IT CHANGE MANAGEMENT POLICY
|
|
- Sharyl Williams
- 7 years ago
- Views:
Transcription
1 IT CHANGE MANAGEMENT POLICY Effective Date May 19, 2016 Crss-Reference 1. IT Operatins and Maintenance Plicy 2. IT Security Incident Management Plicy Respnsibility Apprver Review Schedule 1. Plicy Statement Directr, Infrmatin Technlgy Executive Cuncil Every 5 years Appendices 1. IT Management Guidelines 2. Sample Request fr (RFC) 1.1 Grande Prairie Reginal Cllege ( GPRC r the Institutin ) frmally manages changes t its Infrmatin Technlgy ( IT ) resurces t prevent disruptins t the stability r integrity f Institutin IT systems, applicatins and data. 2. Backgrund 2.1 Uncntrlled changes t IT systems and applicatins culd ptentially result in significant system disruptin, data crruptin r lss. A frmalized IT change management prcess is designed t ensure that changes are authrized and perate as intended. 3. Plicy Objective 3.1 The bjective f this plicy is t define frmal requirements t manage changes t IT systems and applicatins, in rder t prevent unscheduled disruptin, data crruptin r lss. 4. Scpe 4.1 This plicy applies t: 5. Definitins All IT systems r applicatins managed by GPRC that stre, prcess r transmit infrmatin, including netwrk and cmputer hardware, sftware and applicatins, mbile devices, and telecmmunicatin systems All change requests t IT systems and applicatins, including standard, minr, majr and emergency changes. 5.1 IT is a planned mdificatin t an IT system. 5.2 Emergency IT is an unplanned mdificatin t an IT system that requires immediate implementatin t crrect an imprtant issue, such as a disruptin r utage f service. 5.3 Advisry Bard (CAB) is a grup f peple that make decisins related t majr changes t IT systems. Members f the CAB include the IT Directr and IT Managers. IT Prject Managers and system wners affected by the change are included, where applicable. The chair f the CAB is the IT Directr. Page 1 f 12
2 5.4 Emergency Advisry Bard (ECAB) is a grup f peple that make decisins related t high-impact emergency changed t IT systems. Members f the ECAB include the IT Directr and IT Managers. IT Prject Managers and system wners affected by the change are included when time permits. The chair f the ECAB is the IT Directr. 5.5 Apprver is the IT Manager/Directr that is respnsible fr apprving a minr change, bringing a majr change t the CAB fr apprval, r an emergency change t the ECAB fr apprval. 5.6 Manager is the IT staff member that is respnsible fr ensuring that the dcumentatin, testing, and implementatin f a change is cmplete. 5.7 Requestr is the user that initiates the change request. 6. Guiding Principles 6.1 The IT Department will apply a frmal apprach t managing IT systems and applicatins changes. 6.2 s t IT systems and applicatins must be managed in accrdance with the IT Management Guidelines cntained in Appendix All change requests must be: Classified befre being prcessed. The level f analysis, apprval and testing must be aligned with the change classificatin level in rder t address ptential risks Apprved prir t cmmencing the change r develpment, and prir t implementing the fully tested change int the live envirnment Dcumented befre, during and after implementatin. See Appendix 2 fr a sample f the type f infrmatin required fr a Request fr ( RFC ). 6.4 Business value, business risks, technical risks (including ptential impact t perfrmance and security risks), as well as csts must be frmally cnsidered befre authrizing changes. 7. Rles and Respnsibilities Stakehlder Respnsibilities Executive Cuncil Apprve and frmally supprt this Plicy. Vice-President Administratin IT Directr Review and frmally supprt this Plicy. Develp and maintain this Plicy. Take practive steps t reinfrce cmpliance f all stakehlders with this Plicy. Cmmunicate with the Institutin, directly r thrugh Institutin representatives, in infrmal r frmal instances, t understand the Institutin needs and expectatins, explain the capabilities f the existing technlgy in prductin, and facilitate the prcess t manage change requests. Reprt t the Vice-President Administratin, the President and CEO as well as the Bard f Gvernrs. Page 2 f 12
3 8. Exceptins t the Plicy 8.1 Exceptins t the guiding principles in this plicy must be dcumented and frmally apprved by the IT Directr, with evidence f supprt frm the apprpriate Vice-President. 8.2 Plicy exceptins must describe: 9. Inquiries The nature f the exceptin A reasnable explanatin fr why the plicy exceptin is required Any risks created by the plicy exceptin Evidence f apprval by the IT Directr 9.1 Inquiries regarding this plicy can be directed t the IT Directr. 10. Amendments (Revisin Histry) 10.1 Amendments t this plicy will be published frm time t time and circulated t the Institutin cmmunity. Page 3 f 12
