Change Management Process

Similar documents
ServiceNow Change Management Guide

Contents. 1. Document CHANGE MANAGEMENT POLICY Control

ITSM Process/Change Management

Contents. Change Management Departmental Procedures

ITIL from brain dump_formatted

ITIL V3 Foundation (Classified Questions) Page 1 of Which of the following questions does Service Strategy help answer with its guidance?

2014 new ITIL Foundation exam (2011 syllabus) Practice sample questions (220+) PDF file download

Information Technology Services Change Control Procedure

Vendor: Peoplecert. Exam Code: CMS7. Exam Name: ITIL V3 Foundation. Version: Demo

Exin ITIL Exam Topic 1, Volume A QUESTION NO: 1. Which of the following is NOT an example of Self-Help capabilities?

Glossary 1. For a complete glossary of support center terminology, please visit HDI s Web site at HDI Course Glossary

University of. California San Francisco

The Incident Management process consists of seven procedures for handling support requests.

IT Change Management. Approved: July 25 th, 2016 Implemented: July 25 th, P a g e 1 11

USERS GUIDE. Change Management. Service Management and ServiceNow SERVICE EXCELLENCE SUITE

Pass4sure.ITIL-F.347.QA

Release & Deployment Management PinkVERIFY

IT CHANGE MANAGEMENT Enterprise Change Management Process VERSION: 3.4 REVISION DATE: 06/23/17

05/15/2018 Scott Baron Added UCF IT definition as of May 2018 Added Section I. Document Control

Process. Mission. Scope. Level of Detail. The Release Management process consists of four procedures.

Vendor: EXIN. Exam Code: EX Exam Name: ITIL Foundation (syllabus 2011) Exam. Version: Demo

Vendor: ISEB. Exam Code: BH Exam Name: ITIL V3 Foundation Certificate in IT Service Management. Version: Demo

Here are the snapshots of the changes recorded in the three-month period

EX Exam : Title : ITIL Foundation v.3. Ver :

Incident Management Process

ITIL Foundation v.3. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0.

EXIN ITIL. Exam Name: Exin ITIL Foundation

The second procedure is called "Root Cause Analysis". It is used by specialists when they analyze a problem.

Incident Management Process

INFORMATION TECHNOLOGY (IT) CHANGE MANAGEMENT

Topic 1, Main(95 Questions)

EXIN ITIL Exam Questions & Answers

ITILF.exam.251q ITILF ITIL Foundation (syllabus 2011)

EX0-117 Exin ITIL Certification Exam

EXIN ITIL Exam Questions & Answers

Improving IT Change to drive Business Value

EX0-114_Wins_Exam. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0

ITSM Process Description

IT Service Management Foundation based on ISO/IEC20000

Internal Audit IT Change Management Review Follow-up: Phase 2 of 2 (November 2016)

ITIL Foundation v V1. Module 4: Service Transition. Reader s Note QAI India Ltd. I

EXIN.ITIL _by.getitcert.com Mine Modified

EX q. IT 认证题库专家 QQ:

ITIL Glossary Page 1 of 1

Information Services Divisional Change Management Policy In effect: January 1, 2018

Understanding Change Types. Scope

Change Management. ServiceNow User Guide. Version 2.0 Novmeber, November 2015

ROLE : INFORMATICA ADMINISTRATOR

02/13/2017 Scott Baron. 03/23/2017 Scott Baron. 03/23/2017 Scott Baron

The following form is available in the service management application for the Availability Management process:

Change Management Process. Revised 12/07/2017

Internal Audit Report. IT Change Management Review March 2016

Testinside. Exam : EXIN EX Title : ITIL Foundation v.3 Certification. Version : V3.88. Testinside -help you pass any IT exam!

The mission of the Capacity Management process is to avoid incidents caused by capacity shortages.

