Are changes being made safely, or just made?

Background

Many SMEs make changes informally: someone edits a live system, updates a spreadsheet, tweaks a database, or installs something directly — with no record and no way back. A formal CI/CD pipeline (the automated process for testing and releasing changes) is overkill for most SMEs — but the principles aren't.

Questions to ask yourself

  • Do we test changes before they go live?
  • Do we know what changed, when, and by whom?
  • Can we undo a bad change quickly?
  • Are suppliers making changes without clear records?
  • Are AI-generated changes being reviewed before going live?

What you can do today

Add change discipline without bureaucracy

Three lightweight habits.

  • 01Ask your IT supplier for “the last five changes you made.”
  • 02On business-critical spreadsheets, turn on Version History.
  • 03Set a 24-hour rule: no live change to a business-critical system goes in on a Friday afternoon.