Change Control and Documentation

by Lori Kleckner

This month we look at section 10 of the NENA Security for Next Generation 9-1-1 (NG-SEC) document for direction regarding change control and documentation. 

Changes to the NG9-1-1 environment can cause rippling effects throughout the network and to any other connected resources. What may appear to be an innocuous change to an application could cause connecting applications and the network to stop functioning. A change which has not been documented may be unknown to others. This causes troubleshooting to be much more difficult. Without effective change control an organization may not ever truly know what exists in their environment or how their systems are configured. The lack of change control also makes upgrading more complicated.

 During assessments L.R. Kimball typically finds that change control processes are either incomplete or non-existent. By our accounts only about 15% of the sites assessed utilize an adequate change control process. 

Change Process

NG-SEC requires a formal change control process to be in place which includes a team of subject matter experts to review and approve proposed changes to architecture, design and functionality, prior to implementation. Basic change control includes:

• Change request
  • Description, justification, impact
• Change review
  • Possible conflicts and risks, complete information, approval
• Implementation timeline
  • Step – by – step process with dates
• Pre-change testing
  • Test environment which mimics production environment, test all steps in the process, update change request if needed
• Back out procedure (in case of failure)
  • Process required to return to the pre-cutover state
• Post change testing
  • List of systems or processes to test, assuring the production environment is functioning as expected
• Document and retain

All documents generated during the change process including lessons learned to aid future changes

Summary

Without a change control process in place, who knows what is going on with the network? What applications are installed, have patches been applied, what the firewall is filtering. It can be a confusing mess. You may end up purchasing a product and find out you already have one installed, but you do not know that because information was not shared, changes were made in pockets and not everybody was informed.

Our next NG-SEC blog will cover compliance audits and reviews; always a fun topic. Actually, if you do not have a change control process in place, an audit could be a good way to find out what is on your network.

DB's Corner - Aluminum Finishes

by Dennis Buirge

After being volunteered to write specifications approximately 25 years ago, I am still amazed at the knowledge base one must have to prepare accurate specifications.  This relates to not only knowing original material, but also keeping up with changes to industry standards and company mergers.  Feeling my oats regarding the knowledge of the aluminum finish standards, specifications for exterior sheet aluminum wall panels were prepared referencing AAMA 2605.  The manufacturer’s representative, upon review of the draft, politely informed me that the finish specification was improperly referenced.  Do you know why?

Decades ago while still a neophyte to writing specifications, someone was kind enough to explain potential finishes on aluminum products using American Architectural Manufacturers Association (AAMA) standards.  At that time, the AAMA standards used 3 digit numbers; however, the standards were revised to 4 digits around 1998.  A ‘good’ system coating currently referencing AMMA 2603 - Pigmented Organic Coatings on Aluminum Extrusions and Panels, formerly 603, uses thermosetting acrylics, polyamides (Nylon), polyolefins (polyethylene or polypropylene), and PVC (PolyVinyl Chloride) and essentially covers the lower end coating systems.  The ‘better’ and ‘best’ systems use PVDF (PolyVinyliDene Fluoride) or fluoropolymers, better known by their trade names of Kynar or Hylar and according to an internet website are the number one specified architectural coating for aluminum in the world. These systems use higher performing coatings such as aliphatic urethanes, super-durable siliconized polyesters, and PVDF powder coatings. AAMA 2604 - High Performance Organic Coatings on Aluminum Extrusions and Panels, formerly 604, contains a minimum of 50% by weight of either Kynar 500 or Hylar 5000 resin, while AAMA 2605 - Superior Organic Coatings on Aluminum Extrusions and Panels, formerly 605, contains a minimum of 70% by weight of either resin. These superior coatings exhibit superior color retention, chalk resistance, corrosion resistance, flexibility, stain resistance, and overall durability over AAMA 603 coatings.

 It was only several years ago that a lesson was learned regarding the difference of aluminum finishes and standards.  Wanting a superior two coat 70% fluoropolymer finish on the exterior sheet aluminum wall panels and related sheet trim, AAMA 2605 was specified.  The ‘draft’ version of the specification was transmitted to the manufacturer’s representative for technical review.  It was then of learning why AAMA 2605 finish does not always apply to aluminum.  But why?  The AAMA 2603 - 2605 series relates to an extruded aluminum substrate (ASTM B 221 - Aluminum and Aluminum-Alloy Extruded Bars, Rods, Wire, Shapes, and Tubes) … it does not apply to a sheet coil coated aluminum substrate (ASTM B 209 - Aluminum and Aluminum-Alloy Sheet and Plate).  So then, what is the proper reference?  Specify AAMA 620 for sheet aluminum substrates and AAMA 621 for sheet steel substrates.  As Ricky Nelson sang in the 1972 chorus of Garden Party, “I learned my lesson well”.