UMHLABUYALINGANA MUNICIPALITY IT CHANGE MANAGEMENT POLICY



Similar documents
hi Information Technologies Change Management Standard

UMHLABUYALINGANA MUNICIPALITY

UMHLABUYALINGANA MUNICIPALITY SERVICE LEVEL MANAGEMENT POLICY

ISO :2005 Requirements Summary

ITIL Introducing service transition

Utolsó módosítás:

IT Change Management Policy

UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE

UMHLABUYALINGANA MUNICIPALITY

ITIL A guide to service asset and configuration management

ITIL Example emergency change management procedure

Dacorum Borough Council Final Internal Audit Report

Information Security: Business Assurance Guidelines

How To Manage A Patch Management Process

The Newcastle upon Tyne Hospitals NHS Foundation Trust. IT Change Management Policy and Process

CHANGE MANAGEMENT PROCESS

Spillemyndigheden s change management programme. Version of 1 July 2012

INTERVIEW QUESTIONS. Que: Which process is responsible for ensuring that the CMDB has been updated correctly?

SFJ EFSM14 Manage the performance of teams and individuals to achieve objectives

Page 1 of 8. Any change, which meets the following criteria, will be managed using IM/IT Change Management Process.

UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY

HP Mission Critical Partnership HP Customer Support Contractual Services

University of Waikato Change Management Process

Maruleng Local Municipality ICT CHANGE MANAGEMENT POLICY

UMHLABUYALINGANA MUNICIPALITY ANTIVIRUS MANAGEMENT POLICY

Service Support. Change

Foundation. Summary. ITIL and Services. Services - Delivering value to customers in the form of goods and services - End-to-end Service

I.T. Service Management

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

INFORMATION TECHNOLOGY SECURITY STANDARDS

ITIL Example change management procedure

How To Monitor A Municipality

The ITIL Foundation Examination

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Business Continuity & Crisis Management

Analytics Reporting Service

ITIL Intermediate Capability Stream:

Service Support Kasse Initiatives, LLC. ITIL Configuration Management - 1. version 2.0

INFORMATION AND EDUCATIONAL TECHNOLOGY

/ BROCHURE / CHECKLIST: PCI/ISO COMPLIANCE. By Melbourne IT Enterprise Services

The ITIL v.3 Foundation Examination

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Domain 1 The Process of Auditing Information Systems

Change Management Process

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Sample Exam. IT Service Management Foundation based on ISO/IEC 20000

N e t w o r k E n g i n e e r Position Description

Information and Communication Technology. Helpdesk Support Procedure

EXIN IT Service Management Foundation based on ISO/IEC 20000

Central Agency for Information Technology

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction Policy Statement Purpose...

CHANGE MANAGEMENT POLICY

ASTRAZENECA GLOBAL POLICY SAFETY, HEALTH AND ENVIRONMENT (SHE)

SERVICE EXCELLENCE SUITE

Roles within ITIL V3. Contents

Lot 1 Service Specification MANAGED SECURITY SERVICES

IT change management policy

Template K Implementation Requirements Instructions for RFP Response RFP #

EMNAMBITHI/LADYSMITH MUNICIPALITY CHANGE MANAGEMENT POLICY

We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions

Information Security Policies. Version 6.1

IT service management

QUALITY MANAGEMENT POLICY & PROCEDURES

IT Service Metrics Measure What Counts and Manage What Matters Steve Ingall, Head of Service Management, icore Ltd

Manchester City Council Role Profile. Service Desk Analyst, Grade 6. ICT Service, Corporate Core Directorate Reports to: Team Lead (Service Support)

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY

How To Protect Decd Information From Harm

Enforcing IT Change Management Policy

Risk profile table for deployment of releases to the main web site. High Acceptable Unacceptable Unacceptable

Part A OVERVIEW Introduction Applicability Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...

The ITIL v.3. Foundation Examination

State of West Virginia Office of Technology Policy: Change & Configuration Management Issued by the CTO

Information Technology Auditing for Non-IT Specialist

ITSM. Maturity Assessment

Change Management Policy

Unitary Authority Set to Achieve 27 Per Cent Savings Target with IT Management Tools

EPA Classification No.: CIO P-01.1 CIO Approval Date: 06/10/2013 CIO Transmittal No.: Review Date: 06/10/2016

1 Why should monitoring and measuring be used when trying to improve services?

The ITIL v.3 Foundation Examination

Job Description Head of CRM

Address IT costs and streamline operations with IBM service desk and asset management.

JOB DESCRIPTION. Service Desk Analyst

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

Which ITIL process or function deals with issues and questions about the use of services, raised by end users?

ISO27001 Controls and Objectives

ITIL by Test-king. Exam code: ITIL-F. Exam name: ITIL Foundation. Version 15.0

INS Problem Management Manual

Implementation Date: November 9, Table of Contents. Section Description Page

Cisco Change Management: Best Practices White Paper

SECURITY POLICY REMOTE WORKING

Chris Day, Acting Director of IT Services C Day. Configuration Manager Change Manager Change Assessors Change Implementers

Records Management Policy & Guidance

Keywords: Escalation, Incident, Management, Process

ITIL A guide to problem management

PATCH MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Service Catalog. it s Managed Plan Service Catalog

PHASE 3: PLANNING PHASE

Third Party Security Requirements Policy

ITIL Essentials Study Guide

Service Management. A framework for providing worlds class IT services

Transcription:

UMHLABUYALINGANA MUNICIPALITY IT CHANGE MANAGEMENT POLICY

Originator IT Change Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Recommended by Director of Corporate Services Recommended by EXCO Approved by Council Effective Review Frequency: Once a year (i.e. Annually) Version Number IT CHANGE MANAGEMENT POLICY Page 2 of 11

TABLE OF CONTENTS 1. INTRODUCTION... 4 2. OBJECTIVES... 4 3. BACKGROUND... 4 4. SCOPE... 4 5. DEFINITIONS... 5 6. POLICY... 6 6.1. Change Requests... 6 6.2. Change Planning, Evaluation and Scheduling... 6 6.3. Test Environment... 7 6.4. Change Testing... 7 6.5. Change Implementation... 7 6.6. Change Reporting... 7 6.7. Change Documentation... 8 6.8. Emergency Changes... 8 7. SEGREGATION OF DUTIES... 9 8. CONTROLS... 10 9. CROSS-REFERENCE TO OTHER POLICIES AND PROCEDURES... 11 10. REFERENCE MATERIAL... 11 11. ACCOUNTABILITIES... 11 11.1. RESPONSIBILITY... 11 11.2. TRAINING PLAN... 11 11.3. COMPLIANCE... 11 IT CHANGE MANAGEMENT POLICY Page 3 of 11

1. INTRODUCTION IT Change Management is the practice of ensuring the delivery of IT and municipal services is not impacted by infrastructure or software changes and that all changes are recorded and carried out in a planned and authorised manner. This includes ensuring there is a business reason for each change, identifying the specific configuration items and IT services affected by the change, identifying those responsible for implementing the change, planning the change, testing the change and having a back-out plan should the change result in an unexpected failure. 2. OBJECTIVES The goal of the IT Change Management Policy is to define the requirements necessary to meet the following business objectives: Reduce the risk of business disruption from information systems and infrastructure changes. Improve communication among stakeholders that may initiate and / or be impacted by changes. Comply with internal control and regulatory requirements. 3. BACKGROUND The goal of IT Change Management is to manage the process of change to these systems through standardised methods and procedures, thereby limiting incidents related to change and improving day-to-day operations. Without formal change management policies and governance there is scope for operational inefficiency in the municipality s systems. 4. SCOPE This policy applies to all Umhlabuyalingana Municipality employees, contractors and any other individuals involved in making changes to Umhlabuyalingana Municipality's production, technical and information assets for which IT has accountability. IT CHANGE MANAGEMENT POLICY Page 4 of 11

5. DEFINITIONS Change: A change is any activity that occurs to any information resource where the status is different from a previously defined condition. This is applicable to all IT hardware, communications equipment and software, business systems software, live applications software and all documentation and procedures that are relevant to the running, support and maintenance of live systems. A change can also be initiated to resolve a critical problem. User (s): For the purposes of this document any reference to user or users is referring to the business users who initiate the change request. Emergency Change: An emergency change is an unexpected or unplanned change that will either minimise service disruption or restore service. Change Management: is the process of developing a planned and documented approach to change in an organisation. In the ITIL framework, Change Management is responsible for controlling change to all configuration items within the live environment, test and training environments, and all environments under the control of 'IT Operations'. Business owner: Manager of an organisational unit within Umhlabuyalingana Municipality who bears responsibility for the acquisition, development and maintenance of production applications that process municipality information. Configuration Items: A component within a system configuration that needs to be controlled e.g. PC, server, switch, and printer. ITIL: United Kingdom's Office of Government Commerce Information Technology Infrastructure Library. IT CHANGE MANAGEMENT POLICY Page 5 of 11

6. POLICY Every change to Umhlabuyalingana Municipality s production information resources is subject to the IT Change Management Policy and must follow the approved Umhlabuyalingana Municipality IT Change Management Procedure. 6.1. Change Requests 6.1.1. A formal change request process must be initiated to ensure business owners; service providers and the IT Officer follow a defined change process for all types of changes including changes to IT infrastructure, IT systems and applications. 6.1.2. All change requests must be logged with the IT Officer. 6.1.3. The IT Officer will then log a call with the respective service provider. 6.1.4. All change requests must have a unique reference number associated with the request. 6.1.5. All change requests must be prioritised (High, Medium or Low) based on the business and technical requirements, resources required and the legal, regulatory and contractual reasons for the requested change. 6.1.6. All change requests must be categorised (example business process, infrastructure, operating systems, networks, application systems) based on the need and urgency of the change. 6.2. Change Planning, Evaluation and Scheduling 6.2.1. All changes must be planned, evaluated and scheduled. 6.2.2. A risk and impact analysis of the change must be performed and included in the planning and evaluation of change requests to ensure that all components and risks affected by the change have been identified and assessed. 6.2.3. A back-out plan must be documented for all changes. IT CHANGE MANAGEMENT POLICY Page 6 of 11

6.3. Test Environment 6.3.1. The Umhlabuyalingana Municipality must establish a secure test environment that is representative of the production environment. 6.3.2. The test environment must also be representative of the future business and operational landscape, including business process procedures and roles, likely workload stress, operating systems, necessary application software, database management systems and network and computing infrastructure found in the production environment. 6.3.3. The IT Officer must ensure that the test environment cannot interact with production systems. 6.4. Change Testing 6.4.1. Testing of changes must be performed prior to the change being implemented in the production environment and proof of testing must be retained as evidence. 6.4.2. User Acceptance Testing (UAT) must be performed to ensure that the user s requirements have been met. 6.5. Change Implementation 6.5.1. UAT approval must be obtained prior to a change been migrated to the production environment. 6.5.2. The IT Officer or CFO must formally approve each change request prior to the implementation of the change in the production environment. 6.5.3. All changes must be communicated prior to implementation in the production environment. 6.5.4. All unsuccessful changes must be backed-out in accordance with the defined back-out plan. 6.6. Change Reporting 6.6.1. The IT Officer must develop change status reports with performance metrics to enable management to review and monitor the status of changes. 6.6.2. The IT Officer must monitor open changes to ensure that all approved changes are closed in a timely fashion. 6.6.3. The IT Officer must maintain a tracking and reporting system for all change requests. IT CHANGE MANAGEMENT POLICY Page 7 of 11

6.7. Change Documentation 6.7.1. Technical and user documentation must be updated to reflect changes made to information systems and related technology. 6.7.2. A central repository must exist to contain all relevant information on configuration items. This repository includes hardware, application software, middleware, parameters, documentation, procedures and tools for operating, accessing and using the systems and services. 6.7.3. The IT Officer must retain change documentation and user documentation. 6.8. Emergency Changes 6.8.1. A procedure must exist to govern emergency changes to information systems and related technology. 6.8.2. Criteria that define an emergency change must be clearly documented and communicated. 6.8.3. Emergency changes must be documented. 6.8.4. Emergency changes must be approved by the Line Manager, the Executive Director of Corporate Services and/or CFO. IT CHANGE MANAGEMENT POLICY Page 8 of 11

7. SEGREGATION OF DUTIES 7.1. Segregation of Duties (SoD) must be practiced to ensure that no single individual has the authority to execute multiple conflicting tasks with potential to impact other systems or information; and that no single individual can execute conflicting end-to-end transactions. 7.2. Segregation of duties at Umhlabuyalingana Municipality with regards to program changes must follow the guidelines as stipulated below: The role of Requester Builder Builder Builder Builder Requester Implementer Implementer Auditor Approver Must be independent of Implementer Operators of the production environment Tester Implementer At least one approver At least one approver At least one approver Reviewer All participants of a specific change All other roles listed above IT CHANGE MANAGEMENT POLICY Page 9 of 11

8. CONTROLS 8.1. This policy document addresses the following control objectives: Control Objective Name Change Standards and Procedures Impact Assessment, Prioritisation and Authorisation Emergency Changes Change Status Tracking and Reporting Change Closure and Documentation Configuration Repository and Baseline Control Objective Detail Set up formal change management procedures to handle in a standardised manner all requests (including maintenance and patches) for changes to applications, procedures, processes, system and service parameters, and the underlying platforms. Ensure that all requests for changes are assessed in a structured way for impacts on the operational system and its functionality. This assessment should include categorisation and prioritisation of changes. Prior to migration to production, changes are authorised by the appropriate stakeholder. Establish a process for defining, raising, assessing and authorising emergency changes that do not follow the established change process. Documentation and testing should be performed, possibly after implementation of the emergency change. Establish a tracking and reporting system for keeping change requestors and relevant stakeholders up to date about the status of the change to applications, procedures, processes, system and service parameters, and the underlying platforms. Whenever system changes are implemented, update the associated system and user documentation and procedures accordingly. Establish a review process to ensure complete implementation of changes. Establish a central repository to contain all relevant information on configuration items. This repository includes hardware, application software, middleware, parameters, documentation, procedures and tools for operating, accessing and using the systems and services. Relevant information to consider is naming, version numbers and licensing details. A baseline of configuration items should be kept for every system and service as a checkpoint to which to return after changes. IT CHANGE MANAGEMENT POLICY Page 10 of 11

9. CROSS-REFERENCE TO OTHER POLICIES AND PROCEDURES 9.1. IT Change Management Procedure. 10. REFERENCE MATERIAL 10.1. ITIL v4 Framework; and 10.2. ISO/IEC 20000. 11. ACCOUNTABILITIES 11.1. RESPONSIBILITY All employees, contractors, business owners are required to adhere to this policy. Noncompliance to this policy may lead to appropriate disciplinary action. 11.2. TRAINING PLAN All business owners and managers are responsible for promoting individual employee awareness of and compliance with the municipality s IT Change Management policies and procedures. 11.3. COMPLIANCE All employees, contractors, business owners have to comply. IT CHANGE MANAGEMENT POLICY Page 11 of 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information