Change Management Guidelines
Effective Date: February 18, 2011
Last Edited: February 18, 2011
|Purpose||These guidelines serve as a supplement to Acceptable Use Policy, the University of Texas at Arlington’s implementation of UT System UTS 165. The purpose of these guidelines is to manage changes in a rational and predictable manner so that staff and clients can plan accordingly.|
|Scope||These guidelines should be applied in proportion to the respective data classification category, the availability requirements of the data, and the impact of the change on the user community. (See Data Classification Standard).|
Each department, unit, or entity is responsible for defining its own
change management process. In addition to the sensitivity and
importance of the IT resource being managed, the organizational structure
of the entity as well as its IT and business processes should be taken
into account when designing the change management process.
Communication before, during and after the change is one of the most important parts of change management.
A maintenance window is a defined period of time when maintenance, such as patching software or upgrading hardware components, can be performed. Clearly defining a regular maintenance window can be advantageous as it provides a time when users should expect service disruptions.
The change committee reviews change requests and determines whether or not they should be made. In addition, it may determine that certain changes to the proposed plan for implementing the change must be made in order for it to be acceptable.
The change committee may consist of as little as one person, or it may be a group of people, depending on who should be involved in the process. In addition, the membership of the committee might be formally defined, or it might change depending on the nature of the change, or the systems involved. Each area must determine the membership depending on their needs and the specific resources in question.
Critical Changes (and bypassing the process)
In some cases, events are critical enough that they must be rushed into production, creating an unscheduled change. Each situation is different, and even though some steps might be bypassed, as much consideration as possible should be given to the possible consequences of attempting the change. It is still important to obtain sufficient approval for the change. What constitutes “sufficient approval” will vary, and should be defined by the department or business unit.
Plan the Change
Determine the following information during the planning process:
Let others know about the proposed changes. This can be as formal as a change request form, or as simple as e-mail message to concerned parties.
Test the Change
Obtain Approval to Move Forward with the Change
Execute the Change
Keep a Record of the Change
|Documenting Change Request||
Different systems require different levels of documentation for change requests.
Full Change Request Form
A full change request form provides detailed information about the change and is appropriate for changes affecting data classified as Category I (highest, most sensitive) where protection is required by law, the asset risk is high and is information which provides access to resources, physical or virtual. (See Data Classification Standard.) A record of when the change was performed must be kept. The sample change log below could be used to do this.
Abbreviated Change Request Form
An abbreviated change request form should be used for changes affecting data classified as Category II (moderate level of sensitivity) where UT Arlington has a contractual obligation to protect the data, the asset risk is medium and is an institutionally provided service or Category III (very low but still some sensitivity) where there is no legal requirement for data protection, asset risk is low and there are no other institutional risks. (See Data Classification Standard.) Each change should be entered into a change log. In some cases, it may be possible to combine the abbreviated change request form and the change log into a single form.
Below is an example of fields you might use in a simple change log. (See Data Classification Standard.)
Adapted from the "Change Management Guidelines" , The University of Texas at Austin, Austin, Texas 78712-1110