IBM High Availability Services for resilient infrastructure. Frequently Asked Questions

Best Practices For Complex IT Environments. James Dorney Technology Strategist Development

CWU Service Desk and CSS ITSM Operating Standards v1.13 April 20, 2016

Operating Level Agreement (OLA) Template

The ITIL Foundation Examination

PASS4TEST IT 인증시험덤프전문사이트

QUMU CLOUD PLATFORM CUSTOMER SUPPORT AGREEMENT

HP Service Manager. Software Version: 9.40 For the supported Windows and Unix operating systems. Processes and Best Practices Guide (Classic Mode)

Building a CMDB You Can Trust in a Complex Environment

IT Change Management. A Practical Approach for Higher Education EDUCAUSE WORKING GROUP PAPER AUGUST 2018

APPENDIX 2A.1 IT SERVICE MANAGEMENT AND LIFE CYCLE MANAGEMENT TOOLS

Change Management Standard and Procedures. Information Technology

Savings Show Success of IT Service Management Initiative

Implementing a Lead Time Framework for the Handling of Requests for Change

Service Operation. Scenario One

White Paper. Delivering ITIL Best Practices Through Unicenter ServicePlus

Operational Level Agreement: SQL Server Database Incidents and Requests

Q&A FROM JUNE 2010 WEBINAR: CHANGE MANAGEMENT PRACTICAL ADVICE VICKY LUTTRELL, IS PROCESS MANAGER

GOVERNANCE AES 2012 INFORMATION TECHNOLOGY GENERAL COMPUTING CONTROLS (ITGC) CATALOG. Aut. / Man. Control ID # Key SOX Control. Prev. / Det.

IBM Infrastructure Security Services - Managed Security Information and Event Management (Managed SIEM)

I. Purpose. II. Scope

Database Services - Standard

Expert Reference Series of White Papers. Microsoft Service Manager Simplified

ITS Change Management Process

Session 205: ITSM Deep Dive: Classification, Prioritization, Escalation & Alerting

Service Operation. Scenario One

Desktop Support Program Service Level Expectations

Business Intelligence Data Warehouse, BIDW SLE

CENTRE (Common Enterprise Resource)

TECHNOLOGY brief: Event Management. Event Management. Nancy Hinich-Gualda

Alumni and Development Systems SLE

Exin Exam EX0-117 ITIL Foundation (syllabus 2011) Version: 16.0 [ Total Questions: 238 ]

Introduction to Novell Service Desk

Implementing ITIL Best Practices

Decision Maker s Guide

Exam : EX Title : ITIL Foundation v.3. Ver :

Modernise IT Operations and Service Management. Simon White Solution Architect, IT Operations Management Practice, Australia/New Zealand

ECB-UNRESTRICTED T2S OPERATIONAL GOVERNANCE PROCESS FRAMEWORK

TECHNOLOGY POLICY SUMMARY FOR THIRD PARTY SUPPLIERS

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus

NOT PROTECTIVELY MARKED

A technical discussion of performance and availability December IBM Tivoli Monitoring solutions for performance and availability

Infrastructure Hosting Service. Service Level Expectations

Research Administration Systems SLE

Introductions. Rachel Manongdo, Communications Specialist, UIT. Vesna Siracevska, Business Analyst, UIT. Kiran Joshi, AS Tools Manager, UIT

Part 0: Overview and vocabulary

Transcription:

Change Management Process Version 2.0 Version Date: 1 May 2017 Revision Date: 2017-05-01 Page 1 of 11

Table of Revisions Revision Number Description of Change Date of Change Reviewed / Revised By 1.0 Formal Implementation 05/01/2006 Brad Lytle 2.0 Revision in alignment with ServiceNow GoLive 05/01/2017 Damon Armour Revision Date: 2017-05-01 Page 2 of 11

Table of Contents 1.0 Introduction 4 1.1 Objectives 4 1.2 Scope 4 1.3 Definitions 4 2.0 Change Management Process 5 2.1 Process Implementation 6 2.1.1 Types of Changes 6 2.1.2 Risk Assessment 6 2.1.3 Impact Assessment 6 2.1.4 Change Notification 7 2.1.5 Request for Change Approval 7 2.2 Roles and Responsibilities 7 2.2.1 Change Manager 7 2.2.2 Change Advisory Board (CAB) 7 2.2.3 Change Requester 8 2.2.4 Change Assignee 8 2.2.5 Change Approver 9 3.0 Change Management Procedures 9 3.1 Creating Change Requests 9 3.1.1 Standard Change Request 9 3.1.2 Normal Change Request 10 3.1.3 Emergency Change Request 10 3.2 Change Advisory Board Procedures 10 3.2.1 Change Advisory Board Meetings 10 3.3 Communicating Planned Changes 11 3.4 Information Security 11 Revision Date: 2017-05-01 Page 3 of 11

