1615 PR.01 Information Technology Infrastructure and Application Change Management
Revision Date:
April 17, 2015
Contents
CAB Approval Required for ITS Systems. 1
Change Types for Change Management 2
Change Submission Priorities. 2
Overview
- During change planning and prior to change implementation and/or release into production environment(s), owners of ITS-managed and ITS-owned configuration items shall contact the Change Advisory Board and advise it of the planned change.
- This procedure provides an overview of the change, release and deployment management processes put in place by Information Technology Services (ITS) and used by the Change Advisory Board (CAB). This document may also function as a basic outline for a change management process for system owners of non-ITS-managed configuration items. The official, detailed ITS processes for managing changes, releases and deployments are maintained through Service Now and the Service Now Knowledge Base. Please see:
- Change Management
- KB0000462 ServiceNow CAB Meeting Notes
- KB0000789 ServiceNow change Guide
- KB0005371 ServiceNow CAB Guide Lines
- KB0005372 ServiceNow Change Process Document
- KB0005373 ServiceNow CAB Charter
- Release Management
- KB0005392 Standard Bi Weekly (BMR) Release
- KB0005403 SPOT Release
- KB0005406 Maintenance Window Release
- KB0005405 Emergency Release
- KB0005409 Pre-Approved Release
- Change Management
CAB Approval Required for ITS Systems
- No changes to a configuration item may be implemented until approval or an exception from the CAB is received.
- Initial contact can be made by contacting the Change Manager changemanager@yale.edu.
Foundational CAB Policies
- The Change Owner is ultimately accountable for the success of their respective change.
- The approving Change Manager is accountable for the successful execution of the process, as a means to mitigate impact and risk for stakeholders/customers.
- Change Management will manage all changes made to the production environment, including the operational test environment. This includes changes implemented by vendors and external organizations.
- Effective Risk and Impact Assessment is enforced and is considered the foundation of Change Management.
- All customers are informed of changes that affect the Service(s) they receive prior to change implementation.
- There is a mechanism to implement URGENT changes to the managed environment with minimum destabilization of that environment.
- The number of changes deemed URGENT is reduced to a pre-specified and progressive metric through proper planning.
- A CAB exists and the Change Manager is the ultimate decision making authority within the CAB.
- A Change implementation plan is required prior to change deployment.
- All Service Providers will fulfill their roles in compliance with the Change Management process.
- A Request for Change (RFC) should not be approved for implementation unless relevant back-out plans are in place.
Change Types for Change Management
- Standard Change - Changes with a standard approach and pre-authorized procedure and/or detailed instructions.
- Normal Change
- Minor Change - Low impact and risk to the organization,
- Significant Change - Medium to high impact or risk to the organization,
- Major Change - High impact and high risk to the organization.
- Emergency Change - Significant and Major changes that require implementation before the normal CAB review. Emergency changes shall be linked to a specific Incident or Problem ticket and this linkage shall be reflected in the Change ticket.
Change Submission Priorities
- Planned Change – The change has been planned for and is submitted prior to lead time criteria for the applicable change type.
- Urgent Planned – The change does not require emergency change handling however it has not been submitted within the lead time criteria for the applicable change type.
- Urgent Emergency – The change requires immediate escalation and approvals, often as a result of an incident or problem.
- Latent - The change has already been executed, either a result of an emergency or to record the details of an unauthorized change.
Change Management
- Request Change
- Review & Accept Change
- Assess Technical and Business Impact/ Risk
- Approve Change for Build
- Build and Test Change
- Confirm Implementation Schedule and Impact / Risk Review
- Approve Change for Implementation
- Implement and Validate Change
- Close Change
- Process Maturity and Evolution (Perpetual State)
Release Types
There are five (5) release management release types:
- Pre-Approved
- Standard Maintenance
- Maintenance Window
- Spot Release
- Emergency
Release Management
- Request Release
- Review & Accept Release
- Assess Technical and Business Impact/ Risk
- Approve Release for Build
- Build and Test Release
- Confirm Implementation Schedule and Impact / Risk Review
- Approve Release for Implementation
- Implement and Validate Release
- Close Release
Deployment Management
- Request Deployment
- Review & Accept Deployment
- Assess Technical and Business Impact/ Risk
- Approve Deployment for Build
- Build and Test Deployment
- Confirm Implementation Schedule and Impact / Risk Review
- Approve Deployment for Implementation
- Technical Approval
- Functional Approval
- Implement and Validate Deployment
- Close Deployment