4 Appendix 1 IT Management Guidelines All change requests must be managed accrding t the principles illustrated in this flwchart diagram: 1. Request fr a t IT Systems 1.1. Identificatin f the need fr a frmal change request A new request fr change can be initiated by any user The need fr an IT change can be the result f an IT incident r prblem, a new system release, r a specific request, including, fr example: Cmmissining r decmmissining an IT system r service Mdifying a system cnfiguratin that requires IT invlvement Develping, cding, scripting, r prgramming a system r applicatin Patching and updating system firmware, perating system r sftware Making bulk changes t systems and data in prductin, utside f standard business peratins r applicatin functinality prcesses Mdifying security grup, rles and privileges Mdifying the security cnfiguratin f IT systems, applicatins and netwrks IT change requests must be first prcessed by the Help Desk, a representative frm IT r the IT Directr, wh will cnfirm the need t submit a frmal request, r identify alternative ptins where apprpriate Dcumentatin f changes The change request must be dcumented in the request tracking system (Matadr Calls/Wrk Lg), and the change management fields must be filled in. The requested change must: Identify the change requestr, change reviewers, change resurces, change manager, and change apprvers Cntain sufficient details t facilitate a clear assessment f the risk and demnstrate sufficient planning Be cmmunicated t the apprpriate stakehlders fr validatin and assessment, and be apprved thrugh the tracking system befre implementatin. Page 4 f 12
5 The change manager is respnsible fr ensuring that: The initial classificatin f the change request is accurate All required dcumentatin is recrded (as per sectin 2.1) All required apprvals are in place (as per sectin 2.1) befre starting r implementing the change Status updates, such as apprval and cmpletin status, are maintained thrughut the life cycle f the change (frm creatin t cmpletin, r cancellatin). 2. Classificatin, Review and Apprval f new Requests 2.1. classificatin There are fur types f IT changes as fllws: Type Emergency Majr Criteria A change that requires immediate implementatin t crrect an imprtant issue, such as a disruptin r utage f service. Examples f emergency changes include: repairing an IT service issue that severely impacts the business, r a situatin that requires immediate actin t either restre a service r prevent an utage. An emergency change requires: Sufficient review and discussin with all impacted and invlved parties, including business users, the IT Manager f the team perfrming the change, and members f the ECAB. Apprval by the ECAB prir t implementatin. Testing may be reduced, r nt perfrmed altgether if necessary, and may be perfrmed after implementatin. Submissin f a frmally dcumented change request within ne business day after the issue has been reslved. Pst-implementatin review. Presentatin and discussin at the next CAB meeting. A change that is high risk and cmplex, with a significant ptential impact t prductin services, and limited backup/recvery in the event f an issue. A majr change requires: Frmal review and discussin with all impacted and invlved parties, including business users, the IT Manager f the team perfrming the change. Frmal testing. Frmal review and apprval by the CAB prir t implementatin. Frmal pst-implementatin review. Supprting Dcumentatin Dcumentatin can be prvided after the change has been implemented. Request ECAB apprval Pst-implementatin review Request Risk assessment Design/Slutin dcumentatin Implementatin plan Test plan Test results Back-ut plan Outage ntificatin CAB apprval Pst-implementatin review Page 5 f 12
6 Type Minr Standard Criteria A change that is lw risk and well understd, with a limited ptential impact t prductin services, is sufficiently tested prir t implementatin and is easy t back-ut in the event f an issue. A minr change requires review and apprval by the manager f the team perfrming the change. A change that is lw risk and relatively cmmn, where the implementatin fllws a simple dcumented prcedure r wrk instructin. Fr example, passwrd reset r prvisin f standard equipment t users. A standard change fllws a frmal prcedure r wrk instructin that has been authrized in advance. Supprting Dcumentatin Request Risk assessment Back-ut plan Remediatin plan r apprach Apprval by manager Standard Prcedure Authrizatin 2.2. review and analysis Business value, business risk, technical risk, and cst must be assessed as part f a frmal review f new change requests, by stakehlders frm the Institutin and IT Business value and risk includes the fllwing: Value t Institutin peratins and alignment with business bjectives and requirements Ptential impact and risk t Institutin peratins if the change is implemented Ptential impact and risk t Institutin peratins if the change is nt implemented Timing f the change t minimize impact t peratins Acceptance and adaptatin by affected parties and users Ptential security risks intrduced by the change Technical risk includes the fllwing: Cmplexity f the change Cmplexity f the system r infrastructure affected by the change Interdependencies between different system cmpnents and IT services Impact n nrmal IT peratins, including: system usage, disaster recvery plans, back-up and strage, hardware and sftware, and change t peratinal prcedures Technical feasibility f the change and level f effrt fr IT and the Institutin Availability f resurces with required technical expertise Cst elements include the fllwing: Csts assciated with nt implementing the change, such as penalties due t nn-cmpliance r lss fllwing a disruptin f the current systems r services. If pssible, ptential return n investment (ROI) shuld be estimated Ttal Cst f Ownership (TCO), including ne-time purchases (sftware, hardware and prfessinal services) and nging maintenance csts Peple csts (hurly rate, vertime, travel expenses, etc.) External csts (cnsulting services, third party utsurced services). Page 6 f 12