1.0 Introduction With an ever-evolving Information Technology (IT) environment, frequent change to applications, systems, and to the overall infrastructure has become commonplace. Management of changes is critical to providing a robust, valuable IT infrastructure and addresses the need for ensuring that standardized methods and procedures are used for the efficient and prompt handling of all changes.change Management provides a standardized, formal methodology to handle all documented change requests from inception, through approval to implementation and closure. 1.1 Objectives The objectives of the ITS Change Management Process are to ensure that: All Changes are properly analyzed, documented, and communicated to ITS staff and to all functional groups and clients potentially affected by, or involved in, their execution. Details of all Changes are tracked and stored in a central Change Management System for the purpose of historical trending and reporting. Procedures required before, during, and after Change execution and the respective areas of responsibility are clearly documented and published. The proper analysis and testing is performed to assess the need for a change versus the potential impact of the change. No Change is executed without first being properly planned, documented, peer reviewed, tested, and approved. 1.2 Scope The scope covers the production environment defined as the technology infrastructure that supports hardware, software, middleware, applications, storage, and network components. 1.3 Definitions Change: As anything that transforms, alters, or modifies a supported, production environment or that has potential to affect the stability and reliability of the institution s infrastructure or disrupt business operations. A change includes implementations that meet any of the following criteria: Changes that may result in unavailable, degraded service, or loss of redundancy Changes to the functionality of a service or infrastructure component Deployment of a new software, application, or service Changes required to meet compliance or regulatory guidelines Changes that require an update to the Configuration Management Database (CMDB) Planned, preventive maintenance Changes to Production and Production Support environments Changes performed by an external vendor Any emergency changes to a supported production environment Revision Date: 2017-05-01 Page 4 of 11

Any patches to the production environment Change Advisory Board (CAB): A group of authoritative IT and Business stakeholders who are responsible for assessing the risk and providing approval for requested changes to the production environment. A subset of the CAB, called the Change Advisory Board Emergency Committee (ecab) reviews and approves all emergency requests for change. Change Management System (CMS): Software tool or combination of tools utilized for the request, approval, tracking and details of changes. Change Manager: The individual(s) responsible for the management of the day-to-day functional Change Management operations. Change Request: vehicle used to record the details of a request for a change (RFC) to be made within IT, associated with one or more Configuration Items (CI), IT assets or IT services. Configuration Items (CI): a specific element in the IT environment that is under Change Management control. Examples of CIs are hardware, software, people, and documentation. Configuration Management Database (CMDB): A repository that acts as a data warehouse for information technology (IT) installations. It holds data relating to a collection of IT assets (commonly referred to as configuration items (CI)), as well as to descriptive relationships between such assets. When populated, the repository provides a means of understanding: The composition of critical assets such as information systems The upstream sources or dependencies of assets The downstream targets of assets Production Environment: All system, network, infrastructure, and software that supports the technology services utilized by the UNCG client community for academic, administrative or research purposes. Environments utilized for testing and development are not considered to be production. 2.0 Change Management Process To ensure the integrity, consistency and availability of the UNCG technology services, all changes to the UNCG production environment will be tracked via a Request for Change (RFC). RFCs will be entered into and managed via the Change Management System (CMS) to ensure Changes are centrally tracked, approved, reported upon, and enforced in a reliable and consistent manner. RFCs must be reviewed and approved by the Change Advisory Board (CAB) prior to execution to ensure a proposed Change does not compromise the stability of the production environment. Changes to the UNCG production environment must be: Implemented using the Change Management Process. Documented prior to, during, and after Change execution. Assessed for risk to the production environment, assigned the appropriate risk level and Revision Date: 2017-05-01 Page 5 of 11

