CHNG-10

Do you have a fully implemented solution support strategy that defines how many concurrent versions you support?

Explanation

This question is asking whether your organization has a formal strategy for supporting different versions of your software or service, specifically how many concurrent versions you maintain at any given time. In security terms, this matters because older, unsupported versions may contain unpatched vulnerabilities that pose security risks. A clear version support policy helps customers understand when they need to upgrade to maintain security compliance and receive security updates. The guidance specifically asks you to list the current version you support and what percentage of customers are using that version. This helps the assessor understand if most of your customers are on secure, supported versions or if there's a significant portion using potentially vulnerable older versions. A good answer should include: 1. Confirmation that you have a documented version support policy 2. The number of concurrent versions you support (e.g., the current version and one previous version) 3. The specific version numbers currently supported 4. The percentage of customers on each supported version 5. Your approach to end-of-life notifications and migration support This question helps organizations evaluate the security risk of adopting your solution based on how well you manage the lifecycle of your product versions.

Guidance

List the current version you support and what percentage of customers are utilizing that version.

Example Responses

Example Response 1

Yes, we have a fully implemented solution support strategy We support two concurrent versions of our platform: the current version (v4.2) and one previous version (v4.1) Currently, 78% of our customers are on v4.2, while 22% remain on v4.1 We provide security updates for both versions When a new version is released, we notify customers using the previous version that they have 6 months to upgrade before that version reaches end-of-life status We provide detailed migration guides and optional professional services to assist with version upgrades.

Example Response 2

Yes, our company maintains a formal version support policy that defines our approach to concurrent version support We currently support three concurrent versions of our software: the current release (v7.5.2) and two previous major versions (v6.8.4 and v5.9.7) The distribution of our customer base across these versions is as follows: 65% on v7.5.2, 25% on v6.8.4, and 10% on v5.9.7 All supported versions receive security patches, though feature updates are only provided for the current version We communicate our version support roadmap quarterly to customers and provide at least 12 months' notice before any version reaches end-of-life status.

Example Response 3

No, we currently do not have a fully implemented solution support strategy that defines how many concurrent versions we support We generally focus on maintaining our latest version (currently v2.3) with approximately 60% of our customers using it, while the remaining 40% use various older versions We address security issues on a case-by-case basis across all versions still in use by customers, but we don't have a formal policy defining version support timelines or end-of-life procedures We recognize this as a gap in our processes and are currently developing a formal version support strategy that we expect to implement within the next quarter.

Context

Tab: Organization
Category: Change Management