Change Control
Production config/customization changes as auditable, promotable artifacts (SDF-style config-as-code). Conformance = the share that went through the approved change process — the lineage behind the "Change-control conformance" KPI.
Release-cadence change risk (PG-8)
NetSuite ships two mandatory releases per year; weak release change management leaves residual IT SoD risk that must be monitored via audit-trail reports. Break-glass changes bypass the approved process and are tracked here as non-conformant.
Change records—
| Ref | Title | Type | Mechanism | Status | Conformant | Approver | Deployed |
|---|
Conformance is computed from these records (% conformant); where no records exist the KPI reads "—" rather than a fabricated number. Config-as-code changes are versioned and promoted sandbox→production (PRD_AUDIT §13.8.1 A.2 / PG-7).