handled according to the level assigned. Submitted with implementation and rollback plans, as well as an assessment of the probability of failure. Coordinated with all people required to implement and verify functionally. Classified and submitted through the Change Management process as the proper Change type to ensure all affected parties are aware of and prepared for the impending Change. Communicated to the appropriate user community if the change has any potential impact on the user base, including a temporary service outage. Approved by the appropriate manager(s). Monitored and closed in a timely manner. 2.1 Process Implementation While the Change Management process begins with the initial user request for change, the information presented in this section focuses primarily on those tasks necessary for the implementation of a production change. 2.1.1 Types of Changes Emergency Change: Unplanned changes necessary to restore service or meet business need. These changes require Change Approver approval and ecab authorization. Normal Change: Planned changes, typically submitted 1-2 weeks prior to their implementation date, which are not predefined, pre-approved that require Change Approver approval and CAB authorization. Standard Change: Select from available pre-approved change templates. These changes require Change Approver approval, but not CAB authorization once initial template is approved by the CAB. 2.1.2 Risk Assessment An assessment of risk must be completed on any Change prior to its approval. This assessment should be done at a minimum of three points throughout the Change Management Process. They are: 1. By the Change Requester and Assignee at the time of creating the request. 2. By the Change Approver prior to approving the request to go before the CAB. 3. By the Change Advisory Board prior to giving final approval for the execution of the change. In assessing the risk level of a change, the following factors must be considered: Probability of customer impact Potential level of customer impact Probability of success/failure Potential impact of failure Possibility of roll back Potential roll back or recovery time Revision Date: 2017-05-01 Page 6 of 11

Perceived effectiveness of related communication Once the appropriate level of risk is determined, it should be balanced with the level of need for the change prior to making the initial request or at each stage of approval. 2.1.3 Impact Assessment Below are guidelines for determining the appropriate level of customer impact: High: Any service outage of a mission critical system or application, and/or multiple users are not able to perform their normal business functions. Medium: Service outage of a non-mission critical system or application. Low: Service interruption with no noticeable impact on end user s ability to perform their business functions. None: No anticipated impact on the end user community. 2.1.4 Change Notification It is the responsibility of the Change Assignee to ensure: Any change to the production environment that has potential impact to service availability, performance or usage is communicated to the affected user communities. All changes are communicated to the Service Desk, Service Operations Center, and Client Services. The Request for change is approved by the Change Approver. All the above is completed prior to CAB review of the Request for change. All mass communication is sent via the ITS Communications Office or Responsible Service Owner. 2.1.5 Request for Change Approval Emergency change: An Emergency change must receive two levels of approval. The first approval must come from the Change Approver. The second approval must come from an ITS Associate Vice Chancellor, who is a member of the ecab. Normal change: A Normal change must receive two levels of approval prior to execution. The first approval must come from the Change Approver. The second approval must come from the Change Advisory Board. Standard change: A Standard change must receive one level of approval prior to execution. The approval must come from the Change Approver. The Change Advisory Board would have previously approved the template used for the Standard change. 2.2 Roles and Responsibilities Within the change management process, specific roles and functions have been defined. Each role is responsible for completing specific tasks within this process. Revision Date: 2017-05-01 Page 7 of 11

2.2.1 Change Manager The individual(s) responsible for the management of the day-to-day functional Change Management operations that include: Reviewing the effectiveness and efficiency of the change resolution process Coordinate and chair all CAB meetings where change requests are reviewed and approved Facilitate the resolution of any schedule conflicts that may arise. Reviewing the results of scheduled changes 2.2.2 Change Advisory Board (CAB) This group is responsible for final review and approval/rejection of all normal changes and standard change templates. The CAB meets at a regularly scheduled interval to review all pending changes but can also perform their function remotely (email, telephone) if necessary. All Changes requiring approval are reviewed by the CAB during its periodic meeting. The CAB has the authority to do any of the following: Approve Changes as presented Re assess the risk level of a Change Re assess the impact level of a Change Request additional information prior to approval Reject Changes 2.2.3 Change Requester The Change Requester is the person who initially requests that a Change take place. In such a case, the action request is ultimately assigned to the person/organization whose function it is to implement changes of the requested type. The Change Requester must provide all the requirements and objectives for the change, including an explanation of the reason and justification for the proposed change. If the Change Requester does not provide adequate detailed information, the Change Assignee or Change Approver have the authority to require it before creating the change. In the event that the Change Requestor is also the Change Assignee, that person will have the responsibilities of both roles. The responsibilities of the Change Requester include: Initial escalation/request for change. Provision of business and technical requirements to the Change Assignee. Resolution or escalation of Change issues. Provide input to the assessment of the change s level of risk. Provide input to the assessment of the change s level of impact. Change planning and coordination. Review of the Change plan/documentation. Ensure the user community affected by the change is notified prior to the change implementation. Facilitate any required client testing before, during or after Change execution. Revision Date: 2017-05-01 Page 8 of 11

