91Â鶹ӳ»­

The Change Control Board (91Â鶹ӳ»­B) ensures that changes to technology systems are communicated and managed in a rational and predictable manner. The 91Â鶹ӳ»­B is responsible for enforcing IT Change Management Policy and for overseeing and approving change requests (CRs).

Change announcements (CAs) are a quicker process meant for changes which do not require approval by the 91Â鶹ӳ»­B, but should still be communicated to the division and in some cases beyond.

This procedure applies to all production systems that are maintained by, on behalf of, or involve ITS: resources.

Members are comprised of a representative group of ITS: staff.

Members are responsible for

• Reviewing CAs for possible issues, the need to communicate to campus, and speaking up if it should be changed to a CR.
• Reviewing, discussing, and voting on CRs (or appointing a delegate to do so on their behalf) within 48 hours of a CR being submitted.
  • A delegate can only represent one 91Â鶹ӳ»­B member at a time.
• Periodically reviewing open CRs and following up as necessary.
• Reviewing backed-out and failed changes.
• Debriefing emergency changes and ensuring they are documented.

Change control process

• On a regular basis, 91Â鶹ӳ»­B members will review approved CRs which are still open.
• A requester starts the process by logging into  and creating a new change announcement (CA) or change request (CR)
  
  • CAs and CRs must be submitted no later than 48 hours before the change is scheduled to take effect.
• For a CA, there's no approval required, but the 91Â鶹ӳ»­B members should still make sure to read the CA in case there is an issue, the need to communicate to campus, or it should be made into a CR instead.
• The 91Â鶹ӳ»­B will review the CR and respond within 48 hours, recording the response in the ticket. Approval is by simple majority vote (at minimum, a quorum of members or their delegates must weigh in or a CR cannot be approved).
  • Note that if a requestor is also on 91Â鶹ӳ»­B, that person can be an approver for their own request
• Once the change has been implemented, the requester logs into OSTicket and closes the CR.

When can changes occur

91Â鶹ӳ»­ has established scheduled maintenance windows. All changes affecting user connectivity and access to IT services must be scheduled within these windows unless otherwise approved by the 91Â鶹ӳ»­B.

Changes which require a CR

• Significant change: has a significant impact on multiple users, even if simple to implement.
  • e.g., Upgrade to a wireless controller.
  • e.g., Banner upgrades that affect multiple users/user groups.
    
    
• Emergency change: immediately implemented to fix an IT resource outage, or to address an issue which cannot wait for the normal process.
  • The CR is filled out after the change takes place as a way to debrief and help prevent a recurrence.
  • Communicate with the relevant cabinet member.
    • e.g., Take part of the network offline so that computers cannot spread an infection.
    • e.g., Wireless connectivity is broken because of a software bug, so an upgrade is installed immediately.
    • e.g., A patch to address a critical, time-sensitive security vulnerability.

Changes which do NOT require a CR

• Minor change: routine patches, low impact changes, and most firewall rule changes
  • e.g., Apply a security patch to our Windows server operating systems.
  • e.g., A new vulnerability has just been released and we want to create a firewall rule to block it as soon as possible.