Change Management Procedures
To document the change management procedures used for enterprise systems at the University. It specifies the details as referred to by policies:
- Policy 8010 Network Standards
- Policy 8020 Server Administration
- Policy 8030 Desktop, Laptop, and Tablet PC Computing Standards
Enterprise systems are governed by a variety of change control methodologies to authorize changes, coordinate change timelines to avoid conflict, and to support a successful implementation change.
Changes to our Tier 1 enterprise systems (services that are critical to the function of the University and directly impact the ability to teach and learn) are presented and discussed at the Cross Team Coordination (CTC) meeting. This meeting is facilitated by the OIT Project Management Office. Items are documented on the change calendar. Items may be discussed and approved out of band through email to the entire team.
Technical changes to our Tier 0 systems (services that are required to be running so that other systems are able to function) need approval from their directors and may have additional reviews for approvals. One example of additional checks are changes to the network firewall. Requests are made to the security team who reviews and documents the technical details. The security team then approves the change before the network implements it. Afterwards the change is reviewed by security for correctness.
A higher level of scrutiny happens the week before and the week of the first Fall and Spring semester. In addition to the change management listed above, specific directors will be assigned to review changes to ensure proper communication and stability have been established before a change in our busiest times.
Non-Compliance and Exceptions
A Request for Exception, along with a plan for risk assessment and management, may be submitted at support.boisestate.edu. Non-compliance with these standards may result in revocation of access, notification of supervisors, and reporting to the Office of Internal Audit and Institutional Compliance.
Created: February 2022
Last Update: February 2022
Next Review: February 2023