2.2.4 Change Assignee The Change Assignee is the owner of the Change. This person will work with the Change Requestor (if it is someone else) to gather the appropriate information required to create and represent the RFC. Responsibilities of the Change Assignee include: Creation of the Change including Peer Review of the Change. Communication and coordination of Change testing and implementation. Meet with the Change Requester, as needed, to resolve any questions or problems with a proposed Change. Update any related documentation after the Change has been implemented. Update the status of the Change and enter all necessary information into the CMS, which may be helpful for historical purposes. Follow up with the Change Requester to provide status on the implementation success or failure. Provide closure status in the Change Management System. 2.2.5 Change Approver The Change Approver is the supervisor/manager who provides the first level of approval to a RFC, allowing it to go before the CAB for review. This is the supervisor/manager of the Change Assignee or their delegate. Responsibilities of the Change Approver include: Review all Changes submitted by staff members of their group Ensure all necessary communication, coordination, documentation and testing has been completed properly on all Changes prior to approval Approve all Changes prior to them being submitted for review by the Change Advisory Board 3.0 Change Management Procedures Change management procedures have been developed and implemented that take into account the impact of changes to UNCG s academic, administrative and research activities including: system availability, user impact, system efficiency and usability of documentation. A major goal of the process development effort was to establish a set process that facilitated the coordination of changes within the UNCG production environment. This process will be changed as needed. 3.1 Creating Change Requests Procedures for creating change request can be found in the provided ServiceNow training materials found separate from this document. 3.2 Change Advisory Board Procedures The Change Advisory Board (CAB) will meet periodically for the purpose of reviewing all pending change requests. The CAB will either approve or reject each change request during the course of the meeting. Revision Date: 2017-05-01 Page 9 of 11

3.2.1 Change Advisory Board Meetings To prepare for the CAB meeting, the Change Manager will: Ensure that all change requests received prior to the meeting start time are in the weekly report. This report will be called the Weekly Change Summary. The report must contain sufficient information for each change to ensure the Board members understand and can evaluate the change being proposed. The report contents will be further grouped by the following subcategories: New Requests Existing Requests Each report entry contains: Description of the Change Location of proposed Change Locations and user communities potentially impacted by the Change Impact on end user communities Name of the Change Requester Name of the Change Assignee Scheduled Date and Time for executing the Change Approval Status of the RFC Name of Change Approver Distribute the Weekly Change Summary to all members of the CAB prior to the scheduled meeting. During the CAB meeting, the members of the CAB will review and discuss each change request as a group to ensure that it meets all requirements of the Change Management Process. The CAB may call upon the Change Assignee to answer any questions that may arise about their change request during the meeting. All Change Assignees who have a change request pending must attend the CAB meeting or send a representative from their department who can properly represent and discuss the Change. Failure to do so may result in the automatic Rejection of the change request. Rejected change requests can be updated and re submitted to the CAB for review at a later date. 3.3 Communicating Planned Changes All planned Changes that will impact, or have the potential to impact, a production service must be communicated to the users of that service prior to execution. All communication details must be coordinated by the Change Assignee and approved by the CAB PRIOR to being sent. All mass communication must be sent via the ITS Communications Office or Responsible Service Owner. The Change Assignee is responsible for notifying the Service Desk and Service Operations team immediately before and immediately after the execution of an approved Change with an impact Revision Date: 2017-05-01 Page 10 of 11

above low. 3.4 Information Security A staff member of ITS charged with Information Security will be a required member of the CAB and must attend all CAB meetings. ALL change requests must be reviewed for information security implications prior to CAB approval. Considerations in this review include, but are not limited to,: Implications to the security of University high risk or moderate risk data. Implications to the security of University equipment. Compliance implications (HIPAA, FERPA, etc.) Revision Date: 2017-05-01 Page 11 of 11

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback