Change Management Policy

Change Management Policy

1. Overview

Applications and systems are increasingly more complex in their function, interaction, and form. There is an increasing dependency between resources and applications that can negatively impact operations if not managed and orchestrated in an organized fashion. Effective management and communication of updates, maintenance, and regular releases help to minimize customer impacts.  From time to time systems require outages for planned upgrades, maintenance, or fine-tuning.  Managing these changes is a critical part of providing a stable infrastructure.

2. Purpose

The purpose of this policy is to manage changes in a well-communicated, planned, and predictable manner that minimizes unplanned outages and unforeseen system issues.  Effective change management requires planning, communication, monitoring, rollback, and follow-up procedures to reduce negative impact to the user community.

3. Scope

This policy applies to all SalesTing Inc., DBA Parmonic staff involved in application or systems changes, updates, or patches.

4. Policy

A.    GENERAL

All system and application changes in IT (e.g. operating system, computing hardware, networks, applications, data centers) are subject to this policy and shall follow unit change management procedures.

The following general requirements shall be met in the change management process:

• Scheduled change calendars and departmental communications operational procedures shall be developed to inform stakeholders of upcoming application and system changes that impact system availability or operations
• Regular planned changes shall minimally be communicated to all stakeholders on a monthly basis through a communication mechanism of the [Insert Appropriate Role]’s choosing
• Unplanned outages shall be communicated immediately to stakeholders with regular updates on progress toward resolution and resumption of service
• Regular system and application patching schedules shall be communicated to users and performed in such a way as to minimize system downtime and user productivity
• Changes affecting computing environmental facilities (e.g., air-conditioning, water, heat, plumbing, electricity, and alarms) shall to be reported to or coordinated with CTO, and stakeholders shall be notified through IT Department change management communications
• Processes shall ensure that production data is not unnecessarily replicated or used in non-production environments
• Device configurations shall be backed up and rollback procedures must exist prior to implementing a change

B.    CHANGE MANAGEMENT COMMITTEE

A Change Management Committee shall convene to discuss system changes, interactions, and any perceived issues. This committee shall be made up of network and systems staff, application development owners, developers, and chaired by the [Insert Appropriate Role] or their designee.  The following procedures shall be implemented by the committee:

The committee shall meet on a schedule determined by the CTO but shall minimally meet monthly to discuss plans for future updates and patching.

C.    CHANGE REQUEST MANAGEMENT

The following procedure shall be implemented surrounding the change management process:

• Change requests shall be submitted for all changes, both scheduled and unscheduled
• All scheduled change requests shall be submitted in accordance with departmental change management procedures so that the Change Management Committee has time to review the request, determine and review potential failures, and make the decision to allow or delay the system update
• Change requests shall receive Change Management Committee approval before proceeding with the change
• A change review must be completed for each change, whether scheduled or unscheduled, and whether successful or unsuccessful

D.    CHANGE MANAGEMENT DENIALS

The CTO or their designee may deny a scheduled or unscheduled change for reasons including, but not limited to:

• Inadequate change planning or unit testing
• Lack of stakeholder acceptance (where applicable)
• System integration or interoperability concerns
• Missing or deficient roll-back plans
• Security implications and risks
• Timing of the change negatively impacting key business processes
• Timeframes do not align with resource scheduling (e.g. late-night, weekends, holidays, or during special events)

E.     ADMINISTRATION

A Change Management Log Form shall be maintained for all changes. This log must contain, but is not limited to:

• Date of submission and date of change
• Owner and custodian contact information
• Nature of the change
• Indications of success or failure
• Notes and follow-ons

5. Audit Controls and Management

On-demand documented procedures and evidence of practice should be in place for this operational policy.  Satisfactory examples of evidence and compliance include:

• Historical logs of change events
• Archival Change Management Committee meeting minutes
• Anecdotal documentation and communications showing regular compliance with the policy

6. Enforcement 

Staff members found in policy violation may be subject to disciplinary action, up to and including termination.

7. Distribution

This policy is to be distributed to all SalesTing Inc DBA Parmonic staff and contractors using SalesTing Inc DBA Parmonic information resources.

8. Policy Version History