Corporate ICT Change Management



Similar documents
Mobile Communication Device

How To Protect Decd Information From Harm

Temporary Records Procedure

Policies of the University of North Texas Health Science Center

IT Change Management Policy

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Information Technology Services Core Services SLA

INFORMATION TECHNOLOGY SECURITY STANDARDS

Document Control. Version Control. Sunbeam House Services Policy Document. Data Breach Management Policy. Effective Date: 01 October 2014

Walton Centre. Document History Date Version Author Changes 01/10/ A Cobain L Wyatt. Monitoring & Audit

University of Waikato Change Management Process

Data Protection Breach Management Policy

(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002)

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

ITIL applied to Network Operations

[Type text] SERVICE CATALOGUE

Policy. Business Continuity. Business Continuity Policy. Ref: FA5.3. North East Scotland College All rights reserved. Review Date: September 2017

IT Service Management

I.T. Service Management

Maruleng Local Municipality ICT CHANGE MANAGEMENT POLICY

Business Unit CONTINGENCY PLAN

Security Incident Management Process. Prepared by Carl Blackett

University of Liverpool

How To Ensure Information Security In Nhs.Org.Uk

Business Operations. Module Db. Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL:

UMHLABUYALINGANA MUNICIPALITY IT CHANGE MANAGEMENT POLICY

CCIT Change Management Procedures & Documentation

REVIEWED ICT CHANGE MANAGEMENT POLICY

Queensland recordkeeping metadata standard and guideline

CDP Support Guide. Support Plans & Services

EA-ISP Architecture Service Planning Policy

IT BACKUP POLICY. This Policy applies to all University electronic data stored on all IT-managed applications and systems.

Summary of Information Technology General Control Environment Findings for the year ended 30 June 2015

BUSINESS CONTINUITY MANAGEMENT POLICY

JOB DESCRIPTION. Director of e-learning. Strathalbyn and Murray Bridge PURPOSE OF THE POSITION

Access Control Policy

IT CHANGE MANAGEMENT POLICY

DBC 999 Incident Reporting Procedure

Information Management Advice 18 - Managing records in business systems Part 1: Checklist for decommissioning business systems

OPERATIONAL SERVICE LEVEL AGREEMENT BETWEEN THE CLIENT AND FOR THE PROVISION OF PRO-ACTIVE MONITORING & SUPPORT SERVICES

Information Governance Plan

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

Aberdeen City Council IT Security (Network and perimeter)

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Service Level Agreement

PROCEDURE Health and Safety - Incident Investigation. Number: J 0103 Date Published: 18 March 2015

Issue and Use of Corporate Credit Cards Policy

1. Introduction. 2. Performance against service levels 1 THE HIGHLAND COUNCIL. Agenda Item. Resources Committee 26 th March 2003 RES/43/03

Domain Name Service Service Level Agreement (SLA) Vanderbilt Information Technology Services

ASX SETTLEMENT OPERATING RULES Guidance Note 10

CHANGE MANAGEMENT PROCESS

EDITIONS COMPARISON ICEFLO Editions & Pricing. Date November 2015 Version. v1d2

Managing Risk in Procurement Guideline

IS INFORMATION SECURITY POLICY

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

CHAPTER 1 COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT)

Business Continuity Management

La Trobe University is committed to maintaining a comprehensive and effective Compliance Framework.

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September Information Governance Manager

INFORMATION TECHNOLOGY SERVICES IT CHANGE MANAGEMENT POLICY & PROCESS

For more information, please visit the IST Service Catalog at

Information Security and Governance Policy

Information Shield Solution Matrix for CIP Security Standards

ITIL Example emergency change management procedure

Chris Day, Acting Director of IT Services C Day. Configuration Manager Change Manager Change Assessors Change Implementers

Transition Guidelines: Managing legacy data and information. November 2013 v.1.0

DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE

GMS NETWORK BASIC PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. GMS Network Basic

Release: 1. ICAB5230B Maintain custom software

An Integrated Operational Risk Management Framework for Power Generation

i. Maintenance of the operating system, applications, content on the server, or fault tolerant network connections

