Columbia College Process for Change Management Page 1 of 7



Similar documents
RSA SecurID Tokens Service Level Agreement (SLA)

NYSED DATA DASHBOARD SOLUTIONS RFP ATTACHMENT 6.4 MAINTENANCE AND SUPPORT SERVICES

Change Management. Change Management Procedure. Table of Contents. (Revision Date: 1/30/2014)

i. Maintenance of the operating system, applications, content on the server, or fault tolerant network connections

Domain Name Service Service Level Agreement (SLA) Vanderbilt Information Technology Services

The Service Provider will monitor the VM for the Customer and provide notifications on an opt in basis, which is strongly recommended.

Draft Copy. Change Management. Release Date: March 18, Prepared by: Thomas Bronack

Service Level Agreement (SLA) for Customer by. Cybersmart ISP. (Cloud Hosting Agreement)

Customer Support Policy

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Cisco Change Management: Best Practices White Paper

Technical Standards for Information Security Measures for the Central Government Computer Systems

Managed Storage Service Level Agreement (SLA)

RL Solutions Hosting Service Level Agreement

SAAS MADE EASY: SERVICE LEVEL AGREEMENT

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Infasme Support. Incident Management Process. [Version 1.0]

SERVICE LEVEL AGREEMENT

Prepared by: OIC OF SOUTH FLORIDA. May 2013

Microsoft Hyper-V Powered by Rackspace & Microsoft Cloud Platform Powered by Rackspace Support Services Terms & Conditions

California Department of Technology, Office of Technology Services WINDOWS SERVER GUIDELINE

CCIT Change Management Procedures & Documentation

SaaS Service Level Agreement (SLA)

Nexus Support and Maintenance Policy ( SMP )

ITSM Process Description

SERVICE LEVEL AGREEMENT - Shared Exchange Hosting

THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY.

SERVICE LEVEL AGREEMENT: Shared Exchange Hosting

SERVICE LEVEL AGREEMENT

Information Technology Engineers Examination. Network Specialist Examination. (Level 4) Syllabus. Details of Knowledge and Skills Required for

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

PHASE 9: OPERATIONS AND MAINTENANCE PHASE

Information Services. Standing Service Level Agreement (SLA) Firewall and VPN Services

Business Unit CONTINGENCY PLAN

Accruent Customer Support Policy

Platform as a Service (PaaS) Policies and Procedures

Change Management Process. June 1, 2011 Version 2.7

Technical Support Scope of Services

Exhibit E - Support & Service Definitions. v1.11 /

Community Anchor Institution Service Level Agreement

Custom Application Support Program Guide Version March 02, 2015

REQUEST FOR PROPOSAL-INFORMATION TECHNOLOGY SUPPORT SERVICES

Ohio Supercomputer Center

SHARED WEB AND MAIL HOSTING SERVICE LEVEL AGREEMENT (SLA) 2010

Guidance on IRB Continuing Review of Research

ENTERPRISE IT SERVICE MANAGEMENT BUREAU OF ENTERPRISE SYSTEMS AND TECHNOLOGY ENTERPRISE SERVICE DESCRIPTION FOR. Ocotber 2012

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

Business Continuity Planning and Disaster Recovery Planning

ITIL by Test-king. Exam code: ITIL-F. Exam name: ITIL Foundation. Version 15.0

Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, Designtech Cloud-SaaS Hosting and Delivery Policy

Recovery Management. Release Data: March 18, Prepared by: Thomas Bronack

CITY UNIVERSITY OF HONG KONG Change Management Standard

Infrastructure Technical Support Services. Request for Proposal

N e t w o r k E n g i n e e r Position Description

ADVANCED CUSTOMER SUPPORT ORACLE FUNCTIONAL HELP DESK EXHIBIT

INFORMATION SYSTEMS SPECIALIST

MANAGED SECURITY SERVICES RESPONSIBILITIES GUIDE July 2013

Introduction to Change

CounselorMax and ORS Managed Hosting RFP 15-NW-0016

Enterprise UNIX Services - Systems Support - Extended

Service Offering: Outsourced IdM Administrator Service

General Computer Controls

Secondary DMZ: DMZ (2)

Change Submitter: The person or business requesting or filing the Request For Change (RFC) notice.

