CHANGE CONTROL FLOOR
ARB-572 · ServiceNow + GitOps + AAP · WBC / Westpac patterns · Sovereign governance at scale
The enterprise has ServiceNow. It has GitOps. It has AAP. But the change record is still manual. The approvals are still ticket-based. The audit trail is still a spreadsheet. The risk is still assessed by the person having the worst day. The EOSE pattern makes change control sovereign, auditable, AI-assisted, and GitOps-native — at Westpac scale.
WBC source: CDNET 111–118 10 patterns ServiceNow ITSM AAP execution GitOps source of truth
TIER 1
STANDARD
Pre-approved · fully automated · GitOps-native · zero human touch
TIER 2
NORMAL
Reviewed · AAP-executed · one human approval gate
TIER 3
MAJOR
CAB review · staged rollout · rollback verified pre-execution
TIER 4
EMERGENCY
Break-glass · post-hoc record · audit mandatory · no exceptions
10 change control patterns — WBC-sourced · CDNET-grounded · STE-6 scored
ServiceNow integration map
GitOps (PR/merge)
source of truth
ServiceNow sync
CMDB + Change
AI risk scoring
STE-6 dimensions
AAP execution
job template run
Audit back
immutable LSOS log
ServiceNow is the record system. GitOps is the source of truth. AAP is the execution engine. ServiceNow syncs FROM git — never the other way around.
change_request
The RFC — created from PR merge event
cmdb_ci
CIs affected — auto-discovered from IaC
sys_audit
Immutable audit trail — LSOS standard
task_ci
CI relationships per change task
change_task
Work items → maps to AAP job templates
STE-6 applied to change risk — each Canon axis = one risk dimension