PDP-22 Rollback Plans

Estimated reading: 3 minutes 688 views

What is this control about?

Implementing the control ‘Rollback Plans’ is crucial for ensuring the integrity and stability of IT systems and applications within an organization. Rollback plans are contingency strategies that allow organizations to revert changes or updates to their IT environment to a previous state in case of unexpected issues or adverse outcomes resulting from system changes. X

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t used them.


Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version.

  • N/A: no template for this section

Control implementation

Here are some steps to implement a Rollback program.

  • Develop Rollback Procedures: Work with IT teams responsible for system changes and updates to develop detailed rollback procedures for each critical system. The rollback procedures should outline step-by-step instructions to revert changes to a known good state. Include information on backup restoration, configuration changes, and any additional tasks needed to restore the system.
  • Version Control and Configuration Management: Implement version control systems and configuration management tools to track changes made to system configurations and code. These tools will enable IT teams to manage and maintain a history of changes, making it easier to identify the need for rollback and select the appropriate version.
  • Backup and Recovery: Ensure that adequate backup and recovery mechanisms are in place for critical systems. Regularly back up system configurations, databases, and application code. Verify the integrity of backups periodically and keep them securely stored offsite or in a separate location from the production environment.
  • Testing and Validation: Test the rollback procedures in a controlled environment, such as a staging or testing environment, to ensure their effectiveness. Validate that the rollback process restores the system to a stable state without any adverse effects.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  • Version Control and Configuration Management Records: Auditors will examine version control and configuration management records to verify that changes made to critical systems are appropriately tracked and documented. This evidence helps ensure that the organization has the ability to identify the specific versions or configurations that require rollback.

Evidence example

For the suggested action, an example is provided below:

  • Version Control and Configuration Management Records

Screenshot source

PDP 22



Join the conversation

You might also be interested in

Documentation Templates

Documentation Templates are documents that provide a content outline to meet certain documentation needs....

Backup policy template – Download for free

The Data Backup Plan template helps you document in detail the data backup needs...

HR-13 Employee Handbook/Code of Conduct

HR-13 Employee Handbook or Code of Conduct communicates the organization’s values and ethics. It...

AUTH-1 Single Sign On (SSO)

Single Sign On (SSO) Control is a best practice recommendation for critical systems....

Security Incident Report Template

The Security Incident Report template helps you document the steps used to assess and...

BIZOPS-6 Disaster Recovery Testing

BIZOPS-6 Disaster Recovery Testing control refers to the exercise of identifying the critical systems...

PDP-10 SDLC – Separation of environments

PDP-10 SDLC Separation of Environments is important to maintain separate environments to develop, test,...

Privacy Committee Charter Template

Privacy Committee Charter serves as a foundational document, establishing the framework for the committee's...