Uprise Change Management Policy
The purpose of this policy is to describe the responsibilities, policies, and procedures to be followed when any changes to the Uprise computer network are to be made.
The Change Control policy is designed to provide a managed and orderly method in which changes to the information technology environment are requested, tested and approved prior to installation or implementation. The purpose is not to question the rationale of a change, but to ensure that all elements are in place, there is no negative impact on the infrastructure, all the necessary parties are notified in advance and the schedule for implementation is coordinated with all other activities
The Director of Information Technology must approve any exceptions to this policy in advance.
Change: to transform, alter, or modify the operating environment or standard operating procedures that have a potential or significant impact on the stability and reliability of the infrastructure and impacts on the conducting of normal business operation. Plus, any interruption in building environments (i.e., planned electrical outages) that may also cause disruption to the network infrastructure.
Event: any activity outside of normal operating procedures that will have a potential or significant impact on the stability and reliability of the infrastructure, i.e. Misuse or change to the provided services causing a denial of service to any other user. Change and Event may be used interchangeably throughout this document.
Change Request: The official request for any change should be submitted via email to the CTO. End users requests should be submitted via email to Technical support where it can be routed to the appropriate member of the IT Department for review.
All employees, contractors, consultants, temporary and other workers at Uprise, including all personnel affiliated with third parties that may have access to network computer systems on behalf of Uprise must adhere to this policy.
Change Management Process
Change Management provides a process to apply changes, upgrades, or modifications to the environment. This covers any and all changes to hardware, software or applications. It also includes modifications, additions or changes to the LAN/WAN, Network or Server hardware and software, or any other environmental components such as electrical or cooling systems. The policy is in place to ensure that any change that affects one or all of the environments that Uprise relies on to conduct normal business operations are protected.
Changes to the environment arise from many circumstances, such as:
· User requests
· Hardware and/or software upgrades
· Acquisition of new hardware and/or software
· Environmental changes
· Business Operational schedule changes
· Unforeseen events
· Scheduled Periodic Maintenance
The above list is not all-inclusive. Therefore, any questions on whether a change can be made should be directed to the Director of Information Technology.
Emergencies exist only as a result of:
· An office is completely out of service,
· There is a sever degradation of service needing immediate action,
· A system/application/component is inoperable and the failure causes a negative impact
· A response to an emergency business need.
Scheduled or Planned Maintenance
Prior the commencement of any planned or scheduled maintenance, the “IT Scheduled Maintenance Change Form” (document name and number) must be completed and signed off by a supervising member of the IT Department. A copy of the completed form shall be kept under a new document name and number in (location such as SharePoint/DMS/hard copy binder) under document type “IT Documents” for future reference.
Firewall Access Changes
A firewall change is defined as access to a specific system that by-passes the protection of one of the firm’s firewalls. Prior to any changes to the firewalls being made; the “Firewall Change Request Form” (document name and number) must be completed. The completed form shall be kept under a new document name and number in (location such as SharePoint/DMS/hard copy binder) under document type
“IT Documentation” for future reference. Any changes made to the firewalls must be recorded in the Network Change Log immediately upon completion of the modifications.
Changes to the firewalls will only approved when there is a demonstrated business reason to implement the changes in access.
Changes by Vendors
Prior to any work being conducted by external IT vendors on Uprise computer systems, the “Vendor Request Form” (document name and number) must be completed and approved by the IT Department. A copy of the completed form shall be kept under a new document name and number in (location such as SharePoint/DMS/hard copy binder) under document type “IT Documents” for future reference. Any changes made must be recorded in the Network Change Log immediately upon completion of the modifications by the vendors.
Documentation of Changes
A Network Change Log shall be kept in a publicly accessible location for the entire IT Department to view. Every member of the IT Department, who is in a position to make changes to a system or network resource, will be required to place an entry in this form to document any changes being made without exception. Other members of the IT department are encouraged to review the log from time to time to keep abreast of the changes going on in the computer network.