firewall change request

["marck e." <marck.ernest () gmail com>]

I'm reviewing firewall change management procedure for our
organization.Infosec Dpt. shift which is small org unit , doesn't
cover full business hours in part because they don't operate IT
infrastructure.
We are struggling on the part of who should decide to approve or not
to approve the change requests.
Should be CISO or any of the two persons in Infosec Dpt.? Should CISO
read every firewall request and approve it?
Should Infosec Dpt. have its own operational area and create an
Securty Access Manager or something like that? Given that case, this
new function would review firewall and other type of authorization
change request
If Infosec Dpt. is not allowed to grow,who should be approver?

Thanks

M.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------