IT CHANGE MANAGEMENT POLICY



Similar documents
IT BACKUP POLICY. This Policy applies to all University electronic data stored on all IT-managed applications and systems.

Change Management Service Description

Change Submitter: The person or business requesting or filing the Request For Change (RFC) notice.

Change Management Process. June 1, 2011 Version 2.7

Change Management. Service Excellence Suite. Users Guide. Service Management and Service-now

The Newcastle upon Tyne Hospitals NHS Foundation Trust. IT Change Management Policy and Process

TechExcel. ITIL Process Guide. Sample Project for Incident Management, Change Management, and Problem Management. Certified

Enterprise UNIX Services - Systems Support - Extended

CITY UNIVERSITY OF HONG KONG Change Management Standard

FLORIDA COURTS E-FILING AUTHORITY HELP DESK POLICIES & PROCEDURES

Gwinnett County Public Schools Information Management & Technology BMC FootPrints Service Core CHANGE MANAGEMENT User Guide

HUIT Change Management with ServiceNow. September 2013

Information & Technology Management Branch Ministry of Education. Change Management Policy

Process Description Change Management

Systems Support - Standard

Information & Technology. Change Management Policy

Change Management Revision Date: October 10, 2014

Departmental On-Site Computing Support (DOCS) Server Support SLA

Change Management. Change Management Procedure. Table of Contents. (Revision Date: 1/30/2014)

Introduction Purpose... 4 Scope... 4 Manitoba ehealth Change Management... 4 Icons RFC Procedures... 5

New River Community College. Information Technology Policy and Procedure Manual

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

REQUEST FOR PROPOSAL-INFORMATION TECHNOLOGY SUPPORT SERVICES

For more information, please visit the IST Service Catalog at

Change Management Process Guide

Data Center Colocation - SLA

How To Manage An Ipa Print Service At A College Of Korea

ESXi Cluster Services - SLA

Prepared by: OIC OF SOUTH FLORIDA. May 2013

Service Level Agreement SAN Storage

Information Services. Standing Service Level Agreement (SLA) Firewall and VPN Services

Request for Proposal Technology Services Maintenance and Support

Managed Services Agreement. Hilliard Office Solutions, Ltd. PO Box Phone: Midland, Texas Fax:

White Paper August BMC Best Practice Process Flows for ITIL Change Management

Service Asset & Configuration Management PinkVERIFY

Yale University Change Management Process Guide

EXIN.Passguide.EX0-001.v by.SAM.424q. Exam Code: EX Exam Name: ITIL Foundation (syllabus 2011) Exam

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Service Level Agreement (SLA)

Designtech Cloud-SaaS Hosting and Delivery Policy, Version 1.0, Designtech Cloud-SaaS Hosting and Delivery Policy

How To Create A Help Desk For A System Center System Manager

Adlib Hosting - Service Level Agreement

IT Services. incident criteria

ICT Change Management Policy. 3 rd Party Support Guide

Service Level Agreement Between: Computing and Informational Technology And The Finance and Business Operations Division

CCIT Change Management Procedures & Documentation

Computer and Network Security Policy

ITIL by Test-king. Exam code: ITIL-F. Exam name: ITIL Foundation. Version 15.0

IT Service Desk Workflow Management in versasrs HelpDesk

HP Service Manager. Process Designer Content Pack Processes and Best Practices Guide

BSM for IT Governance, Risk and Compliance: NERC CIP

Unit Specific Questions Administrative

ITU Service - Content Management System (CMS)

INFORMATION TECHNOLOGY SERVICES IT CHANGE MANAGEMENT POLICY & PROCESS

HP Change Configuration and Release Management (CCRM) Solution

Policies of the University of North Texas Health Science Center

Process Owner: Change Manager Version: 1.0

White Paper. Change Management: A CA IT Service Management Process Map

MICROSOFT EXCHANGE HOSTING SERVICE LEVEL AGREEMENT ( SLA )

We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions

SERVICE SCHEDULE INFRASTRUCTURE AND PLATFORM SERVICES

Page 1 of 8. Any change, which meets the following criteria, will be managed using IM/IT Change Management Process.

IST Drupal Cloud Hosting SLA

AnceroAir Mobile Device Management (MDM) Service Guide

Microsoft Hyper-V Powered by Rackspace & Microsoft Cloud Platform Powered by Rackspace Support Services Terms & Conditions

National Capital Region Interoperable Communications Infrastructure (NCR ICI)

Statement of Service Enterprise Services - AID Microsoft IIS

How To Use The Pace Help Desk

Helpdesk and Technology Support Procedures

The purpose of this document is to define the Change Management policies for use across UIT.

