Information Technology Services Change Control Procedure

Similar documents
Information Services Divisional Change Management Policy In effect: January 1, 2018

USERS GUIDE. Change Management. Service Management and ServiceNow SERVICE EXCELLENCE SUITE

ITSM Process/Change Management

ITIL Glossary Page 1 of 1

Contents. 1. Document CHANGE MANAGEMENT POLICY Control

Change Management Process

EX0-114_Wins_Exam. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0

IT Service Management Foundation based on ISO/IEC20000

ServiceNow Change Management Guide

Contents. Change Management Departmental Procedures

Here are the snapshots of the changes recorded in the three-month period

Change Management Standard and Procedures. Information Technology

05/15/2018 Scott Baron Added UCF IT definition as of May 2018 Added Section I. Document Control

University of. California San Francisco

2014 new ITIL Foundation exam (2011 syllabus) Practice sample questions (220+) PDF file download

Vendor: ISEB. Exam Code: BH Exam Name: ITIL V3 Foundation Certificate in IT Service Management. Version: Demo

IT Change Management. Approved: July 25 th, 2016 Implemented: July 25 th, P a g e 1 11

ITIL V3 Foundation (Classified Questions) Page 1 of Which of the following questions does Service Strategy help answer with its guidance?

Change Management. Agenda. Computing and Telecommunications Services. Overview Definitions Types of Changes Risk Assessment Process Using ServiceNow

IT CHANGE MANAGEMENT Enterprise Change Management Process VERSION: 3.4 REVISION DATE: 06/23/17

I. Purpose. II. Scope

ITIL from brain dump_formatted

EXIN ITIL. Exam Name: Exin ITIL Foundation

[Company logo] Version 4.0. Problem Management Process. January [Company] [Link]

Exin ITIL Exam Topic 1, Volume A QUESTION NO: 1. Which of the following is NOT an example of Self-Help capabilities?

Free4Torrent. Free and valid exam torrent helps you to pass the exam with high score

Vendor: Peoplecert. Exam Code: CMS7. Exam Name: ITIL V3 Foundation. Version: Demo

Operating Level Agreement (OLA) Template

ITIL Foundation v.3. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0.

IT Certification Exams Provider! Weofferfreeupdateserviceforoneyear! h ps://

ITIL Intermediate Lifecycle Stream:

02/13/2017 Scott Baron. 03/23/2017 Scott Baron. 03/23/2017 Scott Baron

EX Exam : Title : ITIL Foundation v.3. Ver :

QUMU CLOUD PLATFORM CUSTOMER SUPPORT AGREEMENT

Glossary 1. For a complete glossary of support center terminology, please visit HDI s Web site at HDI Course Glossary

CWDS. Service Desk ITIL High-Level Design Plan. Created by:

Information Technology Services Project Management Office Operations Guide

Exin Exam EX0-117 ITIL Foundation (syllabus 2011) Version: 16.0 [ Total Questions: 238 ]

EX q. IT 认证题库专家 QQ:

ITSM Process Description

ITS Change Management Process

ITILF.exam.251q ITILF ITIL Foundation (syllabus 2011)

Incident Management Process

Pass4sure.ITIL-F.347.QA

QUESTION 1 What is known as a temporary solution that enables the user to continue working? A. Known Error B. Request For Change (RFC) C. Service Requ

PINK ELEPHANT THOUGHT LEADERSHIP WHITE PAPER. Identifying & Implementing Quick Wins

Savings Show Success of IT Service Management Initiative

Service Procedure OVERTIME APPROVAL AND ASSURANCE

File System Access Management Workbench

Incident Management Process

EXIN ITIL Exam Questions & Answers

Vendor: EXIN. Exam Code: EX Exam Name: ITIL Foundation (syllabus 2011) Exam. Version: Demo

IMPLEMENTING ITIL BEST PRACTICES

ITIL Foundation v V1. Module 4: Service Transition. Reader s Note QAI India Ltd. I

