Change Management

Policy Statement

This policy governs changes to the University’s IT environment to ensure appropriate considerations are given before changes are made.

Reason for Policy

The purpose of this change management policy is to ensure that all changes made to Adelphi University’s IT environment have an acceptable level of risk regarding degradation or interruption of service.

Who Is Governed by this Policy

All end-user and application management accounts on computerized information systems operated by or on behalf of Adelphi University.

Policy

Change development

1. All functional changes must be approved by the System Owner prior to implementation.
2. All changes must be documented prior to implementation.
3. Separate environments for development of software and configuration, and production use of software and configuration will be maintained for all systems that have a minimum availability requirement of critical, normal and nonessential.
4. It is not cost-effective, and therefore not required, to maintain separate environments for development, testing, and production of networking equipment and configuration.

Change deployment

1. Changes to the University’s IT environment may only be made by explicitly authorized and sufficiently qualified persons.
2. A Developer or System Administrator may not push software changes made by him/herself from the testing environment to the production environment.
3. Prior to making any change in the production environment, a roll-back scenario must be developed, documented and approved.
4. When a change may result in temporary service degradation, or in a full service interruption, a date for making the change must be negotiated with the System Owner, and the IT HelpDesk must be notified in advance.
5. If unanticipated problems develop during or after a change, the IT HelpDesk must be notified immediately.

Deviation from policy

Although emergency changes must attempt to follow policy to the extent possible, changes may be made to do not comply with the requirements listed above. Whenever feasible, approval from the System Owner must be obtained before making emergency changes. If emergency changes are made, details regarding change and the reasons for implementing them as an emergency change must be documented as soon as reasonably possible after the making the changes.

Definitions

System Owner: A person or role who is authorized to make informed decisions concerning a named information system.

Developer: An individual who writes computer programs.

System Administrator: An individual responsible for technical maintenance of servers and applications.

Forms

This policy does not have forms associated with it at this time. Upon periodic policy review this area will be evaluated to determine if additional information is needed to supplement the policy.

Related Information

This policy does not have related information at this time. Upon periodic policy review this area will be evaluated to determine if additional information is needed to supplement the policy.

Document History

• Last Reviewed Date: March 30, 2023
• Last Revised Date: March 30, 2023
• Policy Origination Date: June 18, 2009

Who Approved This Policy

Carol Ann Boyle, Chief Information Officer