CCIT Change Management Policy



Similar documents
CCIT Change Management Procedures & Documentation

Change Management Living with Change

Page 1 of 8. Any change, which meets the following criteria, will be managed using IM/IT Change Management Process.

The purpose of this document is to define the Change Management policies for use across UIT.

Platform as a Service (PaaS) Policies and Procedures

Change Submitter: The person or business requesting or filing the Request For Change (RFC) notice.

Change Management. Service Excellence Suite. Users Guide. Service Management and Service-now

HP Service Manager. Process Designer Content Pack Processes and Best Practices Guide

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Change Management Revision Date: October 10, 2014

University of Waikato Change Management Process

Change Management. Change Management Procedure. Table of Contents. (Revision Date: 1/30/2014)

Change Management Process. June 1, 2011 Version 2.7

FLORIDA COURTS E-FILING AUTHORITY HELP DESK POLICIES & PROCEDURES

How To Manage Change Management At Uni

Enterprise UNIX Services - Systems Support - Extended

ITIL Version 3.0 (V.3) Service Transition Guidelines By Braun Tacon

Chris Day, Acting Director of IT Services C Day. Configuration Manager Change Manager Change Assessors Change Implementers

ITIL Example change management procedure

INFORMATION TECHNOLOGY SERVICES IT CHANGE MANAGEMENT POLICY & PROCESS

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

ICS Operations & Policies Manual. For State Agencies Providing and Using Consolidated Services

Process Description Change Management

Exam : EX Title : ITIL Foundation Certificate in IT Service Management. Ver :

HUIT Change Management with ServiceNow. September 2013

How To Use Adobe Software For A Business

TechExcel. ITIL Process Guide. Sample Project for Incident Management, Change Management, and Problem Management. Certified

Change Management Policy

IT Security Agency Policies and Procedures

IT CHANGE MANAGEMENT POLICY

Internal Audit Report ITS CHANGE MANAGEMENT PROCESS. Report No. SC-11-11

An ITIL Perspective for Storage Resource Management

User Guide for Submitters

ESXi Cluster Services - SLA

Infrastructure Change Management. The process and procedures for all changes to the live environment

The Newcastle upon Tyne Hospitals NHS Foundation Trust. IT Change Management Policy and Process

Analytics Reporting Service

Systems Support - Standard

For more information, please visit the IST Service Catalog at

Yale University Change Management Process Guide

Software Quality Assurance (SQA) Testing

ITIL Essentials Study Guide

ITIL Intermediate Lifecycle Stream:

ENTERPRISE CHANGE MANAGEMENT PROCESS

WHITE PAPER. Best Practices in Change Management

Problem Management: A CA Service Management Process Map

SOLUTION WHITE PAPER. Align Change and Incident Management with Business Priorities

Bloom Enhanced Performance Monitoring Service Level Agreement

University of Bedfordshire ISD Change Management Policy

Novo Service Desk Software

Service Level Agreement for Database Hosting Services

Columbia College Process for Change Management Page 1 of 7

RSA SecurID Tokens Service Level Agreement (SLA)

CHG-11-G-001 Does the tool use ITIL 2011 Edition process terms and align to ITIL 2011 N/A. Edition workflows and process integrations?

Service Support. Change

ASIAN PACIFIC TELECOMMUNICATIONS PTY LTD STANDARD FORM OF AGREEMENT. Schedule 3 Support Services

Introduction Purpose... 4 Scope... 4 Manitoba ehealth Change Management... 4 Icons RFC Procedures... 5

IT Service Management Center

Gwinnett County Public Schools Information Management & Technology BMC FootPrints Service Core CHANGE MANAGEMENT User Guide

Symmetry Networks. Corporate Managed Services Schedule

HP Change Configuration and Release Management (CCRM) Solution

ADDITIONAL TERMS FOR HOSTED EXCHANGE SERVICES SCHEDULE 2Z

ITIL Roles Descriptions

UMHLABUYALINGANA MUNICIPALITY IT CHANGE MANAGEMENT POLICY

Maruleng Local Municipality ICT CHANGE MANAGEMENT POLICY

Process Owner: Change Manager Version: 1.0

Service Level Agreement (SLA)

