1 Purpose
This policy ensures that changes to systems, software, and applications at Tree (tree.com.hk) are planned, reviewed, tested, and approved before going live.
2 Scope
This policy applies to changes affecting:
| System | Examples of Changes |
|---|---|
| File Server | Folder structure, permissions, storage upgrades |
| QuickBooks | Version upgrades, company file changes, integrations |
| POS System | Software updates, pricing setup, hardware replacement (Visa card payments via payment gateway — not stored locally) |
| Online Sales System | Feature updates, payment gateway integration, product catalog (Visa card data not stored on Tree systems) |
| Office Users + PCs | Software installs and OS updates (IT only — end users have no admin rights) |
Also covers network, security settings, and integrations between the above systems. Routine minor updates (e.g., security patches applied through standard IT processes) may follow a simplified process as defined by IT.
3 Policy
3.1 Change Request
- All significant changes must be requested and recorded before implementation.
- Each request should describe what is changing, why, who is affected, and when it will happen.
3.2 Review and Approval
- Changes must be reviewed by the responsible system owner or IT team.
- High-risk changes (e.g., QuickBooks upgrades, POS or online sales updates during business hours) require management approval.
- Emergency changes may be applied quickly but must be documented and reviewed afterward.
3.3 Testing
- Changes must be tested on the staging server before applying to production where possible.
- Testing should confirm the change works as expected and does not break existing functions.
3.4 Implementation
- Changes should be done during approved maintenance windows when practical.
- Major changes must be verified on the staging server first; only proceed to production after successful staging test.
- IT must keep a record of what was changed, when, and by whom.
3.5 Post-Change Review
- After implementation, the change should be checked to confirm it is working correctly.
- Any issues must be reported and resolved promptly.
4 Responsibilities
| Role | Responsibility |
|---|---|
| Requester | Submit change details and business justification |
| IT Team | Assess risk, test, implement, and document changes |
| Management | Approve high-risk or business-critical changes |
| End Users (tree.com.hk) | Report issues after changes; cannot install software — contact IT for software requests |
5 Review
This policy will be reviewed at least once per year.