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

Reference Offer for Leased Line and Ethernet Services. Service Operations Manual

ITP01 - Patch Management Policy

How To Write A Service Level Agreement For The National Patient Information Reporting System

Data Management Policies. Sage ERP Online

Customer Service Charter TEMPLATE. Customer Service Charter Version: 0.1 Issue date :

Dynatrace Support Policy

Information Security Network Connectivity Process

Ohio University Office of Information Technology

CA Nimsoft Service Desk

Data Center Services

Statement of Service Enterprise Services - MANAGE Microsoft IIS

SCHEDULE D. SERVICE LEVEL AGREEMENT MERCHANT CARD PROCESSING SERVICES STATE OF NORTH CAROLINA AND SUNTRUST MERCHANT SERVICES Contract Number

Analytics Reporting Service

Bloom Enhanced Performance Monitoring Service Level Agreement

Technology Event Notification and Escalation Procedures. Procedure: Technology Event Notification and Escalation. Procedure Date: 10/27/2009

Request for Proposals (RFP) Managed Services, Help Desk and Engineering Support for Safer Foundation

Information Technology Services Core Services SLA

University of Waikato Change Management Process

THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY.

How To Manage Change Management At Uni

ITSM Process Description

This Service Level Agreement applies to the Services as defined in the Service Supply Agreement.

Transcription:

IT CHANGE MANAGEMENT POLICY PURPOSE The purpose of the IT Change Management Policy is to manage changes in a planned and predictable manner in order to assign resources, assess risk and minimize any potential negative impact to services at the University. SCOPE This Policy applies to all ITS staff at Brock University. POLICY STATEMENT All changes (including urgent / emergency changes) to IT resources, services and / or systems must follow a standard process to ensure appropriate planning, resourcing and execution. The Change Manager along with the Change Advisory Board (CAB) are the stewards of this process. All changes must be presented to the CAB for approval in order to coordinate timelines, avoid conflict and maintain a complete and controlled view of change at the University. The CAB will in turn maintain a record and schedule of all changes and communicate the changes to the Brock community. DEFINITIONS Refer to the Change Management Procedure. COMPLIANCE AND REPORTING ITS enforces this Policy and the related Standards at all times. Anyone who has reason to suspect a deliberate and / or significant violation of this Policy is encouraged to promptly report it to the Information Technology Services ( ITS ) Help Desk. Policy violations that come to the attention of the ITS Help Desk will be escalated to the Director, Client Services. Policy violations will be assessed and action taken to remediate the Page 1 of 2

violation, including consequences where appropriate, subject to collective agreements and / or other contractual conditions. Where Policy violations are considered severe and / or cannot be easily remediated, the incident will be escalated to the AVP, ITS for further action. Periodically, the AVP, ITS will provide to SAC a summary of all policy violations. Policy owner: Associate Vice-President, Information Technology Services Authorized by: Board of Trustees, Capital Infrastructure Committee Accepted by: Senior Administrative Council Effective date: March 2016 Next review: March 2017 Revision history: New Related documents: IT Change Management Standards Change Management Procedure IT Change Management Policy Page 2 of 2

IT CHANGE MANAGEMENT STANDARDS PURPOSE A standard includes specific low level mandatory controls that help enforce and support a policy. The purpose of this document is to support and outline in detail the requirements of the IT Change Management Policy. These requirements are mandatory and must be adhered. STANDARDS All changes to an IT resource / service must be submitted to, reviewed and approved by the Change Advisory Board (CAB) The CAB is chaired by the Change Manager and includes ITS representatives from Client Services, Infrastructure, and Application Development The purpose of the CAB is to understand, authorize and schedule proposed changes to Brock University s production IT environment IT Stakeholders from outside of ITS (e.g. Library, FAHS, GSB, COSC etc.) are welcome to attend CAB meetings and have view access to the CITS-Activity Calendar The CAB has the authority to re-schedule, deny or request further detail regarding any Change Request The CAB must maintain, track and communicate all Change Requests using, but not limited to: o Footprints Ticket o Footprints Projects o ITS CITS-Activity Calendar o Brock Portal Bulletins o Mailing Lists (ITSFYI, CSL-L) The CAB is responsible for governance, not execution activities The Change Owner, not the CAB, is responsible for the Page 1 of 2

success of their respective change All changes to an IT resource, service or system must be performed in compliance with the Change Management Procedure. These include, but are not limited to: o Firewall rule changes (additions, changes, deletions) o Changes to production network infrastructure (hardware and/or configuration) o Changes to production server infrastructure (hardware and/or configuration) o Enterprise applications (code releases, updates and maintenance) The CAB will meet weekly to review Change Requests in accordance with the timelines outlined in the Change Management Procedure Urgent/Emergency change requests to prevent an imminent failure or to repair a service outage in the production environment may be expedited through the Emergency CAB (ECAB) process outlined in the Change Management Procedure Changes that do not comply with the IT Change Management Policy, or that are implemented without the knowledge of the CAB are unauthorized o IT Resources will not be made available for unauthorized changes o ITS has the authority to reverse any unauthorized changes that cause, are suspected as causing or have the potential to cause disruption to other users of the services. Page 2 of 2