7 Training csts Cmmunicatin csts Infrmatin Technlgy must ensure that that majr changes are cmmunicated t the apprpriate stakehlders t review the criteria listed abve. This includes, at minimum the: Requestr s manager Impacted IT team, where applicable IT Manager f the team that will implement the change IT Directr r its representative The Requestr must prvide sufficient infrmatin t analyze the change request prir t submitting the change request fr apprval. When the Apprver reviews a change request, they either: 2.3. Apprval Apprve r deny the prpsed change (standard / minr changes) Bring change request frward t the CAB (majr changes) Cnvene the ECAB t review the change request (emergency changes) Request additinal infrmatin by sending the change request back t the Manager fr further investigatin and analysis Majr and Emergency change requests must be frmally apprved by the CAB r the ECAB, respectively Advisry Bard makes decisin abut Majr s and meets regularly, as required Emergency Advisry Bard makes decisins abut high-impact Emergency s and meets upn request by the IT Directr. 3. Implementatin and Status f Requests 3.1. Testing All changes must be tested, when pssible, prir t implementatin in prductin Tests f changes must be perfrmed in a nn-prductin envirnment, where pssible A test plan must be frmally dcumented, where pssible, and apprved by IT and Institutin stakehlders: The test plan must identify the specific test scenaris r scripts that are t be executed, what types f testing are required (unit testing, integratin testing, user acceptance testing, etc.) and the way in which success r failure will be determined fr each test At a minimum, the test plan must include testing activities t verify that the change has the desired impact and that there has been n adverse impact t service stability. Additinal testing may be apprpriate fr cmplex r risky changes Test results must be dcumented in the tracking system. Page 7 f 12
8 3.2. Implementatin s must nly be released in prductin when: Test results are accepted by Institutin and IT stakehlders All tests have sufficiently passed. Any failed tests must have a clearly established remediatin plan r represent an acceptable level f risk that has been accepted by the Apprver Pst-Implementatin Review A pst-implementatin review must be perfrmed by stakehlders t cnfirm the change is cmplete r t identify remaining issues The status f the change must be updated based n the results f the pstimplementatin review Regular review f Request status The status f incmplete change requests must be regularly reviewed in CAB meetings, until the change is either dismissed r fully implemented An annual review f pen change requests must be perfrmed by the IT Manager t identify and fllw-up n ld RFCs that have nt been clsed. 4. Rles and Respnsibilities Stakehlder Respnsibilities Advisry Bard (CAB) Emergency Advisry Bard (ECAB) Apprver Review change requests, including their ptential impacts and level f risk. Prvide frmal apprval t implement change requests. Review change prgress with respect t the apprved schedule, and participate in Pst Implementatin Reviews. Prvide recmmendatins regarding the implementatin f changes int prductin, priritize change requests, and make decisin if any cnflict ccurs. Prvide recmmendatins t imprve r update this Plicy. Meet upn the request f the IT Directr. Review urgent change requests and: Cnfirm the level f urgency; Evaluate the ptential impacts and risks; Frmally authrize the implementatin f emergency changes where apprpriate; Ask fr additinal infrmatin where needed; and Make any ther decisins t address issues and cncerns. Review new IT change requests when they are submitted. Review the status f existing change requests. Chair the CAB meetings, including presentatin f the status f all change requests (new, pending, issues, cmpleted) and frmal dcumentatin f CAB meeting minutes r decisins. Ensure change requests are; Fllwing the present Plicy; Page 8 f 12
9 Stakehlder Respnsibilities IT Directr Manager Requestr Fully dcumented with all necessary details; Cmmunicated t the apprpriate stakehlders (IT Directr, administratrs and Implementer) fr cmment, befre presented t the CAB fr apprval; Presented t the CAB fr apprval (r the emergency CAB where applicable); and Addressed in a timely manner by the Implementer after CAB apprval. Cmmunicate with the Requestr and the Business t cnfirm specific aspects f the requests, as well as scheduling. Participate in the remediatin f any prblem, issue, incident and cnflict resulting frm a change by escalating t the right stakehlder r CAB meeting. Prvide recmmendatins regarding the implementatin f changes int prductin, priritize change requests, and make decisin if any cnflict ccurs. Prvide recmmendatins t imprve r update this Plicy. Chair the CAB meetings, including presentatin f the status f all change requests (new, pending, issues, cmpleted) and frmal dcumentatin f CAB meeting minutes r decisins. Prvide recmmendatins t imprve r update this Plicy. Verify the apprpriate classificatin f the change and evaluatin f the risks. Prepare the implementatin f the change request, including sme elements f analysis, wrk scheduling, design, build, test, and rll-back / back-ut activities. Test changes and reprt any issue r negative impact. Implement successfully tested and apprved changes int prductin. Update system dcumentatin. Reprt t the Apprver n the status f all changes assigned t her/him. Cmmunicate with the Apprver, the Requestr and any related key stakehlders t better understand the request fr change, reprt errrs, issues, r delay in testing r implementing the change. Escalate prblems and incidents resulting frm deplying changes. Participate in pst-implementatin reviews as required by the Manager. Initiates a Request fr (RFC) with the required details. Answer all additinal infrmatin required by the Reviewer, the Manager, IT stakehlders, r the CAB. Cmmunicate with business stakehlders t ensure business requirements are met. Participate in acceptance testing and pst implementatin reviews as required. Reviewer Assist the Manager by perfrming an initial review f the prpsed change requests as required, based n the technical aspects f the change, befre the change is submitted fr Apprval. Page 9 f 12
