You are here

Scope

All units within the Office of Information Technology (OIT) are required to adhere to the change process described on this site, and all changes to OIT services are governed by the Change Approval Board (CAB).

Types of Changes that Require CAB Approval

Normal

This includes any change that

  • is either expected to have an impact on service or carries risk to do so, or
  • can be scheduled (and therefore is not an emergency).

Examples include:

  • Code/software upgrades
  • Hardware upgrades
  • Major service-impacting reconfigurations (e.g., security event)
  • Maintenance activity that is not defined in service statements or service level agreements

Normal changes require formal review (CAB approval) during weekly CAB meeting.

Urgent

This includes any change that

  • is either expected to have an impact on service or carries risk to do so, or
  • can be scheduled but must be addressed in a shorter timeframe than the typical CAB approval process allows.

The goal of the change process is to reduce the number of urgent change requests.

Examples include:

  • Code/software upgrades
  • Hardware upgrades
  • Major service-impacting reconfigurations (e.g., security event)
  • Maintenance activity that is not defined in the service statement or SLA

Urgent changes require formal review (CAB approval) on an as-needed basis.

Types of Changes that Do Not Require CAB Approval

Emergency

Emergency changes do not require formal review (CAB approval). Emergency actions require approval from senior management, as appropriate. Examples of emergency changes include the following:

  • Operational activities, such as repair, that are not optional
  • Disaster
  • Critical fix
  • Rollback
  • Restart process
  • Problem management

Standard

Standard changes are pre-approved by the CAB and reviewed periodically. Examples of standard changes include the following:

  • Normal maintenance items and provisioning that are documented in the service statement or SLA
  • Changes that have an established process, carry limited risk, and are documented in the service statement or SLA
  • Non-Enterprise changes
  • Changes to “dev” and “test” environments
  • Changes that are performed daily for customer requests