Information Technology Change Management Policy

  • All requests for changes (RFC’s) to SPPS assets and configuration items are required to go through the IT Change Management Process
  • Service Desk is the single point of contact (SPOC) for change related communications
  • Duties are segregated.  There is one gatekeeper (plus backup) per production system
  • Those not authorized to make changes will not have access to the production environments
  • Approved normal changes will be made only during defined change windows
  • As part of the Change Management Process, requests for changes (RFC’s) will undergo impact and risk analysis, as well as formal authorization via a Change Advisory Board (CAB)
  • New development efforts will not be started until they are authorized via this process
  • When a change is approved, it will be thoroughly tested after it is built and before it is migrated into production
  • Test plans, test scripts and testing results will be presented to the Change Advisory Board for final approval before any change may be migrated into production
  • No change will be migrated into production unless there is a plan to restore the original configuration if the change is unsuccessful
  • Close alignment is required between IT Projects and IT Change Management