Systems Support - Standard

Complete Managed Services. Proposal for managed services for the City of Tontitown

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

CA API Management SaaS

SYSTEM SOFTWARE AND OR HARDWARE SUPPORT SERVICES (PREMIUM 24x7)

IST Drupal Cloud Hosting SLA

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014

APPENDIX 8 TO SCHEDULE 3.3

Software Citrix CSP Service Agreement. 1.0 Terminology. 3.0 Service Options. 4.0 Service Delivery. 2.0 Service Description

City of Richmond Business and Financial Services Department. Contract 4595P. Security Information Event Management System

Network Computing Architects Inc. (NCA) Network Operations Center (NOC) Services

Statement of Service Enterprise Services - MANAGE Microsoft IIS

HOSTEDMIDEX.CO.UK. Additional services are also available according to Client specific plan configuration.

Schedule 2Z Virtual Servers, Firewalls and Load Balancers

Network & Information Services Network Service Level Commitment

Change Management Process

Change Management Revision Date: October 10, 2014

Service Level Agreement Between: Computing and Informational Technology And The Finance and Business Operations Division

THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( Exchange My Mail ).

Service Availability Metrics

CHANGE MANAGEMENT POLICY

ADOBE PSLT - ADOBE EXPERIENCE MANAGER: MANAGED SERVICES BASIC (2015V2.1)

General IT Controls Audit Program

Data Center Services

TechExcel. ITIL Process Guide. Sample Project for Incident Management, Change Management, and Problem Management. Certified

Ancero Backup & Disaster Recovery (BDR) Service Guide

Binary Tree Support. Comprehensive User Guide

Virtual Private Cloud. Service Level Agreement. Terms and Abbreviations

Transcription:

Page 1 of 7 Executive Summary Columbia College's Process for Change Management is designed to provide an orderly and documented method in which changes to the College's computing environment are requested and approved prior to their implementation so as to minimize service disruptions and promote system availability. The process works to ensure that all elements are in place, all parties are notified in advance, and the schedule for implementation is coordinated with all other activities within the organization. Through the process' planning and community review procedures, the process further seeks to ensure the success of changes. Columbia College Information Technology (CCIT) is tasked with providing a stable and reliable information technology infrastructure for the College Computing Community and is responsible for overseeing and maintaining the process for change management described herein. Scope of Policy The process for change management provides a process to apply changes, upgrades, or modifications to Columbia College's information technology environment. The process applies to any activities that might affect the environment that the College Computing Community relies upon to conduct normal business operations. Such activities include, but are not limited to, the following: any and all modifications, additions, or changes to hardware, software, networking, and applications environmental changes and shutdowns events that may alter the normal operating procedures. Changes to the computing environment arise from many circumstances, such as: periodic maintenance user requests hardware and/or software upgrades acquisition of new hardware and/or software changes or modifications to the infrastructure environmental changes operations schedule changes changes in hours of availability unforeseen events The above list is not all inclusive, and further examples of changes to which this process applies are provided within the Types Of Changes To Which This Process Applies section of this document. If you are unsure whether a change needs to be submitted through the process for change management, you are encouraged to contact Columbia College Information Technology (CCIT).

Page 2 of 7 The Change Management Process All change requests must be submitted on the College Change Request Form located at the following URL: http://ccit.college.columbia.edu/ Prior to submitting a change request, the requester should: Perform all research, analysis, and planning necessary to successfully mapping out the scope of the change and resources required. Obtain the approval of their management so as to ensure that managers are aware of requests and changes originating from or affecting their area of responsibility. Change requests should be submitted to CCIT with as much advanced notice as possible such that the request may be given careful consideration, all necessary parties may be contacted, and all requisite preparation and coordination might be completed. CCIT will assign a staff member to perform an initial review of the submitted change request for completeness and adequacy. This initial reviewer will also work with the change requester to improve the request prior to formal review. Prior to formal review and decisioning of a request, the assigned CCIT staff member will determine all parties whose input and consideration are necessary for review and decisioning of the request. These necessary parties will be invited to a meeting in which the request will be formally reviewed and decisioned. CCIT will schedule a meeting in which the change request is to be formally reviewed and decisioned by all necessary parties. Review of the change request will be as per the Change Review Guidelines section of this document. It is desirable that the Change Requester be present at the meeting to clarify aspects of the submitted change request and participate in the decisioning process. If approved, the following will apply: If the change request is approved, CCIT will assign a Change Manager to work with the change requester in coordinating and scheduling the change. Conditions and procedural checklists will be developed and attached to the approval as per the Approval Conditions and Requirements Development Guidelines outlined below. As approved requests may have conditions, requirements, and procedural checklists attached, the change requester may need to modify the plan outlined in their change request to achieve compliance with the stipulated conditions or procedural checklists. CCIT and other necessary parties will schedule the change and modify the proposed change request time line as appropriate. If there exist scheduling conflicts, CCIT will notify parties of scheduling conflicts needing resolution. CCIT will assign a Change Manager to oversee coordination and execution of an approved change as well as all conditions and requirements attached to the approval. Should there be a scheduling conflict, CCIT will notify all involved parties of the conflict and attempt to work with the parties in resolving the scheduling conflict. If the parties cannot reach an agreement, the issue will be forwarded to the College's Senior Administration for resolution.

