A few weeks back, I described how to determine the risk level of a proposed change to a regulated IT system. I also talked about how the system risk level (SRL) and change risk level (CRL) work together to determine the level of rigor required to implement a proposed change without disrupting its validated state. […]