You are here

Change Control

See the Change Control Standard in the University's Information Security policy for specific requirements that you must follow.

Standard and Process

The change control process should include written requests from authorized individuals. The request should include a description of the change, business or operations reason for change, stakeholders, operational impact, target date for change, scope of work involved and a rollback procedure. The process should include who reviews the change and approves or denies the change in whole or in part.

Colleges and administrative units are responsible for designating the appropriate organizational level, scope, and methodology used for change control.

IT staff are responsible for working with users, data owners and service directors to develop change control plans for University resources.

Users, data owners and service directors are responsible for working with IT staff to understand and follow the change control process.

More Information

Document Owner: University Information Security

Document Approvers: Brian Dahlin, Chief Information Security Officer; Patton Fast, University Enterprise Architect

Effective Date: August 2010

Last Reviewed Date: November 2014