Operational Level Agreement: SQL Server Database Incidents and Requests

Real4Dumps. Real4dumps - Real Exam Dumps for IT Certification Exams

QuickStart for IPCC + Service Catalog Service Description March 2014

Annexure 1: Scope of work for the Information Service Management Tool (Help desk Tool)

INFORMATION TECHNOLOGY (IT) CHANGE MANAGEMENT

PROJECT MANAGEMENT PLAN

Understanding Change Types. Scope

QUESTION: 1 What is known as a temporary solution that enables the user to continue working? A. Known Error B. Request For Change (RFC) C. Service Req

TABLE OF CONTENTS 1.0 INTRODUCTION...

GOVERNANCE AES 2012 INFORMATION TECHNOLOGY GENERAL COMPUTING CONTROLS (ITGC) CATALOG. Aut. / Man. Control ID # Key SOX Control. Prev. / Det.

All terms not otherwise defined in this Addendum are as defined in the Encompass Agreement.

REQUEST FOR PROPOSALS

EXIN ITIL Exam Questions & Answers

Version Effective Apr, Customer Support Program Overview

Release & Deployment Management PinkVERIFY

Cintipation Corp. CORINTHIAN PROJECT Policy for Requirements Management

EX0-117 Exin ITIL Certification Exam

The ITIL Foundation Examination

Exam : EX Title : ITIL Foundation v.3. Ver :

APPENDIX O CONTRACTOR ROLES, RESPONSIBILITIES AND MINIMUM QUALIFICATIONS

Exin EX ITIL Foundation(2011) Download Full Version :

Enabling a Comprehensive Platform for BCMP that integrates People, Process and Technology

ISEB BH BH0-006 ITIL V3 Foundation Certificate in IT Service Management. Practice Test. Version

CITY OF KOTZEBUE REQUEST FOR PROPOSAL ADMINISTRATION IT SERVICES FOR FY18 REQUEST FOR PROPOSAL INFORMATION TECHNOLOGY SUPPORT SERVICES

Contents. Training Topic Objectives. Benefit Approval Process. Support and Resources 3/23/2016 2

IM 9.0 Functional Escalation Process

IT Services Change Management

UCISA ITIL Case Study on The University of Exeter

DeviceLock Technical Support Guide

IM 3.0 P1P2 Incident Process

Security Monitoring Service Description

ROLE PROFILE. IT Operations Support Engineer. Job Family and Level: APM Level 4. Purpose of the Role:

PASS4TEST IT 인증시험덤프전문사이트

Possible Noncompliance Review Processing

EXAM - ITIL. ITILÂ V3 Foundation.

Customer Support Guide. Customer Support Guide

National Grid Electricity Transmission plc Balancing Mechanism Review

Division Assessment Plan

TECHNICAL SERVICES INCIDENT MANAGEMENT PROCESS

Web Application Software 1.0 Managed WebSphere Application Server

Library Technician - University COMPETENCY PROFILE

Internal Audit Report. IT Change Management Review March 2016

Change Management Process. Revised 12/07/2017

D6.5 Documentum Compliance Manager Rapid Success Program

IM 6.0 Incident Escalation Process

DESKTOP SUPPORT SERVICE LEVEL AGREEMENT

Transcription:

