Director, Information and Technology Management
In developing this policy the University had regard to the provisions of section 40B(1)(b) of the Human Rights Act 2004 (ACT).
IT Change Management Policy
The purpose of this policy is to communicate the University’s requirement that changes to IT (information, application and infrastructure) architecture must be managed efficiently and effectively, using standardised methods and procedures.
The goals of the Change Management process are to:
Ensure that standardised methods and procedures are used for the efficient and prompt handling of all Changes, in order to minimise the impact of Change-related Incidents upon service quality, and consequently improve the day-to-day operations of the organisation. The Change Management process is especially important in ensuring only authorised change is made to the production environment.
Respond to the University’s changing business requirements while maximising value and reducing incidents, disruption and re-work.
Respond to the requests for change that will align the IT services with the University’s business needs.
This policy covers the release of any new services or a service change to the University’s IT architecture.
Changes include additions, deletions and modifications to any IT architecture resource.
The University’s IT architecture includes, but is not limited to, hardware, software, operating systems, data and voice network and applications.
IT Service and infrastructure changes shall have clearly defined and documented scope.
All requests for change shall be recorded and classified, e.g. standard, normal, enhancements and emergency/fast track standard. Requests for changes shall be assessed for their risk, impact and business benefit.
The change management process shall include the manner in which the change shall be reversed or remedied if unsuccessful.
Changes shall be approved and then checked, and shall be implemented in a controlled manner.
Details of changes will be communicated to all stakeholders on a regular basis.
There shall be a procedure to handle the authorisation and implementation of emergency changes.
The scheduled implementation dates of changes shall be used as the basis for change and release scheduling. A schedule that contains details of all the changes approved for implementation and their proposed implementation dates shall be maintained and communicated to relevant parties.
There shall be clear accountabilities for the authorisation and implementation of all changes.
There shall be an appropriate administrative separation of authorisation and implementation roles for each change, relating to the risk associated with the change.
Change Advisory Board (CAB) meetings shall be held regularly with attendees from ITM and relevant business units.
The University of Canberra Change Management Roles and Responsibilities document provides full details of roles and responsibilities in relation to Change Management. Suppliers of goods and services pertaining to the University’s IT Architecture have the responsibility for following the prescribed ITM change management process and procedures.
Suppliers of externally hosted services are responsible and accountable for informing the University of its role and responsibilities in the suppliers change management process.
Where an externally hosted service is hybrid (contains service components owned/managed by the University) the supplier’s and the University’s ITM change management processes will work collaboratively during service transition.
All staff and end-users of the University’s the IT architecture including all corporate IT applications have a responsibility for Change Management:
End-User/Functional User – has responsibility for submitting a change request, including appropriate authorisation and participation in the testing.
Business System Owner – has the responsibility for ensuring that the change process is followed for all business systems.
ITM Staff Technical Role – has responsibility for following the prescribed change management processes and procedures.
Change Advisory Board– has responsibility for advising the Change and Release Manager in the assessment, prioritisation and scheduling of changes.
Change Manager - has responsibility for approving changes to the IT architecture.
Emergency CAB – has responsibility for reviewing/approving high urgency, high impact emergency changes (required in less than 24 hours).
ITM Management – has overall governance responsibility for overseeing the change management policy and processes. This includes, but is not limited to, policy dissemination, process enforcement, grievance and final approval for those changes requiring escalation by the CAB.
Audit and Evaluation
The Change Management process will be reviewed and assessed on an annual basis by Head ITM for compliance with the policy.
is the process responsible for controlling the lifecycle of all changes. The primary objective of change management is to enable beneficial changes to be made with minimum disruption to IT Services (ITIL v3) and end users.
A Change is defined as any addition, deletion and/or modification to an IT resource and may be characterised as permanent, transitory or remedial.
Change Advisory Board (CAB)
A dynamically formed group of functional experts, who assist in assessing, prioritising and scheduling changes.
Authorises and documents changes to the IT infrastructure and components in order to minimise disruption on operational services.
Corporate IT Application
All applications that support the business of the University.
Emergency Change Advisory Board (ECAB)
A smaller subset of CAB (including a Director of ITM) who are responsible for reviewing/approving high urgency, high impact emergency changes.
Information Technology Infrastructure Library provides a best practice framework for the delivery of managed IT services.
ITIL definition: A collection of hardware, software, documentation , processes or other components required to implement one or more approved Changes to IT Services.
Third parties responsible for the supply of services and/or goods for the delivery of IT services.