System Change Management
Date of Current Revision or Creation:泭December 1, 2023
The purpose of an Information Technology Standard is to specify requirements for compliance with 圖朸厙 Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.
Purpose
The purpose of this standard is to establish how changes to the production computing environment are performed to ensure that changes are made in a controlled and authorized manner. Further, the standard includes communication requirements to appropriate parties.
Definitions
Change Management is a process that coordinates effort to maximize benefits and minimize failures for all involved.
ITS is the acronym for the official name of Information Technology Services.
A Planned Change is a routinely planned and scheduled change to a production system. Planned changes follow an established protocol.
An Unplanned Change is an unanticipated or emergency change to a production system. Unplanned changes follow an established post-change protocol.
Standards Statement
1. System Change Management
Changes to the production computing environment must be planned, tested, shared, and implemented in a thorough and controlled manner.
Changes to this environment are classified as planned and unplanned.
2. Planned Changes
Management is charged with ensuring that projects requiring production systems changes are planned, communicated, and executed. Approval for the overall plan should be obtained from the Director level (or designee) within ITS.
Production changes are normally communicated to the ITS organization, initially, via the weekly production change review meetings. ITS operations manager conducts the meetings and documents planned changes for that week.
Major changes (updates, upgrades, etc.) to critical systems shall be approved by the Director (or designee). For approval, a test plan, implementation schedule, back out plan, and communication plan must be presented.
If the change must occur outside of the standard maintenance window, including any extensions to the standard time, an explanation must be provided. Once the change is approved, a contact person is responsible for posting information to the prod change calendar and applications administrators are charged with communicating the change to the appropriate audience on campus.
In the event the change is urgent and the required Director is not available, the functional assistant director or manager is authorized to approve changes.
3. Unplanned or Emergency Changes
Critical situations may occur requiring an immediate change to the production computing environment. At these times, there is often no time for planning, testing, or advanced notification. When unplanned changes are needed, the computing professional charged with making the change will act as necessary and the resulting change will be entered into the Prod Change Calendar system after the fact.
4. Notification
A Listserv as well as aTeams channel called "圖朸厙 IT Change Advisory Board has been established for notifying interested employees and staff about changes to the production computing environment. The name of this list is Prodchng-L@list.odu.edu. Any University faculty or staff is eligible to sign up to this list or request access to the Teams channel. This list maintains an archive that can be referenced for historical changes or for planned changes.
Planned changes are to be announced to this list at least 48 hours prior to the change date. Unplanned changes are to be announced to the Team as soon as they are known prior to the change or as soon as possible after the change, if necessary.
Any Team member may reply to the change announcement with questions or concerns about a pending change. Any replies to a change announcement should be evaluated by the person responsible for the change as to its impact on the planned change and/or the announcement.
Procedures, Guidelines & Other Related Information
- Federal and State Law
- University Policy 3501 - IT Access Control
- University Policy 3502 - Information Infrastructure, Architecture, and On-going Operational
- University Policy 3505 - Information Technology Security
History
Date |
Responsible Party |
Action |
December 2006 |
ITAC/CIO |
Created |
October 2008 |
ITAC/CIO |
Reaffirmed |
October 2010 |
ITAC/CIO |
Reaffirmed |
October 2011 |
ITAC/CIO |
Reaffirmed |
March 2014 |
IT Policy Office |
Minor rewording for clarity Numbering revision and departmental name change |
December 2017 | IT Policy Office | Reviewed: no changes |
December 2020 | IT Policy Office | Minor rewording for clarity and numbering revision |
December 2023 | IT Policy Office | Reviewed: no changes |