The University of Texas Pan American. Change Management Standard and Procedures. Division of Information Technology
|
|
- Reynold Jacobs
- 8 years ago
- Views:
Transcription
1 The University of Texas Pan American Change Management Standard and Procedures Division of Information Technology Page 1
2 Table of Contents Introduction... 3 Purpose... 3 Scope... 3 Procedures... 3 Communication... 4 Change Committee... 4 Emergency Change... 4 Planned Change... 4 Approve Change... 5 Implement Change... 5 Document Change... 6 Definitions... 6 Review... 7 Page 2
3 The University of Texas-Pan American Change Management Standard and Procedures A. Introduction The Information Resources infrastructure at The University of Texas-Pan American (UTPA) is dynamic in nature and is constantly changing to meet the mission of the University. Maintaining and preserving the highest possible levels of availability of Information Resources is a fundamental goal at UTPA. The Change Management Standard and Procedures serves as a supplement to The University of Texas-Pan American s Information Resources Security Operations Manual and UT System Policy 165 (UTS165). B. Purpose The purpose of this document is to set forth change management processes to ensure secure, reliable, and stable operations to which all offices that support Information Resources are required to adhere. The Change Management Standard and Procedures also ensures that all changes to Information Resources (e.g., computer hardware, computer software, operating systems, applications, database, data, network, security, and telecommunications) occur in a rational and predictable manner and within a controlled environment so that planning can occur accordingly. In addition, the standard serves as a vehicle for identifying, communicating, planning, testing, approving, implementing, and documenting changes to UTPA s Information Resources. C. Scope This document applies to any action or change that affects any production or associated environment systems that house UTPA s Information Resources, including but not limited to all UTPA workforce members (e.g., faculty, staff, student workers, interns, contractors, vendors, consultants, volunteers, etc.) who own, operate, or maintain information resources. D. Procedures Every change to UTPA Information Resources including computer hardware, computer software, operating systems, applications, database, data, network, security, and telecommunications systems is subject to the Change Management standard and must follow all applicable Change Management Procedures. A change request should be made for all scheduled and unscheduled changes using the Information Technology Change Request Form. Page 3
4 All changes affecting computing environmental facilities (e.g., air-conditioning, water, heat, plumbing, electricity, and alarms) should be coordinated with and reported to the appropriate college, school, unit or department managing the systems in that facility. Communication Communication before, during, and after the change is a key component of the change management process. Adequate information and advance notice for change request should be provided, especially if a response is needed. It also should be clear whom people should respond to, if a response is expected. Change Management Change Committee The Change Management Committee (CMC) is charged with reviewing and approving changes for implementation in the Production environment. Change Management Committee membership is appointed as specified in the Change Management Committee Charter. Change Manager The Change Manager will review and approve changes that have been pre-approved by Change Management Committee. The Change Manager will escalate all other changes to the CMC for review and approval. Responsibilities of the Change Manager include the following: Authorizing proposed changes that have been pre-approved by the CMC Submitting proposed changes to the CMC that have not been previously preapproved by the CMC Verifying that the documentation has been adequately prepared Verifying that the appropriate test plan has been successfully completed and documented Verifying that sign-off documents have been completed Verifying and authorizing the back-out plan Verifying the test results of the back-out plan Communicating the outcome of the change request to the initiator and stakeholders Emergency Change An emergency change may occur when a critical service is down or severely impaired with disruption to business and/or student activities. Regardless of the urgency of the situation, the data owner, custodian group representative, and Vice President for Information Technology must give approval when an emergency change is required between Change Management Committee meetings. Emergency changes that have been implemented must also be classified, documented, and presented to the appropriate Change Management. Page 4
5 Break/Fix changes required outside normal business hours will be handled by the assigned staff, documented and reported on the next business day to the appropriate Change Management. Planned Change When planning the change, the initiator and Change Manager are responsible for the following: Determining if the change is an emergency or a planned change Identifying the need for changes to production system Presenting the change request to the appropriate Change Management Determining the timeframe for the change Working with the appropriate group to schedule the planned change Identifying the individuals involved in testing the change Maintaining communications with stakeholders as the change progresses from inception to implementation Assuring that approvals occur within the needed timeframe; alternatively, obtaining alternate approvals Verifying and documenting the outcome of the changes and rating their success Test Change Every change must have a verification plan which will assure the change will be made successfully. The verification plan may include pre-testing in a test environment, or alternatively breaking the change into sufficiently small increments that can be tested in off-hours using production environments. The results will be documented and verified as part of the change management process. The individual testing the change is responsible for the following: Developing an appropriate test plan Developing appropriate verification plan Identifying any inadvertent consequences that might result in stability or security issues Verifying successful test results: resolving and re-testing any issues Documenting test results Communicating test results to the data owner and the appropriate Change Management for final approval of the change Developing, testing and documenting a back-out plan Verifying back-ups beforehand when production environments are used. Page 5
6 Approving Change The change request, test results and sign-off document must be presented to the appropriate Change Management for review of the change to be implemented. A meeting with the initiator and Change Management Committee may be necessary to review the requested change. If a meeting is required, the initiator must be present to answer any questions or address any concerns the Change Management Committee may have. The Change Management Committee should assess the risks and benefits of either making the change or not making the change. The Change Management Committee reserves the right to alter the change plan, make recommendations and/or send it back for revisions, if the change proposal is unacceptable or requires additional work. Implement Change The Change Management Committee authorizes the change that is to be implemented. Only changes that have been approved may be implemented in a production environment. The implementation team is responsible for the following: Obtaining authorization from the appropriate Change Management to migrate the change Ensuring adequate staff is available to migrate the change Communicating the migrated change to the appropriate Change Management Migrating successfully tested changes to the production environment Document Change All change requests must be formally documented, classified, and prioritized to ensure they are planned for accordingly. The Initiator, Data Owner, Custodian, Change Management and those involved in the Change Management Process are responsible for reviewing the documented changes for correctness, completeness, and adherence to standards and procedures. The Information Technology Change Request Form contains detailed information about the change and is required for changes submitted to the Change Management Committee. A change request log must be maintained and published for awareness that a change is being or has been implemented. A change log must include at least the following: Date of submission and date of change Data Owner and custodian contact information Nature of the change Page 6
7 Indication of success or failure Status of change Change Control Documentation Change control documentation such as diagrams, schematics, processes must be maintained in a current state (i.e., all documentation must be updated before the change request can be closed). E. Definitions Change: Any addition, modification or update of an Information Resource that can potentially impact the operation, stability, or reliability of a University network or computing environment. Change Management: The process of controlling the communication, approval, implementation, and documentation of modifications to hardware, software, and firmware to ensure that information resources are protected against improper modification before, during, and after system implementation. Change refers to: Any implementation of new functionality Any interruption of service Any repair of existing functionality Any removal of existing functionality Change Management Committee: Group of people appointed to review, approve/reject a change request. Change Manager: Individual responsible for any and all changes within his or her area of responsibility. Custodian: Guardian or caretaker; the holder of data, the agent charged with implementing the controls specified by the owner. The custodian is responsible for the processing and storage of information. The custodians of information resources, including entities providing outsourced information resources to the University, must: Implement the controls specified by the approved change request Provide physical and procedural safeguards for the information resources Assist owners in evaluating the cost-effectiveness of controls and monitoring Implement the monitoring techniques and procedures for detecting, reporting, and investigating incidents. Custodians include Information Security Administrators, University information technology/systems departments, vendors, and any third party acting as an agent of or otherwise on behalf of the University. Page 7
8 Data Owner: The manager or agent responsible for the function that is supported by the resource or the individual upon whom responsibility rests for carrying out the program that uses the resources. The owner is responsible for establishing the controls that provide the security. The owner of a collection of information is the person responsible for the business results of that system or the business use of the information. Where appropriate, ownership may be shared by managers of different departments. Information Resources (IR): Any and all computer printouts, online display devices, mass storage media, and all computer-related activities involving any device capable of receiving , browsing Web sites, or otherwise capable of receiving, storing, managing, or transmitting data including, but not limited to, mainframes, servers, personal computers, notebook computers, hand-held computers, personal digital assistant (PDA), pagers, distributed processing systems, network attached and computer controlled medical and laboratory equipment (i.e. embedded technology), telecommunication resources, network environments, telephones, fax machines, printers and service bureaus. Additionally, it is the procedures, equipment, facilities, software, and Data that are designed, built, operated, and maintained to create, collect, record, process, store, retrieve, display, and transmit information. Initiator: Individual(s) who initiate a change request and is/are responsible for the specific change from the moment it is requested until its implementation. The individual(s) is/are responsible for in-depth understanding of the nature of the change and must be present at any meeting held to approve/reject the change. Scheduled Change: Formal notification received, reviewed, and approved through the review process in advance of a change being made. Unscheduled Change: Failure to present notification through the review process in advance of the change being made. Unscheduled changes will only be acceptable in the event of a system failure or the discovery of security vulnerability. F. Review The Vice President for Information Technology and Information Resource Manager shall review this standard as needed and deemed necessary. Page 8
OFFICE OF COURT ADMINISTRATION VENDOR ACCESS POLICY
OFFICE OF COURT ADMINISTRATION VENDOR ACCESS POLICY Date: 02/02/2004 Approved by: Alicia Key Vendor Access Policy and Procedure 1 Office of Court Administration Vendor Access Policy (Texas Administrative
More informationDIVISION OF INFORMATION SECURITY (DIS)
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Information Systems Acquisitions, Development, and Maintenance v1.0 October 15, 2013 Revision History Update this table every time a new
More informationDIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014 Revision History Update this table every time a new edition of the document is published Date Authored
More informationInformation Resources Security Guidelines
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
More informationDIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014 Revision History Update this table every time a new edition of the document is
More informationEMNAMBITHI/LADYSMITH MUNICIPALITY CHANGE MANAGEMENT POLICY
EMNAMBITHI/LADYSMITH MUNICIPALITY CHANGE MANAGEMENT POLICY Emnambithi/Ladysmith Municipality Change Management Policy 2015/2016 Page 1 of 7 Document Configuration Management Document Identification File
More informationThe intended audience is system administrators, Directors, and Department Heads.
INFORMATION TECHNOLOGY STANDARD ADMINISTRATIVE PROCEDURES SAP No. 24.99.99.W1.10 Information Resources Incident Management Approved: April 15, 2005 Last Revised: August 30, 2011 Next Scheduled Review:
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationUTMB INFORMATION RESOURCES PRACTICE STANDARD
IR Security Glossary Introduction Purpose Applicability Sensitive Digital Data Management Privacy Implications This abbreviated list provides explanations for typically used Information Resources (IR)
More informationCCIT Change Management Policy
CCIT Change Management Policy Executive Summary The Clemson Computing & Information Technology (IT) infrastructure at Clemson University is expanding and continuously becoming more complex. There are more
More informationState of West Virginia Office of Technology Policy: Change & Configuration Management Issued by the CTO
Policy: Change & Configuration Management Issued by the CTO Policy No: WVOT-PO1015 Issue Date: 9/01/14 Revised Date: 7/01/15 Page 1 of 5 1.0 PURPOSE The purpose of Enterprise Change Management is to standardize
More informationThe University of Texas at El Paso Information Security Office Change Management Guidelines
The University of Texas at El Paso Information Security Office Change Management Guidelines 10/1/2007 1 Contents Purpose... 3 Scope... 3 Roles and Responsibilities... 3 Documenting Change Requests... 5