10 Stakehlder Respnsibilities IT Help Desk Supervisrs r Institutin representatives Users Respnd t any user requesting an IT. Verify the nature f the request and cnfirm if a frmal change request is necessary. Identify the change classificatin and immediately infrm the Manager r Incident Manager where necessary. Enter detailed infrmatin in the tracking system, including the name f the Requestr and descriptin f the change. Update the status f the change as required. Review any prblem, issue r need frm users that wuld require a new change request. Apprve new change requests initiated frm users. Cmmunicate with the IT grup t submit a new change request. Cntact the Help Desk fr any questins r cncerns related t the technlgy. When a questin r cncern cannt be addressed by the Help Desk, cntact their supervisr r representative. Cntact their supervisr r manager fr any request t change the existing technlgy. Page 10 f 12
11 APPENDIX 2 Appendix 2 Sample Request fr (RFC) Please cmplete and send t: IT Help Desk 1 General Infrmatin Sectin 1 Requested By Apprved by Supervisr/ Manager Date & Time f RFC Submissin Request Number Third party Supplier Prblem/Incident Ticket Number Peer/Technical Review r Suggested Apprvers Implementer Team/Name Classificatin 2 Brief Descriptin f the Request 3 Cnfiguratin Items Affected: 4 Items t be prcured Hardware Sftware Prfessinal Services Page 11 f 12
12 APPENDIX 2 5 Risk and Impact f nt Implementing this 6 Ptential Risk and Impact related t the Implementatin Business Risk Technical Risk Security Risks Cst 7 Schedule Requested Implementatin Start Date & Time Requested Implementatin End Date & Time Business Hurs r Out f Business Hurs (explain) 8 Implementatin Plan What / Wh / When / Where / Hw 9 Test Plan 10 Detailed Back-ut Plan 11 Cmmunicatin Plan 12 Other / Cmments Page 12 f 12
Systems Support - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets
More informationService Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S
Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...
More informationChange Management Process For [Project Name]
Management Prcess Fr [Prject Name] i 1 Intrductin The is fllwed during the Executin phase f the Prject Management Life Cycle, nce the prject has been frmally defined and planned. 1.1 What is a Management
More informationSoftware and Hardware Change Management Policy for CDes Computer Labs
Sftware and Hardware Change Management Plicy fr CDes Cmputer Labs Overview The cmputer labs in the Cllege f Design are clsely integrated with the academic needs f faculty and students. Cmputer lab resurces
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationS&T IT Change Management Policy and Procedure
S&T IT Change Management Plicy and Prcedure 5/1/2016 Page 2 f 10 Executive Summary S&T IT Change Management All IT & Ed Tech staff are respnsible t fllw the Change Management Prcess when intrducing changes
More informationDatabase Services - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and Database Services t dcument: The technlgy services Database Services prvides t the custmer. The targets fr respnse times, service
More informationInformation Services Hosting Arrangements
Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based
More informationIT Help Desk Service Level Expectations Revised: 01/09/2012
IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+
More informationInternal Audit Charter and operating standards
Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw
More informationENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY Plicy N. 10014 Review Date Octber 1, 2014 Effective Date March 1, 2014 Crss- Respnsibility Vice President, Reference Administratin Apprver Executive Cuncil 1. 1. Plicy
More informationSymantec User Authentication Service Level Agreement
Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed
More informationSECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM
Audit Manual Sectin J SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Ref. Plicy and Practice Requirements IIA Standards and Other references J 1 Plicy: The Head f Internal Audit shall develp and maintain
More informationPOSITION NUMBER: LOCATION: Vancouver. DATE: February 2009
POSITION TITLE: Team Lead Service Centre DIVISION/BRANCH: IS/IT CURRENT CLASSIFICATION LEVEL: IS27 SUPERVISOR S POSITION NUMBER POSITION NUMBER: LOCATION: Vancuver DATE: February 2009 SUPERVISOR S TITLE/CLASSIFICATION:
More informationSecurity Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview
Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the
More informationPOLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014
State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)
More informationSystem Business Continuity Classification
System Business Cntinuity Classificatin Business Cntinuity Prcedures Infrmatin System Cntingency Plan (ISCP) Business Impact Analysis (BIA) System Recvery Prcedures (SRP) Cre Infrastructure Criticality
More information1.2 Supporting References For information relating to the Company Hardware Request project, see the SharePoint web site.