Approved: September 24, 2017 A. Purpose To regulate changes to hardware and software maintained by Information Technology Services (ITS) to support production systems and services. Change Control Requests (CCR) are submitted to the Change Advisory Board (CAB), composed of CIO appointed members, or the Change Advisory Board (ECAB), composed of the CIO and direct reports. The CAB will review, approve or deny, the non-emergency CCRs that have been marked New in the Change Control system. This will occur during one of the weekly meeting. The ECAB is responsible for approving or denying emergency CCRs. B. Scope This procedure governs, but is not limited to, changes made to hardware and software in production by or on behalf of: all staff members of ITS ITS vendors designated ITS liaison representatives within the university Directors have the final decision regarding the need for a formal CCR versus using incident management and internal notification. C. Procedure Change Control Requests shall include the following: Confirmation of testing and signoff by appropriate parties Unless there is a significant approved deviation from procedure prior to a CCR, there should be an ITS project or incident ticket created Summary of change Updated documentation (if applicable) Roll-back plan to be implemented in the event of failures or issues Impact (who will this impact) / Risk An ITS staff member will complete the online CCR Form. There are three categories of CCRs: 1. Standard Change: A relatively low-risk change with well-understood outcomes that is regularly made during the course of business. A standard change follows pre-determined processes, is pre-approved by change management processes and may be made at the discretion of an individual employee, provided it has been defined as Standard per the Change Management assessment process. a. Service Requests as defined in the service catalog. b. Ex: Lifecycle replacement ITS Page 1 of 6

2. Normal Change: A Normal change is one that has medium to high risk for critical services, involves less understood risks, has less predictable outcomes, and/or is a change that is not regularly made during the course of business. Because of the ability to affect downstream or upstream services, any proposed normal change must be reviewed and authorized by the Change Advisory Board. a. Within this change the impact is assessed as minor (low risk & impact); Significant (medium risk and impact); Major (High risk and impact). 3. Change: This is similar to a Normal change, but must be executed with utmost urgency for the immediate and continued operation of essential university functions and required to be implemented before the required Change Advisory Board members are able to review and approve. There may be fewer people involved in the change management process review, and the change assessment may involve fewer steps, but any change must still be authorized by at least one member of the E-Cab. The requestor will submit the CCR after the change has been made, and the CCR will be approved post-change by the committee. If prior approval (email or verbal) was obtained, then documentation of the approval will be included in the CCR. Change Requests that are not considered will be reviewed for completeness, accuracy, and impact to campus community. The Change Advisory Board members are responsible for reviewing the new CCRs. Issues, concerns, or suggestions must be documented in the Change Control system. Each Change Control Committee member has the option to ask the requestor to present additional documentation if necessary. For a CCR to be considered approved or rejected it must have been reviewed and approved or rejected by the change advisory board with representation from each: IOS ESS CSS The Change Advisory Board may mark the request as On Hold. Notifications generated by the Change Control systems will serve as official notice. The director of the department implementing the change is responsible for verifying that the change occurs on schedule and that the results are reported. Any changes not completed within the time frame defined or implemented outside of the approved date and/or time should be reported to the Change Advisory Board by the beginning of the following workday. Problems associated with a change should be documented and attached to the originating project request or change ticket. Once the change has been implemented it is the responsibility of the requestor to fill out the Completion section. D. Risk and Change Type Matrix First, determine the priority level of the component or service. Then assess the risk of the proposed change to negatively impact that service low, medium or high. The matrix shows whether the type of change is then Standard or Significant. (Note: an change is the same as a Normal change, but with an expedited timeline.) For example: A high-risk change to a priority 1 IT service (or IT component) is a normal change. A low-risk change to a priority 3 service is a standard change. A medium-risk change to a priority 2 service may be standard or normal. Risk: Low Risk: Med Risk: High/Guaranteed Examples: Priority 1 Service Standard Normal or Crosses organizational ITS Page 2 of 6 Normal or