More informationUTech Services Compliance, Auditing, Risk, and Security (CARS) Team Charter
Pennsylvania State System of Higher Education California University of Pennsylvania UTech Services Compliance, Auditing, Risk, and Security (CARS) Team Charter Version [1.0] 1/29/2013 Revision History
More informationOhio Supercomputer Center
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationCITY UNIVERSITY OF HONG KONG Change Management Standard
CITY UNIVERSITY OF HONG KONG (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief Information Officer in September 2015) PUBLIC Date of Issue:
More informationCUNY Graduate Center Information Technology. IT Change Management Process Last Updated: April 8, 2016
CUNY Graduate Center Information Technology IT Change Management Process Last Updated: April 8, 2016 CHANGE MANAGEMENT Change Management (CM) is the process of communicating, coordinating, scheduling,
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationState Data Center. VMAX Data Migration Guide
State Data Center VMAX Data Migration Guide Version 1.0 June 26, 2013 Prepared by: Steve Lovaas, Enterprise Projects Client Liaison Contents DOCUMENT REVISION HISTORY... 3 INTRODUCTION AND PURPOSE... 4
More informationThe Use of Information Technology Policies and Policies
Information Technology Management Procedure June 1, 2015 Information Technology Management, page 1 of 7 Contents Responsibility for Local Information Technology Policies 3 Responsibility to Maintain Functionality
More informationDraft Copy. Change Management. Release Date: March 18, 2012. Prepared by: Thomas Bronack
Draft Copy Change Management Release Date: March 18, 2012 Prepared by: Thomas Bronack Section Table of Contents 10. CHANGE MANAGEMENT... 5 10.1. INTRODUCTION TO CHANGE MANAGEMENT... 5 10.1.1. PURPOSE OF
More informationSECTION 15 INFORMATION TECHNOLOGY
SECTION 15 INFORMATION TECHNOLOGY 15.1 Purpose 15.2 Authorization 15.3 Internal Controls 15.4 Computer Resources 15.5 Network/Systems Access 15.6 Disaster Recovery Plan (DRP) 15.1 PURPOSE The Navajo County
More informationC. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)
I. Title A. Name: Information Systems Security Incident Response Policy B. Number: 20070103-secincidentresp C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)
More informationColumbia College Process for Change Management Page 1 of 7
Page 1 of 7 Executive Summary Columbia College's Process for Change Management is designed to provide an orderly and documented method in which changes to the College's computing environment are requested
More informationInformation Technology Security Certification and Accreditation Guidelines
Information Technology Security Certification and Accreditation Guidelines September, 2008 Table of Contents EXECUTIVE SUMMARY... 3 1.0 INTRODUCTION... 5 1.1 Background... 5 1.2 Purpose... 5 1.3 Scope...
More informationClient Services Service Level Agreement
RMI Corporation Client Services Service Level Agreement 40 Darling Drive Avon, CT 06001 Phone: 860.677.1005 *Fax: 860.677.2454 RMI Corporation Client Services - Service Level Agreement TABLE OF CONTENTS
More informationState HIPAA Security Policy State of Connecticut
Health Insurance Portability and Accountability Act State HIPAA Security Policy State of Connecticut Release 2.0 November 30 th, 2004 Table of Contents Executive Summary... 1 Policy Definitions... 3 1.
More informationITSM Process Description
ITSM Process Description Office of Information Technology Incident Management 1 Table of Contents Table of Contents 1. Introduction 2. Incident Management Goals, Objectives, CSFs and KPIs 3. Incident Management
More informationCOAL CITY PUBLIC LIBRARY DISTRICT INTERNET AND INTERNET SAFETY POLICY APPROVED BY THE BOARD OF TRUSTEES REVISED
COAL CITY PUBLIC LIBRARY DISTRICT INTERNET AND INTERNET SAFETY POLICY APPROVED BY THE BOARD OF TRUSTEES REVISED DECEMBER 9, 2014 COAL CITY PUBLIC LIBRARY DISTRICT INTERNET AND INTERNET SAFETY POLICY Electronic
More informationTECHNICAL SUPPORT GUIDE
TECHNICAL SUPPORT GUIDE Copyright 2009 Fiberlink Corporation. All rights reserved. Information in this document is subject to change without notice. The software described in this document is furnished
More informationPayment Card Industry Data Security Standard
Payment Card Industry Data Security Standard Introduction Purpose Audience Implications Sensitive Digital Data Management In an effort to protect credit card information from unauthorized access, disclosure
More informationMETRO REGIONAL GOVERNMENT Records Retention Schedule
Program: Administration IS Administration provides strategic planning, direction, and central management oversight of the Information Services that includes the following programs: Desktop Support Services,
More informationHow To Manage An Ipa Print Service At A College Of Korea
1 General Overview This is a Service Level Agreement ( SLA ) between and the Student Computer Labs to document: The technology services Student Computer Labs provides to the customer The targets for response
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationmicros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.
micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5
More informationWhite Paper August 2006. BMC Best Practice Process Flows for ITIL Change Management
White Paper August 2006 BMC Best Practice Process Flows for ITIL Change Management Copyright 1991 2006 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service names,
More informationService Level Agreement (SLA) Education and E & O
Service Level Agreement (SLA) Education and E & O Version 1.0 (11-28-2011) Page 1 Document Revision History Date Author Revision Description Approvals Date Name Title Embedded signature/email Page 2 Table
More informationITS Change Management Process
ITS Change Management Process The overall goal of Change Management within the ITS Division is to align changes to the business and academic environment thus minimizing impact and reducing the risk of
More informationDomain Name Service Service Level Agreement (SLA) Vanderbilt Information Technology Services
Service Level Agreement Page 1 of 7 Domain Name Service Service Level Agreement (SLA) Vanderbilt Information Technology Services 1. Agreement This agreement is to define Domain Name Service (DNS) provided
More informationSupport and Service Management Service Description
Support and Service Management Service Description Business Productivity Online Suite - Standard Microsoft Exchange Online Standard Microsoft SharePoint Online Standard Microsoft Office Communications
More informationServer Management-Scans & Patches
THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES Server Management-Scans & Patches Report No. 14-11 OFFICE OF INTERNAL AUDITS THE UNIVERSITY OF TEXAS - PAN AMERICAN 1201 West
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationVMware vcloud Air HIPAA Matrix
goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory
More informationEURODAC Central Unit. Inspection Report
EURODAC Central Unit Inspection Report June 2012 Case file: 2011-1103 INDEX 1. INTRODUCTION... 3 1.1 The EURODAC system... 3 1.2 EDPS supervision of the EURODAC Central Unit... 3 1.3 Scope of the inspection...
More informationSystems Support - Standard
1 General Overview This is a Service Level Agreement ( SLA ) between document: and Enterprise Windows Services to The technology services Enterprise Windows Services provides to the customer The targets
More informationRSA SecurID Tokens Service Level Agreement (SLA)
RSA SecurID Tokens Service Level Agreement (SLA) 1. Agreement This Agreement defines RSA SecurID services provided to a Customer. Service definitions include responsibilities, hours, availability, support
More informationTHE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES LAPTOP ENCRYPTION. Report No. 13-14
THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES LAPTOP ENCRYPTION Report No. 13-14 OFFICE OF INTERNAL AUDITS THE UNIVERSITY OF TEXAS - PAN AMERICAN 1201 West University Drive
More informationDraft Information Technology Policy
Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software
More informationEarth-Life Science Institute Tokyo Institute of Technology. Operating Guidelines for Information Security
Earth-Life Science Institute Tokyo Institute of Technology Operating Guidelines for Information Security 2013 1. Purpose The Operating Guidelines for Information Security (hereinafter, the Operating Guidelines
More informationGMS NETWORK ADVANCED WIRELESS SERVICE PRODUCT SPECIFICATION
GMS NETWORK ADVANCED WIRELESS SERVICE PRODUCT SPECIFICATION 1. INTRODUCTION This document contains product information for the GMS Network Service. If you require more detailed technical information, please
More informationProgram No. 1.6.1. Section Heading
ENVIRONMENTAL HEALTH AND SAFETY EHS PROGRAM MANUAL Program Title 1.0 INTRODUCTION The New York City Fire Department (FDNY) is responsible for approving and/or inspecting fire alarm systems, buildings,
More informationITIL by Test-king. Exam code: ITIL-F. Exam name: ITIL Foundation. Version 15.0
ITIL by Test-king Number: ITIL-F Passing Score: 800 Time Limit: 120 min File Version: 15.0 Sections 1. Service Management as a practice 2. The Service Lifecycle 3. Generic concepts and definitions 4. Key
More informationSouthern Law Center Law Center Policy #IT0004. Title: Email Policy
Southern Law Center Law Center Policy #IT0004 Title: Email Policy Authority: Department Original Adoption: 7/20/2007 Effective Date: 7/20/2007 Last Revision: 9/17/2012 1.0 Purpose: To provide members of
More informationChange Management Process
Change Management Process Version 1.0 1 Table of Contents 1 About This Document... 3 1.1 Document Objective... 3 1.2 Process Objectives... 3 2 Change Request Lifecycle Stages... 4 3 Change Request (CR)
More informationHealth Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
More informationAppropriate Use Policy for Information Technology
Appropriate Use Policy for Information Technology Amarillo College Faculty, Staff, Students, Friends and Guests Amarillo College reserves the right to amend or otherwise revise this document as may be
More informationHow To Write A Health Care Security Rule For A University
INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationINFORMATION TECHNOLOGY SERVICES IT CHANGE MANAGEMENT POLICY & PROCESS
INFORMATION TECHNOLOGY SERVICES IT CHANGE MANAGEMENT POLICY & PROCESS Revised: 12/5/2011 Table of Contents Overview... 3 Roles and Responsibilities... 4 Management Process Definition... 6 Management Process
More informationInformation Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Technology Service Manager Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationSecurity Patch Management
The knowledge behind the network. Security Patch Management By Felicia M. Nicastro Senior Network Systems Consultant International Network Services Security Patch Management March 2003 INS Whitepaper 1
More informationFISH AND WILDLIFE SERVICE INFORMATION RESOURCES MANAGEMENT. Chapter 7 Information Technology (IT) Security Program 270 FW 7 TABLE OF CONTENTS
TABLE OF CONTENTS General Topics Purpose and Authorities Roles and Responsibilities Policy and Program Waiver Process Contact Abbreviated Sections/Questions 7.1 What is the purpose of this chapter? 7.2
More informationBACKUP SECURITY GUIDELINE
Section: Information Security Revised: December 2004 Guideline: Description: Backup Security Guidelines: are recommended processes, models, or actions to assist with implementing procedures with respect
More informationChange Submitter: The person or business requesting or filing the Request For Change (RFC) notice.
