Change Management Policy



Similar documents
Process Description Change Management

Change Management Process Guide

CCIT Change Management Procedures & Documentation

The purpose of this document is to define the Change Management policies for use across UIT.

ITSM Process Description

HUIT Change Management with ServiceNow. September 2013

How To Manage Change Management At Uni

ITS Change Management Process

Change Submitter: The person or business requesting or filing the Request For Change (RFC) notice.

Change Management. Service Excellence Suite. Users Guide. Service Management and Service-now

White Paper August BMC Best Practice Process Flows for ITIL Change Management

Cisco Change Management: Best Practices White Paper

hi Information Technologies Change Management Standard

Change Management. Change Management Procedure. Table of Contents. (Revision Date: 1/30/2014)

The Newcastle upon Tyne Hospitals NHS Foundation Trust. IT Change Management Policy and Process

HP Service Manager. Process Designer Content Pack Processes and Best Practices Guide

Infrastructure Change Management. The process and procedures for all changes to the live environment

WHITE PAPER December, 2008

Which statement about Emergency Change Advisory Board (ECAB) is CORRECT?

ITIL by Test-king. Exam code: ITIL-F. Exam name: ITIL Foundation. Version 15.0

ITIL Example change management procedure

Infasme Support. Incident Management Process. [Version 1.0]

Change Management Best Practices

EXIN.Passguide.EX0-001.v by.SAM.424q. Exam Code: EX Exam Name: ITIL Foundation (syllabus 2011) Exam

Change Management Process. June 1, 2011 Version 2.7

INFORMATION TECHNOLOGY SERVICES IT CHANGE MANAGEMENT POLICY & PROCESS

The ITIL Foundation Examination

Draft Copy. Change Management. Release Date: March 18, Prepared by: Thomas Bronack

The ITIL Foundation Examination

White Paper. Change Management: A CA IT Service Management Process Map

Page 1 of 8. Any change, which meets the following criteria, will be managed using IM/IT Change Management Process.

WHITE PAPER. Best Practices in Change Management

Internal Audit Report ITS CHANGE MANAGEMENT PROCESS. Report No. SC-11-11

PROJECT MANAGEMENT PLAN Outline VERSION 0.0 STATUS: OUTLINE DATE:

User Guide for Submitters

Yale University Change Management Process Guide

ITSM. Maturity Assessment

University of Waikato Change Management Process

Introduction Purpose... 4 Scope... 4 Manitoba ehealth Change Management... 4 Icons RFC Procedures... 5

UMHLABUYALINGANA MUNICIPALITY IT CHANGE MANAGEMENT POLICY

Help Desk Simplified. Elements of Successful Help Desk Software. BrightBox Solutions Tel (877) By Claire Broadley

Information & Technology Management Branch Ministry of Education. Change Management Policy

CHANGE MANAGEMENT PROCESS

Terms of Use - The Official ITIL Accreditor Sample Examination Papers

Contents. Service Request Departmental Procedures

Identifying & Implementing Quick Wins

ITIL: Foundation (Revision 1.6) Course Overview. Course Outline

Requirements Analysis/Gathering. System Requirements Specification. Software/System Design. Design Specification. Coding. Source Code.

Change Management: Best Practices

IT Service Desk Workflow Management in versasrs HelpDesk

Chris Day, Acting Director of IT Services C Day. Configuration Manager Change Manager Change Assessors Change Implementers

ITIL Essentials Study Guide

ITIL Version 3.0 (V.3) Service Transition Guidelines By Braun Tacon

Release Management Policy Aspen Marketing Services Version 1.1

Process Owner: Change Manager Version: 1.0

Problem Management Overview HDI Capital Area Chapter September 16, 2009 Hugo Mendoza, Column Technologies

ITSM Process Maturity Assessment

Change Management Living with Change

ITIL Foundation for IT Service Management 2011 Edition

CITY UNIVERSITY OF HONG KONG Change Management Standard

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

ITIL v3 Service Manager Bridge

BUSINESS CONTINUITY PLANNING

Rowan University Data Governance Policy

ICS Operations & Policies Manual. For State Agencies Providing and Using Consolidated Services

PHASE 9: OPERATIONS AND MAINTENANCE PHASE

Information & Technology. Change Management Policy

Tait Support Agreement. Assured network communications. Service Description

Exam : EX Title : ITIL Foundation Certificate in IT Service Management. Ver :

