Update 09_IT.md.md

Processes/09_IT.md.md

@@ -25,11 +25,11 @@ The IT department has to ensure that the IT systems are running according to the
 
 ### Permission changes
 
-Permissions for data access must be handled carefully and users should only receive permissions according to their functions and tasks (**R6**). A General permission overview can be found in the Permission List. This list contains a basic guideline for permission handling but can be deviated from in special situations. Deviations must be approved according to the Change Management policy by the respective HOD and IT department. 
+Permissions for data access must be handled carefully and users should only receive permissions according to their functions and tasks. A General permission overview can be found in the Permission List. This list contains a basic guideline for permission handling but can be deviated from in special situations. Deviations must be approved according to the Change Management policy by the respective HOD and IT department. (**R6**)
 
 ### Software changes
 
-New software or software updates must be tested by the IT team in a sandbox environment before they can get migrated to the live environment (**R5**). Generally, updates should be installed as soon as reasonably possible to ensure the newest security fixes, bug fixes and newest software features. See Change Management policy for further details. 
+New software or software updates must be tested by the IT team in a sandbox environment before they can get migrated to the live environment (**R7**). Generally, updates should be installed as soon as reasonably possible to ensure the newest security fixes, bug fixes and newest software features. The Change Management policy defines the testing and approval procedures for software. (**R8**)
 
 ### Additional guidelines