All documents PCM-v1.0

IT Policy

Program Change Management Policy

Tree (tree.com.hk) · Effective 2026-01-15

Prepared by

Max.chan@mediaworld.com.hk

Approved by

Date

2026-01-15

Version

PCM-v1.0

1 Purpose

This policy ensures that changes to systems, software, and applications at Tree (tree.com.hk) are planned, reviewed, tested, and approved before going live.

2 Scope

This policy applies to changes affecting:

SystemExamples of Changes
File ServerFolder structure, permissions, storage upgrades
QuickBooksVersion upgrades, company file changes, integrations
POS SystemSoftware updates, pricing setup, hardware replacement (Visa card payments via payment gateway — not stored locally)
Online Sales SystemFeature updates, payment gateway integration, product catalog (Visa card data not stored on Tree systems)
Office Users + PCsSoftware installs and OS updates (IT only — end users have no admin rights)

Also covers network, security settings, and integrations between the above systems. Routine minor updates (e.g., security patches applied through standard IT processes) may follow a simplified process as defined by IT.

3 Policy

3.1 Change Request

  • All significant changes must be requested and recorded before implementation.
  • Each request should describe what is changing, why, who is affected, and when it will happen.

3.2 Review and Approval

  • Changes must be reviewed by the responsible system owner or IT team.
  • High-risk changes (e.g., QuickBooks upgrades, POS or online sales updates during business hours) require management approval.
  • Emergency changes may be applied quickly but must be documented and reviewed afterward.

3.3 Testing

  • Changes must be tested on the staging server before applying to production where possible.
  • Testing should confirm the change works as expected and does not break existing functions.

3.4 Implementation

  • Changes should be done during approved maintenance windows when practical.
  • Major changes must be verified on the staging server first; only proceed to production after successful staging test.
  • IT must keep a record of what was changed, when, and by whom.

3.5 Post-Change Review

  • After implementation, the change should be checked to confirm it is working correctly.
  • Any issues must be reported and resolved promptly.

4 Responsibilities

RoleResponsibility
RequesterSubmit change details and business justification
IT TeamAssess risk, test, implement, and document changes
ManagementApprove high-risk or business-critical changes
End Users (tree.com.hk)Report issues after changes; cannot install software — contact IT for software requests

5 Review

This policy will be reviewed at least once per year.

Backup Plan Next: Data Classification