This policy and the associated procedures were adopted by the CIO and Associate Vice President ITS on November 20, 2009. Modifications to this policy were ratified on August 28, 2015.
Introduction
Change Management establishes the process for controlling modifications to hardware, software, firmware, and documentation to ensure that information resources are protected against undocumented modification before, during, and after system implementation. Change Management exists to coordinate and inform students, faculty, and staff of all changes that impact any shared computing system or service under the direction of the university’s Information Technology Services Division or any third party.
Purpose
The purpose of Change Management is to ensure that all elements are in place, all parties notified and trained, and scheduling of system changes is coordinated with other activities at TRU. The overriding goal is to provide a high level of system integrity, availability and service to University constituents.
Audience
- Information Data Owners or designates
- Information Systems Administrators and Technologists
- Information Technology Services Clients
Information technology change management procedures
- Normal change requests for shared hardware, systems software, application software, or procedural changes which could impact the information technology environment and possibly impact service should be submitted to the ITS Change Advisory Board as close to six (6) business days prior to the requested change date as possible. All changes must be approved by a manager or director of ITS for internal systems or an appropriate director from another TRU division for systems managed by a third party.
- An Emergency Change is a change that needs to occur without scheduling the action in advance. These are changes that would seriously affect business processes if not handled immediately or that require immediate action to meet the need of a customer driven request.
- Review and approval of emergency changes are required and should be approved by an ITS Director or Manager or in the case of systems under the control of a third party and appropriate director from other TRU divisions. Every effort will be made to review emergency change requests as soon as possible. To prevent imminent system problem one may perform a change and follow it up with the proper documentation and management approval. Post event documentation is required and must be posted to the ITSCAB/Change Management folder as soon as possible.
Change management (emergency or normal)
Requests must include the following information:
Change description
A brief technical description of what change is being made including;
- Change Purpose: why are we doing this change?
- Change Testing: what testing has been done?
- Communications Plan: which clients will be informed, how, and when?
Back-out procedures
What is the back-out strategy should the proposed change fail? How will failure be determined and when and by whom will the determination to back-out a change be made?
Timing
When will the change be made? How long will it take and how long will clients be affected?
Responsibilities
Names and contact information for individuals responsible for the change and the on-call/onsite support. For any software promotions this should include clearly defined segregation of duties between the developers and promoters.
Impact analysis
What applications, end users, network segments, systems or business functions could be affected or disrupted by this change?
- Changes often involve new client processes; when this element is part of the plan, close coordination with the client department is necessary and should involve a training plan.
- Follow-up documentation covering the actual results and effects of the change should be recorded in the ITS Configuration Management Data Base to ensure appropriate information is retained for system continuity.