Page 3 of 7 All affected users will be notified of the scheduled change, possible interruptions of service, and the impact of the change. Upon execution of a change, status is to be communicated at defined intervals. Upon completion of execution of a change, the outcome of the change is to be fully documented and submitted to CCIT. Updating, Correcting, or Withdrawing a Change Request Once a change request has been submitted and a situation arises that the request must be updated, corrected, or withdrawn, an email is to be sent to CCIT as soon as possible requesting the change submission to be removed from consideration. A new change request form must then be submitted to CCIT reflecting all updates or corrections. An exception to this requirement may be a minor correction in the content of the previously submitted request. If there is a question as to whether or not a new form should be submitted, please contact CCIT. Procedures During Emergencies Emergencies exist only as a result of: a business critical component of the College Computing environment meeting the following criteria: 1. the component is inoperable, 2. the component is preventing a time sensitive or mission critical task from being completed, 3. this is creating a negative business impact, and 4. another comparable component cannot be utilized a response to a disaster All emergencies are handled on an as required basis with the approval of the Executive Director of Columbia College Information Technology or an appointed designee and must follow the guidelines below. Verbal or written approval must be obtained to execute the change. A minimal notification will be submitted providing the following information: Will the change cause an interruption in service and what will the estimated downtime will be? What aspects of the College Computing environment (users, processes, systems) will be affected? A brief description of the change Potential workarounds until the problem is resolved. An emergency change request form and supporting documentation for the change must be submitted immediately after the change occurs. CCIT will review all emergency submissions to ensure the change met the criteria for an emergency change and to prevent the process from becoming normal practice to circumvent the Process for Change Management. Any questions will be directed to the approver of the change.

Page 4 of 7 Vendor & Third Party Consultant Change Requests Vendors and third party consultants that maintain portions of the College's computing environment will submit change notifications to their designated CCIT contact using the College Change Request Form. The CCIT contact is then responsible for evaluating and discussing the proposed change with the vendor prior to submitting the form for consideration. Change Review Guidelines At the scheduled meeting, CCIT and all necessary parties will analyze and review the change request submitted so as to determine the impact upon the College Computing Community. To determine the impact, participants will do as follows: Review, and verify the adequacy, correctness, and completeness of the information submitted on the change request form. Perform benefit/cost/risk analysis. Determine the criticality of the request as per Guidelines For Determination of Criticality as outlined herein. Verify the proposed action plan and back out plan Determine and test assumptions of the change request. Evaluate test results and test procedures to determine whether test information presented is relevant and suggestive of success. Determine whether the proposed time line presented is realistic considering what is to be accomplished, potential impact upon systems and processes, and margin for error. Determine whether all requirements for change have been satisfied or will be satisfied prior to the change. Determine whether the plan of action and back out plans sufficiently reduce risk to an acceptable level. Upon completion of the above review, meeting participants will decision the change request. If approved, the Change Decision Guidelines described below will be used to communicate conditions and requirements attached to the approval. Additionally, a Change Manager will be assigned. Regardless of decision, the decision will be communicated to the Change Requester if they are not present at the meeting. Guidelines For Determination of Criticality What follows are guidelines for assigning levels of criticality. When discussed below, a viable workaround is defined as a workaround possibly creating inconvenience, but not creating an adverse mission impacting performance degradation. Emergency: A situation causing severe potential or actual business impact requiring immediate action, for which no viable workaround exists, for which the full process for change management