Service Children s Education

DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY

Version: 3.0. Effective From: 19/06/2014

Transcription:

Policy Corporate ICT Change Management Please note this policy is mandatory and staff are required to adhere to the content Summary A formal change management system must be approved, implemented and enforced to ensure the controlled, secure and authorised installation, maintenance and upgrade of operating systems, applications software, application systems software and significant hardware and environment components. Table 1 - Document details Publication date February 2011 Review date January 2014 Related legislation/applicable section of legislation Related policies, procedures, guidelines, standards, frameworks Replaces ICT Security Policy February 2011 Policy officer (position) Manager, ICT Assurance Policy officer (phone) 8226 4375 Policy sponsor (position) Executive director responsible (position and office) Applies to Key words Status Approved by Assistant Director, ICT Strategy & Relationships Executive Director, Infrastructure All DECD Employees ICT Change Management Approved Executive Director, Infrastructure Approval date February 2011 Version 1.8 1 Corporate ICT Change Management February 2011

Table 2 - Revision record Date Version Revision description 2 Corporate ICT Change Management February 2011

Table of Contents Policy... 1 Corporate ICT Change Management... Error! Bookmark not defined. 1. Title...4 2. Purpose...4 3. Scope...4 4. Policy detail...4 5. Roles and responsibilities...5 6. Monitoring, evaluation and review...5 7. Definitions and abbreviations...6 8. Supporting documents...6 9. References...6 Appendix...6 3 Corporate ICT Change Management February 2011

1. Title Corporate ICT Change Management 2. Purpose A formal change management system must be approved, implemented and enforced to ensure the controlled, secure and authorised installation, maintenance and upgrade of operating systems, applications software, application systems software and significant hardware and environment components. 3. Scope All DECD employees. 4. Policy detail General Formal change management procedures must be used to install new or modified operating, application or hardware systems into production and to decommission system components. Changes must be scheduled to minimise disruption to normal business In the event of an emergency a change may not always be scheduled, however procedures will ensure urgent changes remain controlled at all times. (Emergency procedures reflect normal management procedures with allowances for fast tracked solutions.) Documented Procedures Change management procedures must be documented, maintained and managed as formal documents. This documentation will include details including scheduling requirements, interdependencies with other systems, support contacts, restart and recovery procedures, customer notification requirements and any other special instructions. System Changes System changes must be classified against an established set of priorities and defined change categories. Change Authority The owners of the application systems and resources must provide the necessary authority and approval to the custodian of the systems and resources to enable changes to be performed. Change Process The custodian of the application systems and resources can only initiate the change to production on the authority of the owner of the system after the required testing, acceptance and quality assurance 4 Corporate ICT Change Management February 2011

approvals are obtained. Appropriate back-out procedures must be established prior to initiation to maintain controlled situations in the event of a change being cancelled. Cooperative Processing Changes must be reviewed and tested to ensure there is no adverse impact on the security or operation of any other infrastructure components or systems. Change Documentation Documentation of the changes applied to equipment, operating systems and information systems must be maintained for production systems and systems under development. The records must include the authorisation documents, library change logs, system logs, and management acknowledgments and approvals as appropriate. Change Review Evidence of the review of changes and the change process must be documented and maintained. Emergency Changes Where emergency changes to production systems and data are required, the event must be recorded and appropriate documentation and approvals obtained as soon as possible after the event. Failures must be investigated, causes identified and logged, and permanent changes implemented to prevent recurrence, in accordance with this policy. 5. Roles and responsibilities Table 2 - Roles and responsibilities Role Authority/responsibility for 6. Monitoring, evaluation and review 5 Corporate ICT Change Management February 2011

7. Definitions and abbreviations Table 3 - Definitions and abbreviations Term Meaning 8. Supporting documents The DECD Policy ICT Security is relevant and must be read in conjunction with this policy. 9. References N/A Appendix N/A 6 Corporate ICT Change Management February 2011

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information