ROLES, RESPONSIBILITIES, PROCEDUREs Change Submitter: The person or business requesting or filing the Request For Change (RFC) notice. IT Operations Change Manager: The steward of the Change Management
More informationAn Introduction to E-Discovery. Gary Robinson, Director Washington State Department of Information Services September 30, 2008
An Introduction to E-Discovery Gary Robinson, Director Washington State Department of Information Services September 30, 2008 Data Governance/Organization of E-Records Stakeholders Legal Records Officials,
More informationGatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria
Gatekeeper PKI Framework ISBN 1 921182 24 5 Department of Finance and Deregulation Australian Government Information Management Office Commonwealth of Australia 2009 This work is copyright. Apart from
More informationInformation Systems Change Management and Control
Information Systems Change Management and Control (Sample Document - Not for Distribution) Copyright 1996-2012 Management Systems Consulting, Inc. Table of Contents Page 1.0 Procedure Description... 1
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationInformation Technology Services Guidelines
Page 1 of 10 Table of Contents 1. Purpose... 2 2. Entities Affected by This Guideline... 2 3. Definitions... 2 4. Guidelines... 3 4.1 Requesting Data Center or... 3 4.2 Requirements for Data Center or...
More informationAsset Integrity - Process Safety Management
Asset Integrity - Process Safety Management Commit to Process Safety Understand Hazards & Risks Manage Risk Learn from experience Process safety culture Compliance with standards Process safety competency
More informationISAAC Risk Assessment Training
ISAAC Risk Assessment Training v2013 Information Technology Risk Management 1 Agenda Why Assess? Information Security Standards Risk Assessment Process Using ISAAC Information Technology Risk Management
More informationVIRTUAL LEARNING ACADEMY CHARTER SCHOOL POLICY EMPLOYEE ACCEPTABLE USE POLICY
VIRTUAL LEARNING ACADEMY CHARTER SCHOOL POLICY EMPLOYEE ACCEPTABLE USE POLICY GBEA Goals: The goal of Virtual Learning Academy (VLACS) in providing the technology resources, network services, the Internet
More informationARTICLE 10. INFORMATION TECHNOLOGY
ARTICLE 10. INFORMATION TECHNOLOGY I. Virtual Private Network (VPN) The purpose of this policy is to provide guidelines for Virtual Private Network (VPN) connections to Education Division s resources.