SERVICE EXCELLENCE SUITE

Novo Service Desk Software

Problem Management Fermilab Process and Procedure

Root Cause Analysis Concepts and Best Practices for IT Problem Managers

Process Description Incident/Request. HUIT Process Description v6.docx February 12, 2013 Version 6

CM00 Change Management High Level

Commonwealth of Massachusetts IT Consolidation Phase 2. ITIL Process Flows

Best Practices in Change Management WHITE PAPER

Process Guide. Release Management. Service Improvement Program (SIP)

Hiring Procedures and Guidelines

Business Continuity Position Description

Change Management. Bizagi Suite

How To Approve a Change Request (CR) Using BMC Remedy Change Management System

An ITIL Perspective for Storage Resource Management

TechExcel. ITIL Process Guide. Sample Project for Incident Management, Change Management, and Problem Management. Certified

Change Management Service Description

MASTER SERVICE LEVEL AGREEMENT (MSLA)

ITIL Introducing service transition

Problem Management. Process Guide. Document Code: Version 2.6. January 7, Robert Jackson (updates) Ashish Naphray (updates)

Change, Configuration, and Release: What s Really Driving Top Performance?

Information and Communication Technology. Patch Management Policy

Information Technology Handbook

Columbia College Process for Change Management Page 1 of 7

Transcription:

Change Management Policy Change management refers to a formal process for making changes to IT services. The goal of change management is to increase awareness and understanding of proposed changes across an organization and ensure that all changes are made in a thoughtful way that minimize negative impact to services and customers. INFORMATION SERVICES DECEMBER 5, 2012 oregonstate.edu/is

Purpose Change management refers to a formal process for making changes to IT services. The goal of change management is to increase awareness and understanding of proposed changes across an organization and ensure that all changes are made in a thoughtful way that minimize negative impact to services and customers. Change management generally includes the following steps: Planning: Plan the change, including the implementation design, scheduling, communication plan, testing plan and roll-back plan. Evaluation: Evaluate the change, including determining the priority level of the service and the risk of the proposed change; determine the change type and the change process to use. Review: Review Change Plan with peers and/or Change Advisory Board as appropriate to the change type. Approval: Obtain approval of the Change Plan by management as needed. Communication: Communicate about changes with the appropriate parties. Implementation: Implement the change. Documentation: Document the change and any review and approval information. Post-change review: Review the change with an eye to future improvements. Scope This policy applies to all changes to IT services provided by OSU Information Services. Changes made to non-priority IT components - such as systems that are not yet in production, development environments or testing environments - are outside the scope of this policy. Policy All changes to IT services must follow a standard process to ensure appropriate planning and execution. Changes will be categorized as a Standard change, a Significant change, or an Emergency change. See Appendix A - Types of Changes and Definitions for more detailed definitions. Appropriate processes and levels of review shall be applied to each type of change commensurate with the potential of the change to disrupt university operations (see Appendix B - Risk Assessment ). It is the responsibility of the Unit Director to ensure that all areas under their direction have documented processes that meet minimum standards, are reviewed annually, and are communicated to staff. The Unit Director serves as Change Authority by default and is ultimately responsible for ensuring that changes are made in a manner appropriate to their impact on university operations. 2

Minimum Standards 1. All changes must follow a process of planning, evaluation, review, approval, and documentation. See Appendix D - Process Examples for default approaches. 2. All changes deemed Significant must be presented to the Change Advisory Board (CAB) for input and advice (See Appendix C - Change Management Roles ). Should a Director (or designee) decide to act contrary to advice from the CAB, a written explanation must be submitted to the CAB and the Vice Provost for Information Services. 3. All changes deemed Emergency must be presented to the Change Advisory Board (CAB) for input and advice unless time constraints require that changes be made prior to submission. In these cases, submission to the Change Advisory Board must be done after the fact. NOTE: If Services are down, the issue should be handled as an Incident according to the Incident Response Policy. 4. Documentation of Significant or Emergency changes must be made in a Process Log that is stored in a common location so that coordination of changes across the organization can be managed appropriately. Documentation of Standard changes must be done in a Change Log that can be audited for process improvement and root cause diagnosis. 3