White Paper. Change Management: A CA IT Service Management Process Map

Applying ITIL v3 Best Practices

CHANGE MANAGEMENT PROCESS

Best Practices in Change Management WHITE PAPER

Change Management Policy

ITIL Introducing service transition

Aberdeen City Council IT Security (Network and perimeter)

Data Center Services

How To Create A Help Desk For A System Center System Manager

Data Center Colocation - SLA

How to integrate Verax NMS & APM with Verax Service Desk

Which ITIL process or function deals with issues and questions about the use of services, raised by end users?

ITIL Example emergency change management procedure

ITIL by Test-king. Exam code: ITIL-F. Exam name: ITIL Foundation. Version 15.0

Managed LAN Service Level Agreement

National Capital Region Interoperable Communications Infrastructure (NCR ICI)

Support and Service Management Service Description

GMS NETWORK BASIC PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. GMS Network Basic

Transcription:

CCIT Change Management Policy Executive Summary The Clemson Computing & Information Technology (IT) infrastructure at Clemson University is expanding and continuously becoming more complex. There are more people dependent upon the network, more client machines, upgraded and expanded administrative systems, and more application programs. As the interdependency within the IT infrastructures grows, the need for a strong change management process is essential. From time to time IT elements require an outage for planned upgrades, maintenance or finetuning. Additionally, unplanned outages may occur that could result in upgrades or maintenance. Managing these changes is a critical part of providing a robust and valuable IT infrastructure Change Management is a process, which by its lack of maturity can have the most dramatic impact on the business. Unapproved, unplanned, and uncoordinated changes can impact the business customer on a frequent basis. Additionally, without the ability to control when, how and by whom things are changed in the production environment, other processes such as Release and Configuration Management cannot be effectively implemented. A controlled Change Management process is a dependency for several other IT business practices. Purpose The purpose of the Change Management Policy is to manage changes in a rational and predictable manner so that staff and customers can plan accordingly. Changes require serious forethought, careful monitoring, and follow-up evaluation to reduce negative impact to the user community and to increase the value of IT resources and their resultant services. Policy Policy Coverage: The Clemson Computing & Information Technology Change Management Policy applies to all individuals that install, operate or maintain IT resources and services.

Change Management: Every change to a Production Clemson Computing & Information Technology resource such as: operating systems, computing hardware, networks, databases and applications are subject to this Change Management Policy and must follow the Change Management Procedures. All changes affecting computing environmental facilities (e.g., air-conditioning, water, heat, plumbing, electricity, and alarms) must be reported to or coordinated with the leader of the Change Management process. A Change Management Change Advisory Board (CAB), appointed by CCIT leadership, will meet regularly to review change requests and to ensure that change reviews and communications are being satisfactorily performed. A request for change ticket must be submitted for all changes, both scheduled, emergency, and unscheduled. All scheduled change requests must be submitted in accordance with change management procedures so the Change Advisory Board has time to review the request, determine and review potential failures, and make the decision to allow or delay the request. Each scheduled change request must receive Change Advisory Board, or Change Manager, approval before proceeding with the change. The only exception to this will be those changes receiving pre-approved status or those changes that have been delegated, such as password changes. Emergency changes require CCIT Change Manager approval prior to implementation. Any emergency change affecting those services deemed critical will be communicated to the Change Discussion email list. The CCIT Change Manager may deny a scheduled or unscheduled change for reasons including, but not limited to, inadequate planning, inadequate backout plans, the timing of the change will negatively impact a key business process such as year end accounting, or if adequate resources cannot be readily available. Adequate resources may be a problem on weekends, holidays, or during special events. Customer notification must be completed for each scheduled or unscheduled change following the steps contained within the Change Management Procedures. All information systems, services and processes must comply with the change management process that meets the standards outlined above. Other equipment or facilities that may affect the production environment are also subject to compliance with the change management process. Disciplinary Actions Violation of this policy may result in disciplinary action, which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Definitions Change Management. The practices of ensuring all changes to Configuration Items are carried out in a planned and authorized manner. This includes ensuring that there is a