More informationHow To Manage Change Management At Uni
Change Management Process VERSION 1.0 Version Date: 1 May 2006 Table of Revisions REVISION NUMBER DESCRIPTION OF CHANGES (PARAGRAPH AND OR SECTION NUMBERS FOR REVISION TRACKING) DATE OF CHANGE REVIEWED
More informationIT Coordinator Guide to BCCS Services
CENTRAL MANAGEMENT SERVICES Bureau of Communication and Computer Services IT Coordinator Guide to BCCS Services Connect to BCCS Website: http://www2.illinois.gov/bccs Revised: August 2011 Table of Contents
More informationHIPAA Information Security Overview
HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is
More informationMARQUIS DISASTER RECOVERY PLAN (DRP)
MARQUIS DISASTER RECOVERY PLAN (DRP) Disaster Recovery is an ongoing process to plan, develop, test and implement changes, processes and procedures supporting the recovery of the critical functions in
More informationExhibit to Data Center Services Service Component Provider Master Services Agreement
Exhibit to Data Center Services Service Component Provider Master Services Agreement DIR Contract No. DIR-DCS-SCP-MSA-002 Between The State of Texas, acting by and through the Texas Department of Information
More informationThe University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1
Version 3.1 November 22, 2004 TABLE OF CONTENTS PART 1: DISASTER RECOVERY EXPECTATIONS... 3 OVERVIEW...3 EXPECTATIONS PRIOR TO AN INCIDENT OCCURRENCE...3 EXPECTATIONS PRIOR TO A DISASTER OCCURRENCE...4
More informationCONTENTS. Introduction Page 2. Scope.Page 2. Policy Statements Pages 2-3. Major IT Security Incidents Defined... Page 3
POLICY TITLE: Policy POLICY #: CIO-ITSecurity 09.1 Initial Draft By - Position / Date: D. D. Badger - Dir. PMO /March-2010 Initial Draft reviewed by ITSC/June 12-2010 Approved By / Date: Final Draft reviewed
More informationUniversity of Michigan Medical School Data Governance Council Charter
University of Michigan Medical School Data Governance Council Charter 1 Table of Contents 1.0 SIGNATURE PAGE 2.0 REVISION HISTORY 3.0 PURPOSE OF DOCUMENT 4.0 DATA GOVERNANCE PROGRAM FOUNDATIONAL ELEMENTS
More informationEnterprise UNIX Services - Systems Support - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and Enterprise UNIX Services to document: The technology services Enterprise UNIX Services provides to the customer. The targets for
More informationIBM Implementation Services for Power Systems IBM Systems Director
Sample Statement of Work for Services This an example and your Statement of Work may vary given your specific requirements and the related IBM engagement. IBM Implementation Services for Power Systems
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationThe purpose of this document is to define the Change Management policies for use across UIT.
UNIVERSITY OF UTAH - IT OPERATIONS POLICY UIT CHANGE MANAGEMENT POLICY Chapter or Section: Information Technology ID SOP-CNFM.001 UIT Configuration Management Policy Rev Date Author Change 4.4 9/29/11
More informationINFORMATION SECURITY California Maritime Academy
CSU The California State University Office of Audit and Advisory Services INFORMATION SECURITY California Maritime Academy Audit Report 14-54 April 8, 2015 Senior Director: Mike Caldera IT Audit Manager:
More informationIT Service Management
RL Consulting People Process Technology Organization Integration IT Service Management Change Management Methods and Implementation Best Practices White Paper Prepared by: Rick Leopoldi June 19, 2002 Change
More informationComputer Security Incident Reporting and Response Policy
SECTION: 3.8 SUBJECT: Computer Security Incident Reporting and Response Policy AUTHORITY: Executive Director; Chapter 282.318, Florida Statutes - Security of Data and Information Technology Resources;
More informationRESPONSIBLE COMPUTER USE POLICY (ADOPTED AUGUST 3, 2006)
RESPONSIBLE COMPUTER USE POLICY (ADOPTED AUGUST 3, 2006) on-line at www.ccc.edu I. INTRODUCTION All users shall abide by the following provisions contained herein, or otherwise may be subject to disciplinary
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationDEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY
DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed
More informationAUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN. 1250 Siskiyou Boulevard Ashland OR 97520
AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN 1250 Siskiyou Boulevard Ashland OR 97520 Revision History Revision Change Date 1.0 Initial Incident Response Plan 8/28/2013 Official copies
More informationAddress IT costs and streamline operations with IBM service desk and asset management.
Asset management and service desk solutions To support your IT objectives Address IT costs and streamline operations with IBM service desk and asset management. Highlights Help improve the value of IT
More informationIMAC/D Service description
IMAC/D Service description June 2012 Content 1. Service Name... 3 2. Service type... 3 3. Business description... 3 4. What is included... 3 5. What is optional/additional... 5 6. Benefits... 5 7. Service
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
More informationPolicies of the University of North Texas Health Science Center
Policies of the University of North Texas Health Science Center 14.650 UNT Health IT Change Policy Chapter 14 UNT Health Policy Statement. It is the standard operating policy of UNT Health, UNTHSC Academic
More informationOPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,
More informationCCIT Change Management Procedures & Documentation
CCIT Change Management Procedures & Documentation 1.0 Introduction A major challenge within any organization is the ability to manage change. This process is even more difficult within an IT organization.
More informationFor more information, please visit the IST Service Catalog at http://ist.berkeley.edu/services/is/calweb-iis
1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windows Team to document: The technology services the Enterprise Windows Team provides to the customer The targets
More information