Hardware Request System Visin 1 Intrductin 1.1 Dcument Purpse and Scpe This dcument utlines the visin fr the Hardware Request system. The purpses f this dcument are t: Identify and agree n the prblems
More informationLINCOLNSHIRE POLICE Policy Document
LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area
More informationCDC UNIFIED PROCESS PRACTICES GUIDE
Dcument Purpse The purpse f this dcument is t prvide guidance n the practice f Business Case and t describe the practice verview, requirements, best practices, activities, and key terms related t these
More informationITIL Release Control & Validation (RCV) Certification Program - 5 Days
ITIL Release Cntrl & Validatin (RCV) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management
More informationUNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES
UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative
More informationPersonal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationTrustED Briefing Series:
TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers
More informationInformation Governance (IG) Toolkit Change Request Process
Infrmatin Gvernance (IG) Tlkit Change Request Prcess Draft v0.7 1 Cpyright 2013, Health and Scial Care Infrmatin Centre. Infrmatin Gvernance Tlkit Change Request Prcess Page 2 f 6 Cntents Cntents 2 Prcess
More informationCDC UNIFIED PROCESS PRACTICES GUIDE
Dcument Purpse The purpse f this dcument is t prvide guidance n the practice f Risk Management and t describe the practice verview, requirements, best practices, activities, and key terms related t these
More informationLoss Share Data Specifications Change Management Plan
Lss Share Data Specificatins Change Management Plan Last Updated: 2/27/2013 Table f Cntents I. Purpse... 3 II. Change Management Apprach... 3 III. Categries f Revisins... 4 IV. Help and Supprt... 6 Lss
More informationGUIDANCE FOR BUSINESS ASSOCIATES
GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.
More informationAppendix H. Annual Risk Assessment and Audit Plan 2013/14
Annual Risk Assessment and Audit Plan 2013/14 Internal Audit Department September 25, 2013 Table f Cntents Intrductin.. 3 Risk Assessment Prcess... 4 Page 2 Intrductin Each year, the Internal Audit Department
More informationCASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT
CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles
More informationRequest for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply
Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t
More informationAudit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd
Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew
More informationProject Management Fact Sheet:
Prject Fact Sheet: Managing Small Prjects Versin: 1.2, Nvember 2008 DISCLAIMER This material has been prepared fr use by Tasmanian Gvernment agencies and Instrumentalities. It fllws that this material
More informationIncident Management-Roles and Responsibilities
Enterprise Services Incident Management- Rles and Respnsibilities Fr Key Stakehlders Table f Cntents 1. Intrductin:... 2 2. Objective:... 2 3. In Scpe:... 2 4. Out f Scpe:... 3 5. Incident Management is
More informationOITS Service Level Agreement
OITS Service Level Agreement Objective A Service Level Agreement (SLA) describes the IT Service, dcuments Service Level Targets, and specifies the respnsibilities f the IT Service Prvider and the Custmer.
More informationSystems Load Testing Appendix
Systems Lad Testing Appendix 1 Overview As usage f the Blackbard Academic Suite grws and its availability requirements increase, many custmers lk t understand the capability f its infrastructure. As part
More informationBusiness Continuity Management Policy
The Public Trustee Business Cntinuity Management Plicy Octber 2015 Business Cntinuity Management Plicy Octber 2015 Page 1 f 6 Dcument Infrmatin Apprved Name Psitin Signature Date Mark Crftn A/Public Trustee
More informationOFFICIAL JOB SPECIFICATION. Network Services Analyst. Network Services Team Manager
JOB SPECIFICATION FUNCTION JOB TITLE REPORTING TO GRADE WORK PATTERN LOCATION IT & Digital Netwrk Services Analyst Netwrk Services Team Manager Band D Full-time Birmingham TRAVEL REQUIRED Occasinally ROLE
More informationSystem Business Continuity Classification
Business Cntinuity Prcedures Business Impact Analysis (BIA) System Recvery Prcedures (SRP) System Business Cntinuity Classificatin Cre Infrastructure Criticality Levels Critical High Medium Lw Required
More informationCare Plan Oversight. Home Health Certification. July 23, 2014. Agenda
Care Plan Oversight Hme Health Certificatin July 23, 2014 Agenda Care Plan Oversight Why We Are Prviding the Educatin Prcedure cdes Descriptin f Services Wh Can Perfrm Frequency f Services Face-t-Face
More informationHelp Desk Level Competencies
Help Desk Level Cmpetencies Level 1 Take user calls and manage truble tickets Ability t staff and manage the rganizatins helpdesk and effectively respnd t rutine custmer calls Ability t use prper grammar
More information2. Are there any restrictions on when the work can be performed (e.g. only at night, only during business hours, only on weekends)? No.
