Welcome to the University Policy Library.
If you are unable to find what you are looking for please use the 'search' function below.
Delegations of Authority Policy is the key document for who is responsible to exercise a delegation – Note: Policies and procedure documents may not reflect the current delegations. Please refer to the Delegations of Authority Policy to identify who the delegate is.
IT Change Management Policy
1.
Purpose:
- The purpose of this policy is to communicate the University’s requirement that all changes to IT information, applications, infrastructure, architecture, systems, and services must be managed efficiently and effectively, using standardised methods and procedures to mitigate the risk and impact of changes to the University.
- Goals of Change Management process:
- Ensure that standardised methods and procedures are used for the timely and effective implementation of required changes, in order to appropriately manage risk and minimise negative impact of change to service quality, and business operations. The Change Management process is especially important in ensuring only authorised change is made to production environments.
- Respond to the University’s changing business requirements while maximising value.
- Ensure that IT changes continue to align with the University’s business needs.
2.
Scope:
- This policy covers the Release of any new functionality or Change to the University’s IT architecture.
- The University’s IT architecture includes, but is not limited to, hardware, software, operating systems, data and voice network and applications.
3.
Principles:
- IT Service and infrastructure Changes shall have clearly defined and documented scope.
- All requests for a Change shall be recorded and classified, e.g. standard, normal, enhancements and emergency/fast track standard. Requests for Changes shall be assessed for their risk, impact, and business benefit.
- Change Management shall include the manner in which the Change shall be reversed or remedied if unsuccessful.
- Submitted Changes shall be vetted and, where approved, shall be implemented in a controlled manner.
- Details of Changes will be communicated to all stakeholders on a regular basis.
- There shall be a procedure to handle the authorisation and implementation of Emergency Changes.
- The scheduled implementation dates of Changes shall be used as the basis for Change and Release scheduling. A schedule that contains details of all the Changes approved for implementation and their proposed implementation dates shall be maintained and communicated to relevant parties.
- There shall be clear accountabilities for the authorisation and implementation of all Changes.
- There shall be an appropriate administrative separation of authorisation and implementation roles for each Change, reflecting the risk associated with the Change.
- Change Advisory Board (CAB) meetings shall be held regularly with attendees from DITM and relevant business units.
4.
Responsibilities:
- The University specifies detailed roles and responsibilities in relation to Change Management.
- Suppliers of goods and services pertaining to the University’s IT Architecture bear the responsibility of following the prescribed DITM change management process and procedures.
- Suppliers of externally hosted services are responsible and accountable for informing the University of its role and responsibilities in the supplier’s change management process.
- Where an externally hosted service is hybrid (e.g.: also contains service components owned/managed by the University) the supplier’s and the University’s IT change management processes will work collaboratively during change or service transition activities.
- Staff, end-users and stakeholders of the University’s IT environment share responsibility for Change Management:
- End-User/Functional User – has responsibility for submitting a change request, including appropriate authorisation and participation in the testing.
- Business System Owner – has the responsibility for ensuring that the change process is followed for all business systems.
- DITM Staff Technical Role – has responsibility for following the prescribed change management processes and procedures.
- Change Advisory Board (CAB) – has responsibility for advising the Change Manager in the assessment, prioritisation and scheduling of changes.
- Change Manager – has responsibility for approving changes to the IT architecture.
- Emergency CAB – has responsibility for reviewing/approving high urgency, high impact emergency changes (required in less than 24 hours).
- DITM Management – has overall governance responsibility for overseeing the change management policy and processes. This includes, but is not limited to, policy dissemination, process enforcement, grievance and final approval for those changes requiring escalation by the CAB.
- Evaluation: The Change Management process will be reviewed as required by the CIO for compliance with the policy.
5.
Legislation:
- This policy is governed by the following legislation:
- Territory Records Act 2002
- Freedom of Information Act 1982
- Privacy Act 1988
- Evidence Act 1995
- Electronic Transaction Act 1999
- Crimes Act 1914
- Telecommunications (Interception and Access) Act 1979
- University of Canberra Act 1989
6.
Supporting Information:
- Context
- Other Related Documents
7.
Definitions:
Terms | Definitions |
Change | A Change is defined as any addition, deletion and/or modification to an IT resource and may be characterised as permanent, transitory, or remedial. |
Change Advisory Board (CAB) | A dynamically formed group of functional experts, who assist in assessing, prioritising and scheduling changes. |
Change Management | The process responsible for controlling the lifecycle of all changes. The primary objective of change management is to enable beneficial changes to be made with minimum disruption to IT Services (ITIL) and end users. |
Change Manager | Authorises and documents changes to the IT infrastructure and components to minimise disruption on operational services. |
Corporate IT Application | All applications that support the business of the University. |
Emergency Change | Any change to the University’s IT Environment, that is not pre-approved, and is required within 24 hours. |
Emergency Change Advisory Board (ECAB) | A smaller subset of CAB (including a director or delegate) responsible for reviewing/approving high urgency, high impact emergency changes. |
ITIL | Information Technology Infrastructure Library: A best practice framework for the delivery of managed IT services. |
Non-Standard Change | Any new capability or, any change that is not pre-approved, to the University’s IT Environment. |
Release | ITIL definition: A collection of hardware, software, documentation, processes or other components required to implement one or more approved Changes to IT Services. |
Standard Change | A pre-approved change listed on the Standard Change Catalogue. |
Suppliers | Third parties responsible for the supply of services and/or goods for the delivery of IT services. |