Page 5 of 7 cannot reasonably be conducted given time constraints/ urgency for action, and for which a solution is needed immediately. This type of request will receive an immediate initial analysis. The corrective action is implemented as soon as a viable fix is available. Appropriate review and follow up documentation must be submitted as soon as possible afterward. Critical: A situation causing severe potential or actual business impact requiring immediate or prompt attention, for which no viable workaround exists,, for which a solution is needed immediately, but for which there exists a window of opportunity to consider and schedule the change via the process for change management without further adverse affect to the organization. Major: A change whose potential or actual business impact requires immediate or prompt attention, for which a viable workaround exists, and a solution is required quickly or before the point of impact is reached. Normal: A change whose business impact is expected to be moderate, for which a workaround exists, and for which a solution is needed but in a time frame allowing for flexibility. Minor: Minor changes are those whose business impact is expected to be minimal and for which a solution is necessary. This level of criticality is intended primarily for new requirements and for fixing capabilities that are currently operational but are difficult or awkward to use. Approval Conditions and Requirements Development Guidelines Upon approval of a change request, the following guidelines will be applied to create requirements for execution of the change. If modifications to the proposed time line and date for execution of the request are necessary, these will be stated as requirements for the change. Aspects of the change deemed as conditions to execution of the change will be defined as conditions that must be satisfied prior to or as part of the execution of the change and will be attached as requirements and procedural checklists for the change. Deficiencies or corrections to the change request will be noted and, if necessary, communicated as requirements for the change. Communication pathways and contacts will be defined and presented as a requirement for the change. A schedule for communications prior to, during execution of, and upon completion of the change will be established. The Change Manager assigned to the change request will communicate and oversee all guidelines developed as conditions or requirements of the change's approval. Roles of Participants Within The Process of Change Management For purposes of clarity within this document it is assumed that a Change Requester is the same entity as the Change Agent the entity executing upon the change or providing technical skills/knowledge in furtherance of the change. Regardless of whether this is the case, it is the responsibility of those requesting the change and executing upon the change to work together in analysis, planning, communication, execution and documentation of the change.

Page 6 of 7 Role of the Change Requester It is the primary responsibility of the individual submitting a request to evaluate the change prior to submission. The change requester s responsibilities are described below: Development & Submission of the Change Request Perform analysis of benefits, costs, and risks related to the change Research the requirements to achieve a successful change and to verify that all requirements are available. Evaluate the impact to the College Computing environment and the College Computing Community. Document and coordinate a back out plan. This should explain the steps that must be taken to restore access in the event that the change has a negative impact. Develop a plan of action that reduces risk to an acceptable level and lessens the affects on users and processes should the change cause an outage. Obtain approval for the change request from CCIT by submitting a complete, concise, and descriptive Change Request Form. Forms not completed properly will be rejected and returned to the requester with an explanation for denial. Execution & Follow Up If the change request is approved, Work with CCIT to ensure that the all effected computing community members are aware of any possible impact. Follow all conditions and procedural checklists that may have been attached to the approval. Report unplanned outages or problems immediately to the appointed CCIT Change Manager. Communicate status updates to the appointed CCIT Change Manager upon conclusion of the change and file documentation on the change. The documentation should provide a detailed update on the success or failure of the change. Role of the Change Manager To oversee execution of an approved change, CCIT will designate a Change Manager to oversee the change process. The change manager's responsibilities include the following: Oversee the activities of the change requester Coordinate the changes/events Coordinate proper on site or on call support as needed to resolve any problems or answer any questions that may occur during installation, or immediately subsequent to installation. Facilitate communications between the change requester, CCIT, and the College Computing Community. Such communications include:

Page 7 of 7 Notifications of the change/event, the need for the change, the potential impact of the change, preparations or actions the community should take, follow up actions the community should take, and the schedule of the change Notifications of any changes of plan or schedule Notification of status and deviations from plan that impact community members Types Of Changes To Which This Process Applies The following presents a sampling of types of changes that must be considered via the Process for Change Management described herein. The list below is not comprehensive. Therefore, if you are unsure if a change needs to be submitted through the Process for Change Management, you are encouraged to contact Columbia College Information Technology (CCIT). Hardware: hardware changes, re configurations, deployments, retirements, re locations, maintenance (preventative or emergency). Software: software patches; minor/major product releases; operating system changes; installations; system wide re configurations; deployments (local or remote) Operations: Changes to downtime schedules; changes to backup policies; modifications of automated tasks; modifications of systems monitoring software; planned system outages; changes to delivering services; changes to service levels; ADS group policy modifications Security: modification of points of access, modification of firewall rule sets; modification of automated scanning services (e.g. anti virus services); modification of privileges; modification of services; grants of privileges Environment: UPS systems; electrical work; physical maintenance; security systems; backup storage Internally developed applications and information systems: Implementation of new applications, systems, or modifications to such. Migration from test to production of source code. Network systems: Additions or modifications to DNS, VPN, switches, network access, network interfaces.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information