business reason behind each change, identifying the specific Configuration Items and IT Services affected by the change, planning the change, testing the change, and having a backout plan should the change result in an unexpected state of the Configuration Item. Change Advisory Board (CAB). A CAB is an integral part of a defined change management process designed to balance the need for change with the need to minimize inherent risks. A CAB is comprised of representatives of the key functional areas of CCIT, customer representatives, security office, service desk and Service Management staff. The CAB is responsible for oversight of all changes in the production environment. Plus the changes may involve hardware, software, configuration settings, patches, etc. Change Discussion email list. An email distribution list with members from all units within CCIT. Members include senior staff, directors, and managers. Related Documents Change Management Standard Operating Procedures

Violation of this policy may result in disciplinary action which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Definitions Change Management. The practices of ensuring all changes to Configuration Items are carried out in a planned and authorized manner. This includes ensuring that there is a business reason behind each change, identifying the specific Configuration Items and IT Services affected by the change, planning the change, testing the change, and having a backout plan should the change result in an unexpected state of the Configuration Item. Change Advisory Board (CAB). A CAB is an integral part of a defined change management process designed to balance the need for change with the need to minimize inherent risks. A CAB is comprised of representatives of the key functional areas of CCIT, customer representatives, security office, service desk and Service Management staff. The CAB is responsible for oversight of all changes in the production environment. Plus the changes may involve hardware, software, configuration settings, patches, etc. Change Advisory Board/Emergency Committee. The CAB/EC is a subset of the full CAB responsible for assessing and approving urgent changes as a result of a system or service Incident. Change Management Governance Board (CMGB). The CMGB is comprised of the executive leadership of CCIT and the Change Manager. The CMGB is responsible for assessing and approving emergency changes as a result of a system or service Incident. The CMDB may be convened by the CCIT Change Manager in those situations interruptions of Clemson University s critical services. Additionally, the CMGB may be called upon to rule on scheduling issues that cannot be resolved by the normal CAB and CCIT Change Manager. Related Documents Change Management Standard Operating Procedures http://ccit.clemson.edu/departments/cso/operations/chg_mgmt/sop.pdf Revisions Current: 1.0 Next Revision: June 8, 2008 Administrative Update: Approvals Approved, CCIT Executive Staff June 8th, 2007

Change Management Policy Addendum DHHS Systems Implemented April 23, 2014 Summary Due to governing regulations, and the nature of data processed by SCDHHS systems, CCIT requires additional security oversight beyond normal Change Management procedures for changes affecting SCDHHS systems. The procedure presented in this Addendum applies to all SCDHHS hosted systems as well as any supporting systems SCDHHS systems require for operation. Additional Procedures Required: Change Requestor Change requestor must submit a request ticket to the Office of Information Security and Privacy (OISP) for a Security Impact Analysis (SIA) via ITHelp.clemson.edu. Once the SIA is complete, and OISP provides approval via the ITHelp ticket, the requestor can then enter a RFC via the normal CCIT Change Management Procedure. When creating the RFC the requestor must check the SCDHSS Affected box and include the ITHelp ticket number for the SIA approval on the RFC Information Tab. Emergency RFCs can be submitted and approved without an SIA as long as the change does not modify the configuration of a device or software. o If an emergency RFC entails modifying the configuration of a device or software, an SIA must be completed before the change can take place. In this case the Change Requestor should engage the OISP group directly. Change Manager All RFC submissions should be checked against a list of known SCDHHS systems and services. Any RFC found to affect known SCDHHS systems should not be placed on the weekly CAB agenda, or set to an online vote status until an SIA is successfully completed via an ITHelp.clemson.edu ticket. Questions Email Change_Manager-L@clemson.edu CCIT Change Management Policy and Procedures: http://www.clemson.edu/ccit/help_support/cm/

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information