Information Technology Services Change Management Procedures Brock University ITS Client Services Document Version 1.0 December 12, 2014 1

Introduction All changes to an IT resource, system or service must follow the standard procedure outlined below to ensure appropriate resourcing, planning and execution. Change Classifications and Definitions Changes Categories Routine Standard Enterprise Emergency A routine change is a scheduled change that is done routinely to maintain or tune a resource, service or system, e.g., performing Windows updates on a server, installing a security patch on an appliance. Routine changes have a Minor Client Impact Rating and a Low Technology Risk (see Technology Risk Rating and Client Impact Rating below) A standard change is a scheduled change that has a Moderate Client Impact Rating. Standard changes have the potential to impact a larger portion of the user community, e.g., a network switch upgrade in a building that may impact multiple departments An enterprise change is a scheduled change that has a Moderate to Major Client Impact Rating and has the potential to impact University operations, e.g., taking the my.brocku.ca portal offline for upgrades or maintenance An emergency change is an unscheduled change that has a Moderate to Major Client Impact Rating but must be performed quickly to address a service outage, prevent an outage, or fix a critical problem, e.g., deploying a critical security patch to all Windows servers, restarting the entire wireless network in order to address a performance issue. Technology Risk Ratings Low Significant High A technology change with little or no interactions with other resources, services or systems, e.g., Bomgar, KACE, stand-alone Windows servers A technology change with increased interactions with other resources, services or systems, e.g., Radius Authentication (affects wired and wireless services), e-mail A technology change with many interactions with other resources, services or systems, e.g., network core routing, netapp enterprise storage. 2

Client Impact Ratings Minor Moderate Major A change that has the potential to disrupt a group of 1-25 users A change that has the potential to disrupt a group of 26-100 users A change that has the potential to disrupt a significant group of over 100 users Change Classification Matrix Change Category Technology Risk Client Impact Student/Faculty/Staff Change Approval Required Routine Low Minor No* Standard Enterprise Change Low Moderate Yes Significant Moderate Yes Significant Major Yes High Moderate / Major Yes Emergency High Major Yes *While Routine changes are still documented and scheduled, after initial approval, subsequent approvals for the same change are not required, e.g., weekly Windows server patching which occur during a regularly scheduled maintenance period. Maintenance Windows ITS maintains specific scheduled times in which work on resources / services / systems is preferred in order to minimize disruptions. The times listed below are listed as maintenance times on specific pages (e.g. Webmail, Portal, Sakai) in order to notify our users that work may be performed during these times and therefore the resource / service / system may be unavailable. Work may be performed outside of these scheduled maintenance windows but must be communicated (see Communications below). 3

Scheduled ITS Maintenance Windows Change Category Change Window Notice required Routine No predefined window Not Applicable Standard Enterprise Emergency Monday Friday 6:00 AM 8:00 AM Saturday 12:00 AM 10:00 AM Determined by Change Manager and/or ITS Director 5 Business Days 10 Business Days Determined by Change Manager and/or ITS Director Maintenance Freeze Periods Annual times for maintenance freeze 4 th week of August to 3 rd week of September The week-and-a-half before the Christmas Break (Payroll) Change Category Allowed Routine and Emergency Routine and Emergency Roles and Responsibilities Change Manager The Change Manager is responsible for managing Change Management for ITS. This individual focuses on the change process as a whole rather than the specifics of the work within each individual change. The Change Manager s responsibilities include: Ensuring that Change Requests are formatted and submitted to the CITS-Activity Calendar from Change Initiators Maintaining the CITS-Activity Calendar and its membership Facilitating CAB meetings Reviewing Technology Risk and Client Impact Ratings for all submitted Change Requests Publishing Change Notifications to the community Documenting, publishing and assessing compliance with the Change Management process Reviewing, evaluating and maturing the change process. Change Initiator All members of ITS are permitted to submit change requests as Change Initiators. Change Initiators are responsible for: 4

Initiating change requests by completing the Change Request Template and submitting it to the CITS-Activity Calendar Assuring that all change requests are documented and linked to either a Footprints Ticket or Footprints Project Number Assisting the CAB when further information is required about pending change requests. Change Advisory Board (CAB) The Change Advisory Board is a group of individuals that formally meet to review change requests. The CAB is comprised of departmentally-appointed individuals to act as contributors and is chaired by the Change Manager. The CAB Meets every Tuesday morning, at 9:30 to review and schedule change requests (see Change Request Process ) The CAB as a whole Approves, Denies or Recycles proposed change requests and documents the change of status in the CITS-Activity Calendar. At the conclusion of the CAB meeting, members pass along Change Management related information to the Change Initiators/Staff in their respective departments, e.g., if a change request was moved due to a scheduling conflict, or more information is required for a particular change request. Emergency Change Advisory Board (ECAB) The Emergency Change Advisory Board is a group of individuals that must meet in extraordinary circumstances in order to approve an Emergency Change Request. Emergency change requests requiring an ECAB are un-planned and require the approval from one of the following prior to change implementation: AVP, Information Technology Services Director, Application Development Director, Client Services Director, IT Infrastructure. Emergency change requests still need to be recorded in the CITS-Activity Calendar (using the Change Template) but are expedited in order to recover from a critical resources, service or system outage. Communication Plan In order to keep the University community informed of changes and planned maintenance of IT resources, services and systems, the Change Manager must: Keep the CITS-Activity Calendar up-to-date with all change requests, important dates and maintenance freezes 5

Ensure that web systems such as Webmail, LMS and the portal have the maintenance schedule identified on their log-on pages Post approved change requests to the my.brocku.ca portal identifying the work being performed, who it may affect, the scheduled date and duration Additional e-mails may be sent to individuals/groups at the discretion of the Change Manager Change Management Workflow Change requests must reference a Footprints ticket or project number. The Footprints system is where all of the information regarding the specifics of the Change Request are to be kept. The detailed information in the ticket must include, but is not limited to: Work required Required resources (people/teams) Resources / services / systems affected Users / groups affected Work plan Back out plan Change Request Statuses All Change Requests are submitted to the CITS-Activity Calendar with the starting status of Proposed. Statuses explained: Proposed Approved Recycled Rejected A proposed change awaiting CAB review A CAB reviewed change that is approved to proceed A CAB reviewed change that requires more information or needs to be rescheduled based on resource availability A CAB reviewed change that is not approved to proceed due to insufficient planning, resources or not referencing a Footprints ticket or project number Procedure for Routine, Standard or Enterprise Change Requests (CAB Changes) 1. The Change Initiator creates Footprints ticket/project 2. The Change Initiator submits change request (using Change Template ) to the CITS-Activity Calendar as a proposed change 3. The CAB reviews the change request in the CITS-Activity Calendar and as a group Approves, Recycles or Rejects the individual change request 4. The CAB Contributors notify their individual department/change initiators of changes that are allowed to proceed 6

5. Using the Communication Plan, the Change Manager communicates the upcoming approved changes 6. Work on the Approved Changes is performed and tracked in Footprints. Procedure for Emergency Changes (ECAB Changes) 1. A service outage, vulnerability or proactive event is identified and recorded in Footprints by anyone 2. The Footprints ticket is immediately escalated to a supervisor/manager/director 3. Any available CAB members and/or an ITS Director (as the ECAB) meets with ITS Staff knowledgeable with the situation to discuss course of action, and approve the Emergency Change 4. The community is notified of the emergency work being performed 5. The Emergency Change Request is posted to the CITS-Activity Calendar 6. Footprints ticket(s) are updated throughout the work. 7

Appendix A Change Template Changes are to be tracked using the CITS-Activity Calendar in Exchange (accessed through Microsoft Outlook). The following template must be included the in body of each Proposed Change Request (as a calendar event): SUBJECT: Insert BRIEF Title along with Footprints Ticket or Project Number here. STATUS: PROPOSED PROPOSED CHANGE SUMMARY: Provide a quick summary of the proposed Change Request. OTHER INFORMATION: Place to provide any other information regarding this Change Request. PROPOSED CHANGE TIMELINE: Provide information regarding the proposed date and time for the actual work to be performed. CHANGE CATEGORY: (The Change Initiator selects the appropriate Change Category). Routine Standard Enterprise Emergency TECHNOLOGY RISK: (The Change Initiator selects the appropriate Technology Risk from the Technology Risk Rating assessment). Low Significant High CLIENT IMPACT: (The Change Initiator select the appropriate Client Impact choice based on the Client Impact Rating). Minor Moderate Major RESOURCES: (The Change Initiator indicates the individuals/teams required as a quickreference to perform the work for this change). 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information