Control 4.12: Change Management for Copilot Feature Rollouts — Verification & Testing
Test cases and evidence collection procedures for Copilot change management processes.
Test Cases
Test 1: Message Center Monitoring Coverage
- Objective: Verify that all Copilot-related Message Center announcements are captured and reviewed
- Steps:
- Run the Message Center monitoring script.
- Compare the results with the Message Center in the Admin Center portal.
- Verify no Copilot announcements were missed.
- Confirm notification emails were delivered to the designated recipients.
- Expected Result: All Copilot Message Center announcements are captured and delivered to stakeholders.
- Evidence: Script output compared with Admin Center list and notification email samples.
Test 2: Targeted Release Validation Process
- Objective: Confirm that new Copilot features are validated in the targeted release group before general rollout
- Steps:
- Identify a recent Copilot feature that was released via targeted release.
- Verify the feature was available to the validation group before general users.
- Confirm a validation assessment was completed and documented.
- Verify the CAB approved the general rollout after validation.
- Expected Result: Feature was validated in the targeted group with documented assessment and CAB approval.
- Evidence: Validation assessment document and CAB approval record.
Test 3: Change Advisory Board Process Compliance
- Objective: Validate that all Copilot configuration changes follow the CAB process
- Steps:
- Run the configuration change audit script for the last 90 days.
- Cross-reference each change with the change management log.
- Verify each Normal change has CAB approval documentation.
- Identify any unauthorized changes (changes without CAB approval).
- Expected Result: All Normal and Emergency changes have proper documentation and CAB approval.
- Evidence: Change audit report with CAB approval cross-reference.
Test 4: Rollback Procedure Validation
- Objective: Confirm that Copilot feature changes can be rolled back if issues are discovered
- Steps:
- Select a recent Copilot configuration change.
- Review the documented rollback plan for that change.
- Execute the rollback procedure in a test environment (if possible).
- Verify the rollback restores the previous configuration state.
- Expected Result: Rollback procedure successfully reverts the change with documented steps.
- Evidence: Rollback test results showing pre-change and post-rollback configuration.
Evidence Collection
| Evidence Item |
Source |
Format |
Retention |
| Message Center notifications |
PowerShell/Email |
CSV/Email |
1 year |
| Change impact assessments |
Change management |
Document |
7 years |
| CAB meeting minutes |
CAB meetings |
Document |
7 years |
| Configuration change audit |
PowerShell |
CSV |
1 year |
Compliance Mapping
| Regulation |
Requirement |
How This Control Helps |
| FFIEC Operations Booklet |
Change management for IT systems |
Supports compliance with change management requirements |
| SOX 404 |
IT change controls |
Helps meet change management controls over financial systems |
| OCC Heightened Standards |
Controlled technology changes |
Supports expectations for governance of technology changes |
Next Steps