boundaries, serving the business functionality of many units. Is critical to the ability of the University to meet its business and regulatory obligations, support the delivery of education, or administer research. Has strategic value to the campus such that encouragement of widespread use is desirable. Priority 2 Service The system is a feeder to Priority 1 systems; or is a system that does not cross organizational boundaries, but is still critical to the ability of the University to meet its business and regulatory obligations. Standard Standard or Normal or Standard or Normal or Priority 3 Service Any departmental system that supports the internal operations of any department or departmental function and does not cross organizational boundaries. *Information borrowed from Oregon State University E. Change Request Form Definitions Title: Brief description of the purpose of the change. ITS Page 3 of 6 Standard Standard Standard Status: The status of the CCR. New Entered but not approved, implementation may not begin Approved Approved by the Change Control Committee, implementation may begin On Hold A member of the Change Control Committee has requested this change not be implemented until addition information has been received. Completed Without Issues - No problems making the change, CCR is closed Completed With Issues (add details to Comments) Problems noted and resolved in Comments section, CCR is closed Unsuccessful or Canceled (add details to Comments) - CCR was not completed, reason stated in Comments section, CCR is closed Change Request Source: The source of the change request Ticket Ticket from the help desk system Project Project from the project system Other Please add details to Comments section Change Request ID: The ID number from the project or task, if converted from incident N/A. Change Description: Describe the proposed change. Requestor: Name of individual requesting the change (typically outside party from ITS).

Responsible Party: This is the ITS member who owns the change. (Requestor and implementer cannot be the same individual) Change Reason: The reason for the change. New deployment - Deployment of hardware, software, or service New functionality Deployment of additional functionality to existing hardware, software, or service Maintenance - Routine hardware or software fixes, patches etc Other Changes which do not fall within previous categories Implementation Date & Time: Date the change control is to be implemented. If an emergency change, then this is the date of approval. Probability of Failure: The possibility that the change will result in a failed outcome. Rare Unlikely Possible Likely Almost Certain Description of Impact & Risk Level: Low or High based on impact to the university if the change fails or causes a service outage. With an explanation of the ramifications if the change fails. Describe the impact to the campus of the change and any risks that success or failure may incur Systems Affected: List of potential systems affected by the change (ex: Banner, myseaport, etc.) Testing & Back Out Plan: Describe testing plan and outcome. Describe action items if change is aborted. Implementer: Individual(s) responsible for implementing the change. Approvals: Each member of the Change Advisory Board has the ability to Approve or place On Hold a change control request by selecting the appropriate action. Solution Tested and Documented: Once the change has been implemented the requested will make sure all post implementation testing has been completed and accept by the proper person. ITS Page 4 of 6

Appendix A Definitions Definitions adapted from Information Technology Infrastructure Library (ITIL). See http:// en.wikipedia.org/wiki/information_technology_infrastructure_library. Assurance - The level of confidence that the change will go as planned and is determined by experience and complexity. Change - The addition, modification or removal of approved, supported or baselined hardware, network, software, application, environment, system, or associated documentation. Change Advisory Board - A group of people who can give expert advice to change management on the implementation of changes. Change Control - The procedure to ensure that all changes are controlled, including the submission, analysis, decision making, approval, implementation and post implementation of the change. Change History - Auditable information that records, for example, what was done, when it was done, by whom and why. Change Log - Auditable log of all Changes that records who, what, why, and when for all changes. This may be system specific as certain systems have the ability to automatically log changes in this manner. Change Management - Process of controlling changes to the infrastructure or any aspect of services, in a controlled manner, enabling approved changes with minimum disruption. Change Request (CR) - The compilation of changes described by the service owner which will affect existing services. Change - This is similar to a Normal change, but must be executed with utmost urgency. (See C. Procedure for more information.) Impact - Determined by potential disruption to customers and dependent systems. IT Component - A system, device, application or document that is part of an IT Service. IT Service - An IT Service is a customer-oriented offering and/or consumption of a technology based transaction. For example, DNS is not considered to be an IT service, for it is not experienced by customers as a transaction or offering. Instead, it is considered to be an IT component. Normal Change - A change with less well-known risks or less predictable outcomes, and/or a change that is not regularly made during the course of business. Peer - Another IT professional that can review a change and understand the technical elements involved. Risk - Is determined by a combination of the relative assurance that a change will happen as expected and the potential impact of a change should it not go as expected. ITS Page 5 of 6

Standard Change - A change with readily known risks that is regularly made during the course of business, and whose outcomes are predictable. ITS Page 6 of 6

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback