Change Management Control Procedure



Similar documents
15 Organisation/ICT/02/01/15 Back- up

Information & Technology. Change Management Policy

NYSED DATA DASHBOARD SOLUTIONS RFP ATTACHMENT 6.4 MAINTENANCE AND SUPPORT SERVICES

Page 1 of 8. Any change, which meets the following criteria, will be managed using IM/IT Change Management Process.

Policies of the University of North Texas Health Science Center

Patch Management Procedure. Andrew Marriott PATCH MANAGEMENT PROCEDURE.DOCX Version: 1.1

Data Center Services

UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE

Project Management Guidelines

Information & Technology Management Branch Ministry of Education. Change Management Policy

Dundalk Institute of Technology Change Control Procedure

PSU Hyland OnBase Document Imaging and Workflow Services Level Memorandum of Understanding

Enterprise UNIX Services - Systems Support - Extended

Outsourcing BI Maintenance Services Version 3.0 January With SourceCode Inc.

WHITEPAPER Complying with HIPAA LogRhythm and HIPAA Compliance

Systems Support - Standard

Columbia College Process for Change Management Page 1 of 7

EA-ISP-011-System Management Policy

STATE OF NEW JERSEY IT CIRCULAR

CITY UNIVERSITY OF HONG KONG Change Management Standard

[name of project] Service Level Agreement

Technology Event Notification and Escalation Procedures. Procedure: Technology Event Notification and Escalation. Procedure Date: 10/27/2009

Change Management Process. June 1, 2011 Version 2.7

Virginia Commonwealth University School of Medicine Information Security Standard

IT Service Continuity Management PinkVERIFY

Managed Support Policy

ITSM Process Description

Managed Security Services SLA Document. Response and Resolution Times

Application Maintenance and Development Attachment C for RFP#

UMHLABUYALINGANA MUNICIPALITY IT CHANGE MANAGEMENT POLICY

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Working with Sage Customer Support (Sage 100 ERP and Sage 500 ERP)

IT CHANGE MANAGEMENT POLICY

IT-P-001 IT Helpdesk IT HELPDESK POLICY & PROCEDURE IT-P-001

MSP Service Matrix. Servers

Cisco Change Management: Best Practices White Paper

IBM Tivoli Asset Management for IT

ISO Information Technology Service Management Systems Professional

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

PATCHING WINDOWS SERVER 2012 DOMAIN CONTROLLERS. Prepared By: Sainath K.E.V MVP Directory Services

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

Department of Information Technology Software Change Control Audit - Mainframe Systems Final Report

Utica College. Information Security Plan

MASTER SERVICE LEVEL AGREEMENT (MSLA)

Voice Over IP Network Solution Design, Testing, Integration and Implementation Program Overview

CLOUD SERVICES FOR EMS

How To Use Adobe Software For A Business

STANLEY HEALTHCARE SUPPORT POLICY

Privacy Management Program Toolkit Health Custodians Personal Health Information Act

I S O I E C I N F O R M A T I O N S E C U R I T Y A U D I T T O O L

For more information, please visit the IST Service Catalog at

LogRhythm and HIPAA Compliance

Ohio Supercomputer Center

Chris Day, Acting Director of IT Services C Day. Configuration Manager Change Manager Change Assessors Change Implementers

Payment Card Industry Compliance

State of Oregon. State of Oregon 1

SUBJECT: Network Support Partnership Silver Support Level for FY 2013

IST Drupal Cloud Hosting SLA

Domain 1 The Process of Auditing Information Systems

Information Security Policy. Chapter 13. Information Systems Acquisition Development and Maintenance Policy

ITIL Roles Descriptions

Department of Public Utilities Customer Information System (BANNER)

Development, Acquisition, Implementation, and Maintenance of Application Systems

Service Level Terms Inter8 Cloud Services. Service Level Terms Inter8 Cloud Services

The PNC Financial Services Group, Inc. Business Continuity Program

1.1 SERVICE DESCRIPTION

Assigning Severity Codes

CUSTOMER GUIDE. Support Services

Data Management Policies. Sage ERP Online

MARQUIS DISASTER RECOVERY PLAN (DRP)

ITP01 - Patch Management Policy

SERVICE SCHEDULE INFRASTRUCTURE AND PLATFORM SERVICES

How To Audit The Mint'S Information Technology

MY HELPDESK - END-USER CONSOLE...

CHANGE MANAGEMENT POLICY

White Paper August BMC Best Practice Process Flows for ITIL Change Management

National Interagency Resource Ordering and Status System. Change Management Procedures

Binary Tree Support. Comprehensive User Guide

Department of Information Technology Remote Access Audit Final Report. January promoting efficient & effective local government

White Paper November BMC Best Practice Process Flows for Asset Management and ITIL Configuration Management

CA Unicenter Service Desk Change Policy

CONTENTS. List of Tables List of Figures

Contract and Vendor Management Guide

AeroScout Industrial Support Policy

Decision on adequate information system management. (Official Gazette 37/2010)

Transcription:

Change Management Control Procedure

Procedure Name: Procedure Number: Prepared By: Approved By: Change Management Control ESS100 Nancy Severance Director, Administrative Computing Services Paul Foley Director, Enterprise Applications Version: 1.1 Last Updated: October 24, 2011 Revised November 30, 2011 Revised December 19, 2011 2

Contents I. Introduction.. 4 II. Purpose... 4 III. Scope 4 IV. Procedure.. 5 A. Operational Procedures.. 5 1. Document change Request 5 2. Requirements Analysis.... 6 3. Code and Validation... 6 4. User Acceptance Testing and Approval. 7 5. Documentation.. 8 6. Release Planning and Implementation.. 8 B. Unscheduled Change Exceptions.. 9 V. Compliance. 9 VI. Related Policies.. 9 Appendix A 10 3

I. INTRODUCTION The Office of Information Technology (OIT) maintains the Enterprise Resource Planning (ERP) applications/environments for the Rhode Island School of Design. OIT is responsible for extending reliable information systems and services through upgrades, enhancements, extensions, integrations, and modifications to hardware and software. The goals of the Change Management Control Procedure are to: improve communication with the user community reduce management involvement improve software validation provide historical information on changes reduce frequency of production changes mitigate risks associated with change to production environment maintain checks and balances and separation of duties develop audit trail This document defines the procedures that OIT will use to control changes to the Production environment. II. Purpose The purpose of the Change Management Control Procedure is to establish a standard approach to applying software changes to Production. Changes require thorough planning, careful monitoring, and follow up evaluation to reduce negative impact to the user community and to increase the value of vital information resources. This is done through a formal process of recording, assessment, authorization, scheduling and comprehensive communications around all changes. This procedure will ensure the implementation of change management and control strategies to mitigate risks such as: data corruption or destruction system performance being disrupted or degraded loss of functionality loss of productivity loss of integration integrity vendor supplied functionality conflicts III. Scope The Change Management Control Procedure covers changes to the ERP system (hardware and software applications) upon which any functional business unit of the institution relies in order to perform normal business activities. See Appendix A for list of servers/applications covered by this procedure. 4

Changes may be needed for many reasons including but not limited to: application modifications and enhancements vendor recommendations/requirements periodic maintenance changes in regulations application failures addition of modules/applications changes/additions of hardware There are generally two types of change requests: 1) Incident Reports are a change as a result of system failure or an error preventing a user from completing a task. 2) Functional Modifications are changes requested that are not part of the vendor delivered design. This procedure assumes approval has been granted by the Information Technology Steering Committee (ITSC). It does not address the need, appropriateness, or prioritization of requested change. This procedure does not apply to vendor delivered software updates. (see Project Request and Prioritization Policy, Patch Management Procedure; these procedures are currently in development) IV. Procedure Changes to ERP applications/environments shall be managed and executed according to a formal change control process. The control process will ensure that changes proposed are reviewed, authorized, tested, implemented, and released in a controlled and consistent manner; and that the status of each proposed change is monitored. The Director of Administrative Computing Services is responsible for ensuring that the Change Management Control Procedure is implemented, maintained, and followed. A. Operational Procedures These procedures cover the responsibilities of the functional business owner requesting the change, the Application Specialist assigned to the request/requirement, the Database Administrator, and the Director of Administrative Computing Services overseeing the project. 1. Document Change Request A functional business owner must first make a request in writing and send it to the OIT Helpdesk via email to helpdesk@risd.edu. All change requests, incident reports and functional modifications, must be logged in the Helpdesk call management system whether approved or rejected. 5

The request shall include: incident report or functional modification desired description of the requested change the system(s) involved the functional business units affected date by which the change is needed If the requested change falls within the OIT guidelines of a project, the appropriate documented procedures must be followed. (see Project Request and Prioritization Policy) The Director of Administrative Computing Services will assign the request to appropriate Application Specialist based on the requesting functional business unit, availability, and prioritization. 2. Requirements Analysis The requirements analysis is the responsibility of the assigned Application Specialist working in conjunction with the requesting functional business user. Analysis will include but is not limited to: develop specification requirements determining impact of change to all functional business units determining impact to system performance determining impact of integration (if applicable) plan for ensuring sustainability consider best practices technical design and review based on approved requirements communicate proposed change and obtain sign off from all affected functional business units obtain written sign off for specification requirements 3. Code and Validation The Application Specialist will make changes to code as specified in the analysis phase. The code changes will be performed in the development environment only. 6

Code changes will meet the following stipulations: appropriate development kit will be used in accordance with the OIT Custom Standards and Guidelines Policy a code review performed unit testing with documented results develop version and custom impact controls communicate with functional business user The Applications Specialist will package the custom code and install the package into the test environment. The Application Specialist will notify the functional business user that the change has been moved to the test environment and is ready for user acceptance testing. This phase will be repeated until functional business unit approval is obtained and documented as complete. 4. User Acceptance Testing and Approval The functional business user will perform functionality testing of the change installed in the test environment. This will ensure the isolation of the change and eliminate the undesired effects on the relevant business process(es). Testing will include but is not limited to: functionality testing assess impact on operations and security verify that only intended and approved changes were made communicate testing results and/or needed modification to responsible Application Specialist provide written sign off Approval of changes will be based on formal acceptance criteria; the change request was done by an authorized user, the impact assessment was performed and the proposed changes were tested. At the completion of this phase, the functional business user will give written approval (physical or electronic) of changes made to the Application Specialist as validation of its readiness to be moved to the production environment. 7

5. Documentation Documentation will be required for all changes by the Application Specialist. It will be developed and maintained throughout all phases of the Change Management Control process in the Helpdesk system, within the program, and as part of the custom package. This will ensure accuracy, communication, consistency, and agreed upon understanding of the change. Documentation will be included but is not limited to: change specification/requirements approval/acceptance of change specification/requirements code changes documentation in accordance with OIT Custom Standards and Guidelines Policy communication of changes to functional business units end user documentation (when appropriate) documented fall back plan Documentation will be used for reference purposes and for future evaluation and changes. It will also ensure knowledge transfer in the event that the original Application Specialist is unavailable. It is imperative that documentation is complete, accurate, and kept up to date. 6. Release Planning and Implementation Upon notification by the Application Specialist, the Database Administrator or Director, Administrative Computing Services will plan and implement the custom change into the production environment. This change will be implemented according to the Change Implementation Schedule. Release Planning and Implementation will include but is not limited to: verification that all appropriate approvals have been obtained validate custom change package migrate custom change to production environment during next available Change Implementation Schedule time slot version control communicate completion of change to functional business user and Application Specialist any necessary communication of the change to the greater community is the responsibility of the requester close call ticket 8

User Acceptance Testing and Approval phase must be completed prior to the Implementation of any change. All software changes will include version control. Older versions will be retained in accordance with the OIT Custom Standards and Guidelines Policy. Application Specialists do not have access to develop or change code in the Production environment. Installation access to the Production environment is reserved for the Database Administrator and Director, Administrative Computing Services only. B. Unscheduled Changes Exceptions All unscheduled changes require approval from the Director, Enterprise Systems and Services. It is the responsibility of the Director, Administrative Computing Services to escalate and procure all required approvals in an effort to implement the change as expeditiously as possible. Emergency changes are defined as changes required to fix production problems affecting critical institutional business functions. Emergency changes do not require review prior to implementation. These requests must be completed as soon as possible and cannot wait until the next scheduled change window. All Emergency changes must be fully documented; however, due to the nature of the request, this may occur after the fact. V. Compliance All parties responsible for changes made to RISD ERP system must comply with the Change Management Control Procedure. It is the responsibility of the Director, Administrative Computing Services to ensure compliance with this procedure; periodic review will be conducted. VI. Related Policies Project Approval and Prioritization, Patch Management Procedure, and Custom Programming Guidelines and Standards 9

Appendix A Servers/Applications covered by the Procedure Servers admin.risd.edu wa.risd.edu Applications Datatel Colleague Datatel WebAdvisor 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information