HIPAA Technical Risk Security Assessment 1. Will yu be issuing additinal directins fr the frmatting f the final prpsal due Nvember 21 st? There is nt specific frmatting requirements, just submit the prpsal
More informationATTACHMENT U THIRD PARTY AUDITOR/CONSULTANT QUALIFICATION GUIDELINE
ATTACHMENT U THIRD PARTY AUDITOR/CONSULTANT QUALIFICATION GUIDELINE 1 INTRODUCTION Third party auditr/cnsultant plays an imprtant rle in decmmissining t ensure that all critical decmmissining activities
More informationBusiness Continuity Management Policy
Business Cntinuity Management Plicy Versin: 1.0 Last Amendment: Apprved by: Library Cuncil f New Suth Wales Plicy wner/spnsr: Directr, Operatins and Chief Financial Officer Plicy Cntact Officer: Senir
More informationCharlotte-Mecklenburg Schools Elementary School Grading Procedures Plan
Charltte-Mecklenburg Schls Elementary Schl Grading Prcedures Plan CMS Visin Charltte-Mecklenburg Schls prvides all students the best educatin available anywhere, preparing every child t lead a rich and
More informationChapter 7 Business Continuity and Risk Management
Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity
More informationMSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER
MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend
More informationMulti-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021
Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada
More informationRequest for Proposal Technology Services
Avca Schl District 37 Wilmette, IL Request fr Prpsal Technlgy Services Netwrk and Systems Infrastructure Management Services December 5, 2013 Avca Schl District 37 is seeking an IT cnsulting firm t manage
More informationCorporate Standards for data quality and the collation of data for external presentation
The University f Kent Crprate Standards fr data quality and the cllatin f data fr external presentatin This paper intrduces a set f standards with the aim f safeguarding the University s psitin in published
More informationNuance Healthcare Services Project Delivery Methodology
NUANCE PROFESSIONAL SERVICES Nuance Healthcare Services 2008 Nuance Cmmunicatins, Inc. All rights reserved. Nuance Healthcare Services 1 INTRODUCTION This dcument describes the prject management methdlgy
More informationImplementation Management Guide
Implementatin Management Guide Table f Cntents 1 Overview... 2 2 Implementatin Scpe... 2 3 Implementatin Wrkflw... 3 4 Intrductins and scheduling f Kick-ff Meeting... 4 5 Kick-Off Meeting Objectives &
More informationThe user authentication process varies from client to client depending on internal resource capabilities, and client processes and procedures.
Learn Basic Single Sign-On Authenticatin Tale s Basic SSO applicatin grants Learn access t users withut requiring that they enter authenticatin lgin credentials (username and passwrd). The access pint
More informationEnvironment Protection Authority
Envirnment Prtectin Authrity EPA Cmplaints Management Plicy Intrductin This plicy sets ut the purpse, principles and prcess fr hw custmer feedback, including cmplaints, will be managed in the EPA t imprve
More informationChange Management Process
Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses
More informationElectronic and Information Resources Accessibility Compliance Plan
Electrnic and Infrmatin Resurces Accessibility Cmpliance Plan Intrductin The University f Nrth Texas at Dallas (UNTD) is cmmitted t prviding a wrk envirnment that affrds equal access and pprtunity t therwise
More informationUniversity of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationVCU Payment Card Policy
VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this
More informationHuman Resources Policy pol-020
Human Resurces Plicy pl-020 Versin: 2.00 Last amendment: Jul 2014 Next Review: Jul 2017 Apprved By: Cuncil Date: 04 May 2005 Cntact Officer: Directr, Office f Human Resurce Services INTRODUCTION The University
More informationKey essential skills for this occupation are: Computer Use, Document Use and Oral Communication. Level 1. Level 2
NOC: 1243 Occupatin: Medical Secretaries Occupatin Descriptin: Respnsibilities include perfrming varius secretarial and administrative tasks in lng term care and supprted living facilities. Key essential
More informationOBJECTIVE 10: ALERT AND NOTIFICATION OBJECTIVE 10: ALERT AND NOTIFICATION OBJECTIVE
OBJECTIVE 10: ALERT AND NOTIFICATION OBJECTIVE Demnstrate the capability t prmptly alert and ntify the public within the 10-mile plume pathway emergency planning zne (EPZ) and disseminate instructinal
More informationInformation Technology Department REQUEST FOR PROPOSALS
Infrmatin Technlgy Department REQUEST FOR PROPOSALS Identity and Access Management Service Design and Technlgy Implementatin January 11, 2013 Prpsals due by 4 p.m. n February 1 st, 2013 Attachment 2 Prject
More informationPrivacy Breach and Complaint Protocol
Privacy Breach and Cmplaint Prtcl Effective: December 31, 2012 Apprved by: Le McKenna, CFO 1.0 General Privacy breaches and privacy cmplaints will be handled in accrdance with this prtcl. This prtcl is
More informationE-Business Strategies For a Cmpany s Bard
DATATEC LIMITED BOARD CHARTER / TERMS OF REFERENCE 1. CONSTITUTION The primary bjective f the Cmpany s Bard Charter is t set ut the rle and respnsibilities f the Bard f Directrs ( the Bard ) as well as
More informationProject Startup Report Presented to the IT Committee June 26, 2012
Prject Name: SOS File 2.0 Agency: Secretary f State Business Unit/Prgram Area: Secretary f State Prject Spnsr: Al Jaeger Prject Manager: Beverly Maitland Prject Startup Reprt Presented t the IT Cmmittee
More informationLicensed Practical Nurse (LPN) Role and Scope Course
Licensed Practical Nurse (LPN) Rle and Scpe Curse LPN Rle and Scpe 7/11/2014 1 Intrductin This mdule was develped t implement the educatinal prvisins in R4-19-301, which requires candidates wh are graduates
More informationUNIVERSITY INCIDENT PLANNING COMMITTEE TERMS OF REFERENCE
1. TITLE OF COMMITTEE UNIVERSITY INCIDENT PLANNING COMMITTEE University Incident Planning Cmmittee (IPC) 2. ESTABLISHMENT TERMS OF REFERENCE The University Incident Planning Cmmittee is established in
More information10 th May 2010. Dear Peter, Re: Audit Quality in Australia: A Strategic Review
10 th May 2010 Mr. Peter Levy Audit Quality Strategic Review Crpratins and Financial Services Divisin The Treasury Langtn Crescent PARKES ACT 2600 Dear Peter, Re: Audit Quality in Australia: A Strategic
More informationCHANGE MANAGEMENT STANDARD
The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the
More informationGUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN
Gvernment f Newfundland and Labradr Office f the Chief Infrmatin Officer Infrmatin Management Branch GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Guideline (Definitin): OCIO Guidelines derive frm
More informationITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days
ITIL Service Offerings & Agreement (SOA) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management
More information2008-2011 CSU STANISLAUS INFORMATION TECHNOLOGY PLAN SUMMARY
2008-2011 CSU STANISLAUS INFORMATION TECHNOLOGY PLAN SUMMARY OFFICE OF INFORMATION TECHNOLOGY AUGUST 2008 Executive Summary The mst recent CSU Stanislaus infrmatin technlgy (IT) plan was issued in 2003.
More informationSupport Services. v1.19 / 2015-07-02
Supprt Services v1.19 / 2015-07-02 Intrductin - Table f Cntents 1 Intrductin... 3 2 Definitins... 4 3 Supprt Prgram Feature Overview... 5 4 SLA fr the Supprt Services... 6 4.1 Standard Supprt... 6 4.2
More informationRevised October 27, 2011 Page 1 of 6
Keystne STARS Accreditatin Applicatin Philsphy The Keystne STARS prgram is Pennsylvania s QRIS which began in 2002. There are fur quality levels frm STAR 1 t STAR 4, each level building n the prir levels;
More informationNewborn Blood Spot Failsafe Solution (NBSFS) Operational Level Agreements. Part B: Child Health Record Department (CHRD) Users
Newbrn Bld Spt Newbrn Bld Spt Failsafe Slutin (NBSFS) Operatinal Level Agreements Part B: Child Health Recrd Department (CHRD) Users Versin 1.2 / May 2015 Uncntrlled when printed. T ensure yu have the
More informationBusiness Continuity Management Systems Foundation Training Course
Certificatin criteria fr Business Cntinuity Management Systems Fundatin Training Curse CONTENTS 1. INTRODUCTION 2. LEARNING OBJECTIVES 3. ENABLING OBJECTIVES KNOWLEDGE & SKILLS 4. TRAINING METHODS 5. COURSE
More informationDocument Management Versioning Strategy
1.0 Backgrund and Overview Dcument Management Versining Strategy Versining is an imprtant cmpnent f cntent creatin and management. Versin management is a key cmpnent f enterprise cntent management. The
More informationPADUA COLLEGE LIMITED ACN 072 693 700 ABN 20 072 693 700
PADUA COLLEGE LIMITED ACN 072 693 700 ABN 20 072 693 700 Plicy Title Versin Number Date Issued Critical Incident Management Plicy 2.0 Nvember 2007 Reviewed April 2010 June 2015 Definitin Critical incidents
More informationSchool Psychology Program: Fitness to Practice Policy
Schl Psychlgy Prgram: Fitness t Practice Plicy This Fitness t Practice Plicy applies t all students upn enrllment in the Schl Psychlgy Prgram, and remains in effect until cmpletin f the Prgram. It is imprtant
More informationSoftware Quality Assurance Plan
Sftware Quality Assurance Plan fr AnthrpdEST pipeline System Versin 1.0 Submitted in partial fulfillment f the requirements f the degree f Master f Sftware Engineering Prepared by Luis Fernand Carranc
More informationService Level Agreement Distributed Hosting and Distributed Database Hosting
Office f Infrmatin Technlgy Services Service Level Agreement Distributed Hsting and Distributed Database Hsting Nvember 12, 2013 Service Descriptin Distributed Hsting and Distributed Database Hsting Service
More informationEJttilb Health. The University of Texas Medical Branch Audit Services. Audit Report. Epic In-Basket Management Audit. Engagement Number 2015-008
',. -... : t'f" ' EJttilb Health The University f Texas Medical Branch Audit Reprt Audit Engagement Number 2015-008 July 2015 nie University f Texas Medical Branch 301 University Bulevard, Suite 4.100
More informationInformation Security Incident Response Plan
Infrmatin Security Incident Respnse Plan Agency: Date: Cntact: 1 TABLE OF CONTENTS Intrductin... 3 Authrity... 4 Terms and Definitins... 4 Rles and Respnsibilities... 5 Prgram... 6 Educatin and Awareness...
