Skip to Content

Security & Compliance

Lynx Compliance - Change Management Bridge

Turns lynx_change_management activity into compliance evidence: tamper-evident audit-log emit on state transitions, auto-evidence collectors for CCM CCC family + ISO A.8.32 + CSF PR.PS-01, finding scanners for unauthorized / overdue / failed changes.

Talk to sales See pricing

lynx_compliance_change_management · v19.0.1.0.0 · Premium

What this solves

Lynx Compliance - Change Management Bridge

Promote your day-to-day ITIL change records into tamper-evident, audit-ready evidence for ISO 27001 A.8.32, CSF PR.PS-01, and CSA CCM CCC controls - without duplicating data into a separate GRC tool.

Most teams already run change management; the auditor still asks for "evidence". This bridge wires every state transition into the hash-chained audit log, seeds auto-evidence collectors for the relevant control families, and runs finding scanners that catch the policy violations auditors look for first - emergency changes without a PIR, high-risk changes without a test plan, drift between scheduled and actual implementation.

Key Features

  • Tamper-evident change history - every submit/approve/reject/start/complete/cancel emits a hash-chained audit event.

  • Pre-seeded collectors - control evidence pre-mapped to CSA CCM v4 (CCC-01/02/04/08/09), ISO 27001:2022 A.8.32, and NIST CSF 2.0 PR.PS-01.

  • Finding scanners - flags emergency changes missing a post-implementation review, high-risk changes without a test plan, approved changes overdue past scheduled end, and template-bypass auto-approvals.

  • Evidence whitelist extension - maintenance.request and lynx.cmdb.service become selectable evidence on any control assessment.

  • Risk-tiered escalation - high-risk and emergency changes raise compliance findings at higher severity for faster CISO attention.

Integrates With

  • lynx_change_management - the source of change records.

  • lynx_compliance_audit_log - state transitions land in the tamper-evident chain.

  • lynx_compliance_evidence_collectors - the seeded collectors run on the standard cron.

Depends on

mail lynx_compliance lynx_base base lynx_compliance_evidence_collectors lynx_compliance_audit_log lynx_change_management lynx_license_enforcer

Try Lynx Compliance - Change Management Bridge on your team.

Free trial, no credit card. Talk to sales when you're ready.

Start free trial Browse all modules