Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1 Introduction
1.1
The Information Technology Change Control Policy1 was approved by the Information
Systems Committee in November 2009. This policy set out principles to minimise business
disruptions and impacts resulting from changes to the IT production environment.
1.2
The Policy did not define specific processes to be observed, but the need to write these was
identified in an implementation plan2.
1.3
This document defines the principles of the IT Change Control Process in more detail.
1.4
Much of what is described is already practiced within the University, this document
recognises and in some cases formalises existing good practice.
1.5
Appendix A contains more information on the various roles in the IT Change Control Process,
Appendix B contains more information on each stage in the process and Appendix C
illustrates the type of information required in a Change Request Record.
2 Definitions
2.1
2.2
The term Change Control generally covers two distinct but closely related issues:
Information Technology Change Control Policy (2009), Version 2, Philippa Spratt & Ian Ellery, November 2009
Implementing the IT Change Control Policy, Philippa Spratt & Ian Ellery, November 2009
3
The Change Management Process still applies to changes resulting from formally managed projects where
the service in question is not within the scope of the project.
2
2.2.1 Configuration Control records which versions of the components are compatible to make up
a particular version of the whole system. Closely related to this is the notion of Version
Control, which means recording the version of a system in production use at any given point
in time, and the ability to return a system to that version.
2.2.2 Change Management means the processes necessary to ensure that changes have been
approved from both business and technical perspectives before they are implemented.
2.3
The scope of the IT Change Control policy comprises changes to all IT Services production
systems and underlying infrastructure, including changes to:
the Universitys shared IT infrastructure, including but not limited to hardware, software,
corporate applications, operating system, data and voice network and applications; and
environmental facilities supporting the Universitys shared IT infrastructure, including but
not limited to air-conditioning, water, heat, plumbing, electricity, and alarms; and
data and databases, whenever changes are applied without using production versions of
data entry programs; and
disaster recovery facilities.
3.2
It does not apply to changes to test or development systems, providing they are isolated
from the production environments.
3.3
3.4
Changes not covered by this policy include those that only affect an individual.
3.5
This Change Control Policy does not cover any changes to Business Processes that may be
required. It is the responsibility of the System Owner to ensure that any such changes are
implemented effectively and in co-ordination with the system changes.
It is recognised that the scale of the change may affect the detail of how the principles of the IT Change
Management Process are implemented in practical terms.
1. User identifies
need
2. Define Business
Risks / Benefits
Change Mgr
Business
User
Change Control
No
Production
Yes
6. Close request,
inform originator
1. Implementor
identifies need
2. Define Business
Risks / Benefits
1. Production
identifies need
2. Define Business
Risks / Benefits
8. Schedule
No
5. Proceed?
Test
Implementer
System
Owner
3. Valid
Change
Request?
4. Assess stakeholders
& systems affected.
Define Cost/Risk of
Implementing
7. Indicate
Relative Priority
9. Identify
Configuration
Items affected
Page 2
Business
User
Change Control
Fail
Change
Manager
12. User
Testing
Production
Pass
Pass
Fail
Page 1
Yes
10. Implement
changes
11.
Technical
Testing
Test
Implementer
System
Owner
14. Inform
Stakeholders
13.
Production
ready?
No
15. Go Live
Origination. Users requesting an enhancement will need to give due consideration as to the
value of the proposed change.
5.2
Evaluation. Before any decision is made, an assessment of the costs and risks is made,
together with a review of the stakeholders and other systems affected. This puts the decision
whether or not to proceed on a firm footing, and should reduced the likelihood of
unintended consequences of a change.
5.3
Decision to proceed and prioritisation. The analysis of the cost / risk / benefit will be carried
out by the individual to whom the ISSDG has delegated authority to make such decisions for
the system involved. This should ensure that resources are only committed to those changes
that will most benefit the organisation.
5.4
Timescales. The additional steps described above will inevitably introduce some delay to the
process compared with the historical approach. However, a well designed change
management records system should minimize any such delays, and the potential disruption
of poorly managed changes and diversion of resources to low priority requests are far more
serious risks to the organisation than the marginal costs of proper change management.
5.5
Business Processes. The System Owner must ensure that any changes to Business Processes
are planned and implemented effectively, and co-ordinated with the change to the technical
elements of the service.
Author(s)
JFN
JFN
Date
January 2010
13/01/2010
JFN
22/01/2010
JFN
26/01/2010
JFN
27/01/2010
JFN
1/02/2010
Circulation
Comments
Draft
Draft, incorporating comments
from CIS Team Leaders meeting
Draft, incorporating comments
from Len Ryan and Mike Hewitt
Draft, incorporating comments
from Keith Gwilym ; 3 Appendices
added.
Draft, incorporating comments
from Lorri Currie, Ian Ellery, David
Hayling, Pete Ryan and Ruth Lewis
Draft incorporating comments
from Lee Soden
12. User Testing. The user tests the revised system to confirm that the bug has been fixed, or
that the enhancement meets the new functional requirement, and that the system has not
been changed in any other way.
13. Production Testing. The production team check that all previous checks have been carried
out, and that they will be able to provide operational support for the changed system. They
plan the implementation, with appropriate backout options.
14. Inform Stakeholders. The Change Manager informs the identified stakeholders that the
change will be going into production, and when this will happen. Where re-training is
needed, the Change Manager ensures that suitable arrangements are in place.
15. Go Live. The production team implement the changes.
16. Sign Off. The change manager closes the change request.
IT Change Request
System
Change Request Number
Requested by (Business User)
Enhancement or Fix
Date
Description
Business Benefits and/or Risks
Systems affected
Cost of implementation
Risks of implementation
Date
Date
Approved / Rejected
Priority
Date
Item
Changes made by
Date
Tested by
Date
User tested by
Date
Date
Stakeholders informed by
Date
Date
Date