More informationNebraska Parenting Act Divorce and Separation Parenting Education Provider Information 2015 Application
Nebraska Parenting Act Divrce and Separatin Parenting Educatin Prvider Infrmatin 2015 Applicatin A. Apprval Prcess: Please submit the fllwing in the rder listed: 1. Prvider infrmatin sheet: Please cmplete
More informationDirectives to LHINs in respect of Reporting Requirements under the BPSAA. Issued By Minister of Health and Long-Term Care
Directives t LHINs in respect f Reprting Requirements under the BPSAA Issued By Minister f Health and Lng-Term Care Effective April 1, 2011 Table f Cntents 1. BACKGROUND... 2 2. REPORT ON THE USE OF CONSULTANTS...
More informationPurpose Statement. Objectives
Apprved by Academic Affairs Cuncil, June 24, 2014 Faculty Handbk Part VI: Other Plicies and Prcedures Sectin R. Intellectual Prperty Classified Emplyee Handbk Part VI: Other Plicies and Prcedures Sectin
More informationOE PROJECT MANAGEMENT GLOSSARY
OE PROJECT MANAGEMENT GLOSSARY ACCEPTANCE CRITERIA : thse criteria, including perfrmance requirements and essential cnditins that must be met befre the prject deliverables are accepted. ACTIVITY: an actin
More informationOR 2) Implement and customize an off the shelf product that would suit the requirements
CRM Custmer Relatinship Management Request fr Prpsal (RFP) Created by : Gayathri Jaganathan Rle : Prject Manager Prpsal Date: 10/02/06 Organizatin: AIM Alliance Inspectin Management Cmpany Lcatin : 28235
More informationACCREDITATION. Policy 60150: Substantive Change
ACCREDITATION Plicy 60150: Substantive Change 1. Purpse 2. Plicy The purpse f this plicy is t assist the Cllege with maintaining cmpliance with Cmprehensive Standard 3.12.1 f the Principles f Accreditatin
More informationBRISTOL CITY COUNCIL ROLE AND EMPLOYEE PROFILE: Architect (Practitioner Level) Specific Role Data Architect
BRISTOL CITY COUNCIL ROLE AND EMPLOYEE PROFILE: Architect (Practitiner Level) Specific Rle Data Architect Grade Directrate Managed by BG13 (TBC) Business Change Senir Infrmatin Systems & Technlgy Architect
More informationAppendix A Page 1 of 5 DATABASE TECHNICAL REQUIREMENTS AND PRICING INFORMATION. Welcome Baby and Select Home Visitation Programs Database
Appendix A Page 1 f 5 The items in the list f database technical requirements belw was develped thrugh several meetings between First 5 LA Research and Evaluatin, Infrmatin Technlgy, and Prgram Develpment
More informationHow To Write An Ehsms Training, Awareness And Competency Procedure
Envirnmental, Health & Safety Management System (EHSMS) Dcument Number: 00122 Issue Date: 05/07/2014 Training, Awareness and Cmpetency Prcedure Revisin Number: 7 Prepared By: Stalcup, Bryce Apprved By:
More informationCorporate Credit Card Policy
Plicy N: 13 Crprate Credit Card Plicy CONTROL: Plicy Type: Authrised by: Head f Pwer: Financial Cuncil Nt Applicable Respnsible Officer: Crprate and Cmmunity Manager Respnsibilities: Review and implement
More informationBUSINESS NEED SUMMARY TABLE: # Need P Concerns Current Solution Proposed Solution
EXTRACT FRO BUSINESS REQUIREENTS DOCUENT KEY BUSINESS NEEDS Business case drivers, prduct definitin dcumentatin, legal/regulatry, and ther stated requirements r needs that must be met by the final slutin
More informationS TAT E M E N T O F WO R K
H A W A I I I N F O R M A T I O N C O N S O R T I U M S TAT E M E N T O F WO R K HAWAII WEBSITE HOSTING AND DESIGN SERVICES OVERVIEW This Statement f Wrk (SOW) dcument identifies the respnsibilities
More informationREQUEST FOR PROPOSAL FOR WEBSITE DESIGN CONTRACT SERVICES
REQUEST FOR PROPOSAL FOR WEBSITE DESIGN CONTRACT SERVICES The Yl-Slan Air Quality Management District (District) is currently sliciting prpsals fr cntract services t redesign its existing website: www.ysaqmd.rg
More informationMalpractice and Maladministration Policy
TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs
More informationFINANCIAL SERVICES FLASH REPORT
FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent
More informationCOE: Hybrid Course Request for Proposals. The goals of the College of Education Hybrid Course Funding Program are:
COE: Hybrid Curse Request fr Prpsals The gals f the Cllege f Educatin Hybrid Curse Funding Prgram are: T supprt the develpment f effective, high-quality instructin that meets the needs and expectatins
More information