Professional Documents
Culture Documents
PUBLIC
QGEA
Document details
Security classification
PUBLIC
Author
Documentation status
Working draft
Consultation release
Final version
Acknowledgements
This version of the Queensland Government Enterprise Architecture (QGEA) ICT infrastructure
change management guideline was developed and updated by the Network and Security
Architecture Team, Queensland Government Chief Technology Office (QGCTO).
Feedback was also received from a number of agencies, which was greatly appreciated.
Copyright
PUBLIC
Licence
ICT infrastructure change management guideline by the QGCTO is licensed under a Creative
Commons Attribution 2.5 Australia Licence.
Page 2 of 8
PUBLIC
PUBLIC
QGEA
Information security
This document has been security classified using the Queensland Government Information
Security Classification Framework (QGISCF) as PUBLIC and will be managed according to the
requirements of the QGISCF.
Page 3 of 8
PUBLIC
PUBLIC
QGEA
Contents
1
Introduction...........................................................................................................................
1.1 Purpose.........................................................................................................................
1.2 Audience........................................................................................................................
1.3 Scope............................................................................................................................
Background...........................................................................................................................
Change management............................................................................................................
3.1 Roles and responsibilities..............................................................................................
3.2 Change management procedures..................................................................................
3.3 Assessment, prioritisation and authorisation..................................................................
3.4 Emergency changes......................................................................................................
3.5 Change status tracking and reporting............................................................................
3.6 Change closure and documentation...............................................................................
Page 4 of 8
PUBLIC
PUBLIC
QGEA
Introduction
1.1
Purpose
A Queensland Government Enterprise Architecture (QGEA) guideline provides information
for Queensland Government agencies on the recommended practices for a given topic
area. Guidelines are generally for information only and agencies are not required to
comply. They are intended to help agencies understand the appropriate approach to
addressing a particular issue or doing a particular task.
This guideline specifies the Queensland Governments recommended approach to change
management.
1.2
Audience
This document is primarily intended for:
1.3
Scope
1.3.1 In scope
The discipline of change management should be applied consistently across all domains of
the QGEA. This guideline relates specifically to ICT hardware and software assets,
including the supporting processes and documentation.
Background
The Queensland Government expects that all changes to ICT hardware and software
assets, including the introduction of new or replacement technologies, are traceable to
business decisions and requirements, and approved by all stakeholders prior to
implementation. This standardised approach is designed to ensure that all changes are
reviewed and approved in a consistent and co-ordinated manner.
Effective change management will reduce both the frequency and severity of adverse
information security and ICT incidents by:
ensuring that each agency assesses the potential impact of all changes to, or the
introduction of, ICT infrastructure and processes prior to deployment into production
environments.
Change management
All ICT infrastructure used within an agency either has a well-defined or implied life cycle
associated with the intended use. In addition, there are supporting processes associated
with managing this environment.
Page 5 of 8
PUBLIC
PUBLIC
QGEA
This life cycle covers the introduction of an ICT asset to an agencys infrastructure, and has
associated management activities, including modifications, patches, updates and disposal
or retirement. Each stage of the asset life cycle needs to be fully understood by the asset
owner and those personnel tasked with managing the asset.
3.1
stakeholders anyone who has a business interest in the outcome of the change
request.
3.2
changes are managed through a standardised approach that ensures consistency and
repeatability
changes are formally reviewed and approved in a consistent and coordinated manner
3.3
dependent upon the impact severity, authorised by the Change Advisory Board after
consultation with, and approval by, key stakeholders.
3.4
Emergency changes
Emergency change requests, outside formal change management procedure, allow
agencies to be flexible and agile in response to various threats. Emergency change
requests should be:
formally reviewed and analysed after the change has been implemented to ensure
compliance with the formal change management procedure.
3.5
Page 6 of 8
PUBLIC
PUBLIC
QGEA
The status of a change request may be one of the following with respect to the original
change management request:
3.6
architectural documentation
Page 7 of 8
PUBLIC
PUBLIC
QGEA
Version history
Document authors: Peter Nikitser
Filename: 339419351.doc
Change management guideline
Version Date
Author
Description
0.0.1
04/03/2010
QGCIO
0.0.2
12/04/2010
QGCTO
0.0.3
13/05/2010
QGCTO
0.0.4
07/07/2010
QGCTO
0.1.0
31/08/2010
Page 8 of 8
PUBLIC