ICT Change Management Policy - Borders · PDF fileHR21 HR Self-serve Head of HR & Development...

ICT Change Management Policy

© Borders College 5/9/2014 1 Working Together

Uncontrolled Copy

Wor

king

Tog

ethe

r ICT Change Management

Policy

August 2014



Uncontrolled Copy

ICT Change Management Policy 1.0 Introduction 1.1 The purpose of this document is to ensure that changes to ICT

supported information technology are managed and implemented in a way that minimises risk and impact Borders College and, where relevant, Heriot-Watt University and other users of the technology.

1.2 For the purpose of this document a change is defined as action that

transforms, alters, or modifies the operating environment or standard operating procedures where that action has the potential to affect the stability and reliability of the supported information technology infrastructure and disrupt the business of those using it. A change can be planned or unplanned.

2.0 Scope 2.1 This policy covers changes to all systems (hardware, software,

applications, and network environment) supported by the ICT Department upon which any functional unit of Borders College or, where relevant, Heriot-Watt University or any other user relies in order to perform its normal business activities.

2.2 Changes not covered by this policy include, but are not limited to,

changes to: - • an employee’s desktop or laptop computer; • allocation of IP addresses; • allocation, setting-up or closing user accounts; • user-enabled changes to software or personally-allocated

hardware; • any changes that affect the integration and day-to-day working

of business software managed by a designated department; • changes to access permissions; or • updates to an office phone, etc. 2.3 This policy applies to ICT Department staff who install, operate or

maintain the shared service infrastructure and associated equipment. It also applies to all end users who may have occasion to request a change, approve and test the effectiveness of a change.



Uncontrolled Copy

3.0 Key Principles 3.1 Changes can be categorised into three key groupings. Depending

on which grouping a change falls into, a specific set of procedures will apply to that change. Where there is any doubt as to how to categorise a change, the ICT Manager must be consulted.

3.1.1 Maintenance and Minor Changes

These changes may include: -

• Application-based security or business needs patches, operating system patches (critical, hotfixes and service packs);

• Regularly scheduled maintenance; or • Changes that are not likely to cause a service outage.

Such changes will normally be identified by the ICT Department in response to an internally-identified issue or external advice. The ICT Department will record all such changes, identifying the systems or software affected, the reason for the change, and any testing to ensure the change was effective.

3.1.2 Planned Major Changes

These changes include: -

• Change that results in or could result in business interruption during regular business hours;

• Change that results in or could result in academic interruptions within a term;

• Change that results in or could result in business or operational practice change;

• Changes in any system that may affect disaster recovery or business continuity; or

• Introduction or discontinuance of a new information technology service.



Uncontrolled Copy

The principle driver for such change will come from the implementation of the College’s ICT Strategy. Such changes will therefore be planned well in advance and scheduled to both meet business need and minimise disruption. Full consultation will take place with affected areas of the College and will be carried out at the direction of the ICT Strategy Committee. The ICT Strategy Committee will also monitor the progress of changes against defined targets and assess the impact of the changes once made. It is expected that this type of change will be managed through a project planning methodology. Other major changes will normally be identified either by the ICT Department in response to an internally-identified issue or external advice, or may be at the request of end-user departments or faculties due to a planned change in their learning and teaching or business practices. A clear process for such a change has been agreed, with documentation, including a change request form that includes: -

• Who is initiating the change and the reason for the change; • Benefits; • Resources required – financial, time, software, hardware, etc.; • Impacts; • Approvals as necessary.

Where necessary, the ICT Manager will discuss with the change requester the feasibility of the change and whether a full project group should be formed. They will also agree the resources required from both the ICT Department and requesting department or faculty in terms of project management, procurement, testing and final sign-off. Where there is any doubt as to approval of a major change or project, this will lie with the ICT Strategy Committee. Note that all key corporate information systems have an “owner” manager who must sign off all planned changes before any work is initiated and also that those changes are complete and tested to their satisfaction. Under normal circumstances, that manager should act as project manager for major changes. The identified systems and managers are shown at Appendix A.



