According to ITIL-aligned change-management best practices, which of the following best describes the classification and approval requirement for routine antivirus-definition updates that are automatically deployed to user workstations?
They are considered major changes that must be approved by executive management and scheduled during a maintenance window.
They are considered emergency changes that require Emergency CAB approval for each update.
They are considered standard changes that follow a documented, low-risk process and are pre-approved, so no CAB approval is needed for each instance.
They are considered normal changes that must be individually reviewed and authorized by the CAB before every deployment.
Routine antivirus-definition updates are low-risk, frequent and follow a documented procedure. They are therefore handled as standard changes, which are pre-authorized once and can be implemented repeatedly without requiring CAB review for each occurrence. Normal and major changes do require CAB or higher-level approval, while emergency changes are reserved for urgent fixes that cannot wait for normal scheduling.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a change board?
Open an interactive chat with Bash
What are standard operating procedures (SOPs) in IT?
Open an interactive chat with Bash
Why are significant changes different from routine updates?