Standard and Process

See the specific requirements in the Change Management Standard in the University Policy library. The following supplements the requirements in University policy.

Change control documentation should include:

  • written requests from authorized individuals;
  • description of the change;
  • business or operations reason for change;
  • stakeholders;
  • operational impact;
  • verification that information security requirements are met;
  • target date for change;
  • scope of work involved;
  • rollback procedure.

The process should include who reviews the change, approves, or denies the change in whole or in part.

For emergency changes, develop, and follow a process to enable quick and controlled implementation of changes needed to resolve an incident.

Colleges and administrative units are responsible for designating the appropriate organizational level, scope, and methodology used for change control.

Technical staff are responsible for working with users, data owners, data custodians,  and service owners to develop change control plans for University resources.

Users, data owners, data custodians, and service owners are responsible for working with Technical staff to understand and follow the change control process.

See the Information Security policy appendices for additional information security standards that also apply.

More Information

Document Management

Document Responsibility and History
Document Owner Document Approvers Effective Date Last Reviewed Date
University Information Security

Brian Dahlin,
Chief Information Security Officer

Bernard Gulachek,
VP of Information Technology and Chief Information Officer

August 2010 May 2019