View Current

IT Change Management Policy

This is the current version of this document. You can provide feedback on this policy to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Purpose

(1) This Policy sets out the University of Canberra’s (University) requirements, procedures and guidelines for the consistent management of Information Technology (IT) changes within the organisation.

Goals

(2) The goals of the Change Management process are to: 

  1. ensure standardised methods and procedures are used for the efficient and prompt handling of all IT changes in order to minimise the impact on service quality, and help improve the day-to-day operations. The Change Management process is also important to ensure only authorised change is made to the production environment;
  2. respond to the University’s changing business requirements while maximising value and reducing incidents, disruption and re-work; and
  3. respond to the requests for change that will align the IT services with the University’s business needs.
Top of Page

Section 2 - Scope

(3) This Policy covers the release of any new services or a service change to the University’s IT architecture.

(4) Changes include additions, deletions and modifications to any IT architecture resource.

(5) The University’s IT architecture includes, but is not limited to, hardware, software, operating systems, data and voice network and applications.

Top of Page

Section 3 - Principles

(6) IT Service and infrastructure changes will have clearly defined and documented scope.

(7) All requests for change will be recorded and classified, e.g. standard, normal, enhancements and emergency/fast track standard. Requests for changes will also be assessed for their risk, impact and business benefit.

(8) The Change Management process will include the manner in which the change shall be reversed or remedied if unsuccessful.

(9) Changes will be approved, checked, implemented in a controlled manner.

(10) Details of the change will be communicated to all stakeholders on a regular basis.

(11) There will be a procedure to handle the authorisation and implementation of emergency changes.

(12) The scheduled implementation dates of changes will be used as the basis for change and release scheduling. A schedule that contains details of all the changes approved for implementation and their proposed implementation dates will be maintained and communicated to relevant parties.

(13) There will be clear accountabilities for the authorisation and implementation of all changes.

(14) There will be an appropriate administrative separation of authorisation and implementation roles for each change, relating to the risk associated with the change.

(15) Change Advisory Board (CAB) meetings shall be held regularly with attendees from DITM and relevant business units.

Top of Page

Section 4 - Responsibilities

(16) Suppliers of goods and services pertaining to the University’s IT architecture have the responsibility for following the prescribed DITM change management process and procedures. 

(17) Suppliers of externally hosted services are responsible and accountable for informing the University of its role and responsibilities in the suppliers change management process. 

(18) Where an externally hosted service is hybrid (contains service components owned/managed by the University) the supplier’s and University’s DITM change management processes will work collaboratively during service transition. 

(19) All staff and end-users of the University’s IT architecture including all corporate IT applications have a responsibility for Change Management: 

  1. End-User/Functional User – has responsibility for submitting a change request, including appropriate authorisation and participation in the testing.
  2. Business System Owner – has the responsibility for ensuring that the change process is followed for all business systems.
  3. DITM Staff Technical Role – has responsibility for following the prescribed change management processes and procedures.
  4. Change Advisory Board– has responsibility for advising the Change Manager in the assessment, prioritisation and scheduling of changes.
  5. Change Manager - has responsibility for approving changes to the IT architecture.
  6. Emergency CAB – has responsibility for reviewing/approving high urgency, high impact emergency changes (required in less than 24 hours).
  7. DITM Management – has overall governance responsibility for overseeing the change management policy and processes.  This includes, but is not limited to, policy dissemination, process enforcement, grievance and final approval for those changes requiring escalation by the CAB.  

Audit and Evaluation

(20) The Change Management process will be reviewed and assessed on an annual basis by Director, DITM for compliance with this Policy.

Top of Page

Section 5 - Procedures

Nil.

Top of Page

Section 6 - Definitions

Terms Definitions
Change Management Is the process responsible for controlling the lifecycle of all changes. The primary objective of change management is to enable beneficial changes to be made with minimum disruption to IT Services (ITIL v3) and end users.
Change A Change is defined as any addition, deletion and/or modification to an IT resource and may be characterised as permanent, transitory or remedial.
Change Advisory Board A dynamically formed group of functional experts, who assist in assessing, prioritising and scheduling changes.
Change Manager Authorises and documents changes to the IT infrastructure and components in order to minimise disruption on operational services.
Corporate IT Application All applications that support the business of the University.
Emergency Change Advisory Board (ECAB) A smaller subset of CAB (including Director, DITM) who are responsible for reviewing/approving high urgency, high impact emergency changes.
Information Technology Infrastructure Library (ITIL) Information Technology Infrastructure Library provides a best practice framework for the delivery of managed IT services.
Release According to ITIL, a collection of hardware, software, documentation , processes or other components required to implement one or more approved Changes to IT Services. 
Suppliers Third parties responsible for the supply of services and/or goods for the delivery of IT services.