Appendix A - Types of Changes and Definitions Types of Changes There are three types of changes based on approvals needed through the change management process. 1. Standard Change A relatively low-risk change with well-understood outcomes that is regularly made during the course of business. A Standard change follows pre-determined processes, is pre-approved by change management processes and may be made at the discretion of an individual employee, provided it has been defined as Standard per the Change Management assessment process. 2. Significant Change A Significant change is one that has medium to high risk for critical services, involves less understood risks, has less predictable outcomes, and/or is a change that is not regularly made during the course of business. Because of the ability to affect downstream or upstream services, any proposed Significant change must be reviewed by the Change Advisory Board and authorized by the Change Authority. 3. Emergency Change this is similar to a Significant change, but must be executed with utmost urgency. There may be fewer people involved in the change management process review, and the change assessment may involve fewer steps, but any Emergency change must still be authorized by the Change Authority, even in cases where the Change Advisory Board cannot review the change in advance. Definitions Definitions adapted from Information Technology Infrastructure Library (ITIL). See http:// en.wikipedia.org/wiki/information_technology_infrastructure_library. Assurance - The level of confidence that the change will go as planned and is determined by experience and complexity. Change - The addition, modification or removal of approved, supported or baselined hardware, network, software, application, environment, system, or associated documentation. Change Advisory Board - A group of people who can give expert advice to change management on the implementation of changes. Change Authority - The person or group authorizing a change. Different areas of IT may designate a change authority for its representative area. This role is designated for a nonclassified position. Change Control - The procedure to ensure that all changes are controlled, including the submission, analysis, decision making, approval, implementation and post implementation of the change. Change History - Auditable information that records, for example, what was done, when it was done, by whom and why. 4

Change Log - Auditable log of all Standard Changes that records who, what, why, and when for all changes. This may be system specific as certain systems have the ability to automatically log changes in this manner. Change Management - Process of controlling changes to the infrastructure or any aspect of services, in a controlled manner, enabling approved changes with minimum disruption. Change Request (CR) - The compilation of changes described by the service owner which will affect existing services. Emergency Change - This is similar to a Significant change, but must be executed with utmost urgency. (See Appendix A - Types of Changes for more information.) Impact - Determined by potential disruption to customers and dependent systems. IT Component - A system, device, application or document that is part of an IT Service. IT Service - An IT Service is a customer-oriented offering and/or consumption of a technologybased transaction. For example, DNS is not considered to be an IT service, for it is not experienced by customers as a transaction or offering. Instead, it is considered to be an IT component. Significant Change - A change with less well-known risks or less predictable outcomes, and/or a change that is not regularly made during the course of business. (See Appendix A - Types of Changes for more information.) Peer - Another IT professional that can review a change and understand the technical elements involved. Process Log - A central repository of all Significant and Emergency changes that documents the process followed for a particular change. The purpose of the process log is to ensure that high impact changes have been carefully considered and to serve as a basis for process improvement when changes do not go as planned. Risk - Is determined by a combination of the relative assurance that a change will happen as expected and the potential impact of a change should it not go as expected. Standard Change - A change with readily known risks that is regularly made during the course of business, and whose outcomes are predictable. (See Appendix A - Types of Changes for more information.) 5

Appendix B - Risk Assessment Risk and Change Type Matrix How to use this matrix: First, determine the priority level of the component or service. Then assess the risk of the proposed change to negatively impact that service low, medium or high. The matrix shows whether the type of change is then Standard or Significant. (Note: an Emergency change is the same as a Significant change, but with an expedited timeline.) For example: A high-risk change to a priority 1 IT service (or IT component) is a significant change. A low-risk change to a priority 3 service is a standard change. A medium-risk change to a priority 2 service may be standard or significant. Priority 1 Service Crosses organizational boundaries, serving the business functionality of many units. Is critical to the ability of the University to meet its business and regulatory obligations, support the delivery of education, or administer research. Has strategic value to the campus such that encouragement of widespread use is desirable. Priority 2 Service The system is a feeder to Priority 1 systems; or is a system that does not cross organizational boundaries, but is still critical to the ability of the University to meet its business and regulatory obligations. Priority 3 Service Any departmental system that supports the internal operations of any department or departmental function and does not cross organizational boundaries. Risk: Low Standard Standard Risk: Med Significant or Emergency Standard or Significant or Emergency Risk: High/ Guaranteed Significant or Emergency Standard or Significant or Emergency Standard Standard Standard 6

Sample Priority, Risk and Change Type Assessment What is the Priority Level of the service? See the list of IT Components, or the Risk and Change Type Matrix, to determine priority of the service. What is the Risk associated with the change? To calculate risk, consider assurance (our confidence that the change will go as planned) and potential negative impact to services from a customer perspective. Then take the combined score to assign a risk score. Assurance calculation: Yes No Have we done this change before? Risk +0 Risk +1 Is the change simple to make? Risk +0 Risk +1 Do we have a clear understanding of everything the change will do? Risk +0 Risk +1 Impact Calculation: No Yes Will this change be noticeable to customers? Risk +0 Risk +1 Could this change impact other services? Risk +0 Risk +1 Could this change result in an extended service interruption Risk +0 Risk +1 if it goes badly? Change Type: This is a combination of the priority and the overall risk score. Risk Score 1-2: Low Risk Score 3-4: Medium Risk Score 5-6: High Priority 1 Standard Significant Significant Priority 2 Standard Standard or Significant Significant Priority 3 Standard Standard Standard 7

Appendix C - Change Management Roles Change Advisory Board (CAB) The members of the Change Advisory Board provide a due diligence readiness assessment and advice about timing for any change requests (CR) that are referred to it for review. This assessment should ensure that all changes to the IT environment are carefully considered to minimize the impact on campus users and existing services. CAB members are responsible for: thoroughly reviewing all change requests, ensuring that they: have undergone proper planning and testing are planned to ensure the lowest possible risk to services are coordinated so changes do not impact each other are coordinated with the campus calendar to avoid times of high impact for affected services providing advice regarding any additional measures that should be considered prior to the change compiling an annual report tracking appropriate metrics including: success rate of changes, business impact of unsuccessful changes, etc. Any decision to move forward with a CR should include an advisory review by the CAB in advance for Significant changes and after the fact for Emergency changes. Manager Change Management responsibilities for first level managers include: reviewing and approving timing and feasibility of change requests reviewing and approving change requests when needed engaging the IT Communications Manager to initiate communication with customers ensuring that Assignee fills out the Change Request accurately and completely ensuring staff availability to successfully complete the change Change Authority Change Management responsibilities for the Change Authority include: reviewing advisory input from CAB, including any follow up communication necessary for clarification or other response to or from the CAB during the change process reviewing and approving change requests when needed ensuring that additional resources are available in case of problems 8

Appendix D - Process Examples Standard Change Plan: Collect information to make the change; perform testing; review documentation Evaluate: Determine the risk, priority, and change type Peer review: conduct internal review as needed CAB review not required Approval: Pre-approved by Change Authority Communicate: Send targeted e-mail to affected customers only as needed Implement: Make the change Document: Change Log Significant Change Plan: Collect information to make the change; perform testing; review documentation Evaluate: Determine the risk, priority, and change type Peer review: conduct internal or external review depending on service priority CAB review: submit to the CAB for assessment and advice Approval: Obtain authorization from the Change Authority Communicate: Priority 1: Send notification to Outages and other venues as needed (e.g. Inform lists) Priority 2: Send targeted e-mail to affected customers only as needed Implement: Make the change Document: Change Log and Process Log Change Plan Documentation All Significant and Emergency changes, evaluations and approvals will be documented to allow customers to understand what was changed, the reason it was done and the process that was used to make a change. The following details the kind of information that will be logged for each change and where it will be logged. Change Log All Significant and Emergency changes are logged in the Change Log Standard changes may also be logged in the Change Log The Change Log contains: What was changed Who made the change When the change was made Why the change was made (Reason/Comment) Process Log All Significant and Emergency changes are logged in the Process Log The Process Log contains: Test Plan and testing results Risk assessment documentation Communication Plan Deployment Plan, including back-out contingencies 9

Peer review documentation (whether a review was conducted, what was reviewed and how) CAB review documentation Indication of approval by manager or director Reference to the related Change Log information (what/who/when/why) Post Change summary including successful or unsuccessful determination, related incidents, rollbacks, and business impacts. Appendix E - IT Component Priorities IT Component Priorities are compiled in a separate document. 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information