Information Technology System Change Management Policy

Purpose

Information technology (IT) systems require periodic changes to stay up to date with application enhancements, functional adjustments, system versions, and security corrections. The purpose of this policy is to ensure that IT system changes are properly tested, reviewed, approved, implemented, and documented. This control acts to prevent inappropriate changes from being made that could affect system stability and, therefore, business operations.

Scope

This policy applies to all McNeese State University employees.

Definitions

• IT Systems: Any of the major operating systems or applications used by the University such as Banner, Office 365, Moodle, Acalog, Nelnet, NetApp storage, Cisco, server operating systems, etc.
• System Changes: Those periodic changes that are needed to stay up to date with application enhancements, functional adjustments, system versions, and security corrections. System changes can include:
  • Common OS or application patch updates provided by the third-party company (e.g., Ellucian, Microsoft, OpenLMS, etc.)
  • Internal configuration changes affecting the customization of applications unique to McNeese (e.g., Active Directory, BadgePass ID cards, etc.)
  • Processing a DB script that changes the value of data requested by a functional office through a prescribed function from the vendor, such as an adjustment within Banner that cannot be handled by a traditional INB functional form.

Policy

The Office of Information Technology is responsible for IT-supported systems used by employees, students, and guests. As such, a ticket tracking system for system upgrades and change control has been established.

Procedure

1. Anyone wishing to make a system change must submit a ticket at https://jira.mcneese.edu/. In some cases, requests require approval by a supervisor or data owner before the changes can occur.
2. Once a ticket is received, IT staff will act on the request in a timely manner. The following points should be documented in the ticket, if feasible:
   • Brief description of the needed change
   • Who requested the change, and what functional group will the change affect?
   • Was the change tested and reviewed?
   • Was the upgrade/change successful?  What adjustments were needed for final consistency and stability of the product?
   • For hosted systems such as Moodle, Banner, etc., the associated tickets and/or vendor announcements should also be included in the ticket.

In cases where the change (a) caused the system to function improperly or (b) did not help to fix the situation, the system will be restored to its previous version with a backup/restore process.   

Cloud and other third-party vendors provide similar ticket management platforms that are required for the documentation and approval of respective changes to their service provisions.  Appropriate IT staff will engage the use of those third-party platforms. For example, Banner-related system level changes are tracked in the Ellucian ticket platform; however, requests for Banner data report changes are tracked in the McNeese ticket platform. Both require requests, scheduling, and approvals from appropriate parties before implemented changes occur.

Policy Compliance

Compliance Measurement

The Office of Information Technology will verify compliance with this policy through various methods, including but not limited to ticket review, system monitoring, business tool reports, and internal and external audits.

Exceptions

Any exception to the policy must be approved by the Office of Information Technology in advance.

Non-Compliance

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Communication

This policy is distributed via the University Policies webpage.