The University of Texas at San Antonio
Office of Information Technology
Office of Information Security (OIS) Standards
OIS 5 – Standard for Change Management (Computing Systems)
I. STANDARD STATEMENT
The Change Management Standard provides an outline for the implementation and management of changes to all UTSA computing systems. Change requires serious forethought, careful monitoring and follow-up evaluation to reduce negative impact on the user community and to increase the reliability of system performance.
This standard supports HOP Policy 8-12 Information Resources Use and Security Policy
This standard applies to all UTSA faculty, staff, and students.
If you have any questions about OIS 5 – Standard for Change Management (Computing Systems) contact the following office:
The Office of Information Security
1. Each department is responsible for defining and documenting its own change management processes, covering changes to resources such as operating systems, computer hardware, networks, and applications and applying the practice to all multi-user systems. The changes must be documented commensurate with risk, scaling from simple change logging to the following processes for mission critical systems of those with confidential data:
- Planning the change
- Testing the change (if suitable test systems exist)
- Obtaining formal approval to implement the change in production
- Communicating with users of the system before the change occurs, especially if there are interdependencies with other systems.
- Implementing the change
- Documenting the results of the change.
2. All changes affecting any central computing systems supported by the Office of Information Technology (OIT) must be managed through all of the steps above, and must be thoroughly documented.
Effective Date: June 1, 2011
Last Revised: April 10, 2013