Uncontrolled Copy

3.1.3 Emergency and Unplanned Outage Changes

Such circumstances include: -

• Building is without service; • A severe degradation of service needing immediate action; • A system/application/component failure causing a negative

impact on business operations; • A response to a natural disaster; • A response to an emergency business need; • A change requested by emergency responder personnel; or • Any other unplanned critical circumstance which requires a

response.

In these situations, the ICT Department will utilise its Disaster Recovery Plan (DRP) which forms part of the College’s Business Continuity Plan (BCP). These plans include the full documentation of situations leading to an emergency response, action taken, resources expended, outcomes, lessons learned for future incidents.

3.2 An Equality Impact Assessment will be carried out when planning

any changes which may affect the way in which a user interfaces with that system to ensure that after change the system meets accessibility and other equality requirements in compliance with equality legislation.

4.0 Responsibilities 4.1 The Finance and General Purposes Committee is responsible for

approving the Policy. 4.2 The Vice Principal – Finance and Resources is responsible for the

implementation of the Policy. 4.3 The ICT Manager is responsible for the application of the Policy and

ensuring that all supporting procedures are in place and applied effectively.

4.4 ICT Department staff members are responsible for understanding

and applying the Policy and supporting procedures.



Uncontrolled Copy

4.5 All end users have responsibility for using the Policy and procedures appropriately, and specifically: -

• Submitting a change request; • Participating in testing, pre-deployment testing and post

deployment testing; and • Timeous sign off for the change. 4.6 Heads of Departments or Faculties have responsibility for ensuring

that their staff use the Policy appropriately, and specifically: -

• Verifying that change requests are valid; and • Timeous sign of for the change. 5.0 Related Documents 5.1 ICT Change Management Process 5.2 Disaster Recovery Plan 5.3 Business Continuity Plan 6.0 Review 6.1 The Policy will be reviewed every three years or earlier, as required.

ICT Change Management Policy Appendix A


Uncontrolled Copy

Corporate Information Technology Systems – Identified Managers System Name Purpose Manager SUN Accounts Financial Management Financial Controller PECOS Procurement Financial Controller Vision Q&A Financial Reporting Financial Controller CHRIS 21 HR Management Head of HR & Development HR21 HR Self-serve Head of HR & Development TEQUIOS Student Funding Head of Student Services UNIT-E Student Records Head of MIS VLE and e-portfolio Curriculum & HR VP Quality & Innovation Digital Asset Management Curriculum VP Quality & Innovation Website and Intranet Marketing & Communication Head of Student Services



Uncontrolled Copy

Impact Assessment Tool The rapid impact assessment tool requires you to consider the impact your proposal will have on people. Defined below are the types of proposals that require impact assessment, the type of groups the proposal may impact upon and what is meant by an impact. Definitions “Proposal” means any policy, procedure, strategy, guide or publicity material created to support the business of Borders College. “Groups” means a subset of our staff, students or other College stakeholders defined by: • race • gender • disability • transgender • sexuality • religion • faith • age • employment • health • income “Impacts” means an effect on: • employment • ability to access our education services • race relations • ability to complete studies successfully • lifestyle • discrimination against any Group • finances • working conditions • safety



Uncontrolled Copy

Rapid Impact Assessment Tool What Impacts may there be from this Proposal on any Groups’ ability to use the College services? Policy: ICT Change Management Policy

Positive Impacts (Groups affected) Negative Impacts (Groups affected)

The policy will have a positive impact on all Groups, in that it will ensure the needs of all Groups are considered when any changes are planned. In particular, it is expected to have a positive impact on those who have a disability that may cause difficulty in the way they interact with our systems.

n/a

Actions taken to alleviate any negative Impacts: n/a Recommendations: n/a From the outcome of the Rapid Impact Assessment, have negative impacts been identified for race or other equality groups? Has a full Equalities Impact Assessment been recommended? Yes No x Reason for recommendation: Manager’s Signature: ________________________ Date: 25 August 2014



Uncontrolled Copy

Status: Approved by Finance and general Purposes Committee of the Board Policy Dated: August 2014 Author: Vice Principal - Finance and Resources Review Date: August 2017 Equality Impact Assessed: Yes

ICT Change Management Policy - Borders · PDF fileHR21 HR Self-serve Head of HR & Development...

Documents

Transcript of ICT Change Management Policy - Borders · PDF fileHR21 HR Self-serve Head of HR & Development...