Scribd Logo
Upload

Welcome to Scribd!

  • ICT Infrastructure Change Management Guideline FINAL

    Uploaded by

    Yunita Rahma
    13 views8 pages
    nm

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    nm

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views8 pages

    ICT Infrastructure Change Management Guideline FINAL

    Uploaded by

    Yunita Rahma
    nm

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    ICT Policy and Coordination Office

    Department of Public Works

    PUBLIC

    ICT infrastructure change management guideline

    QGEA

    Document details
    Security classification

    PUBLIC

    Date of review of security September 2010


    classification
    Authority

    Queensland Government Chief Information Officer

    Author

    Queensland Government Chief Technology Office

    Documentation status

    Working draft

    Consultation release

    Final version

    Contact for enquiries and proposed changes


    All enquiries regarding this document should be directed in the first instance to:
    Director, Technology Architecture and Strategy
    Queensland Government Chief Technology Office
    info@citec.com.au

    Acknowledgements
    This version of the Queensland Government Enterprise Architecture (QGEA) ICT infrastructure
    change management guideline was developed and updated by the Network and Security
    Architecture Team, Queensland Government Chief Technology Office (QGCTO).
    Feedback was also received from a number of agencies, which was greatly appreciated.

    Copyright

    ICT infrastructure change management


    guideline
    Final
    September 2010
    v1.0.0

    PUBLIC

    ICT infrastructure change management guideline


    Copyright The State of Queensland (Department of Public Works) 2010

    Licence
    ICT infrastructure change management guideline by the QGCTO is licensed under a Creative
    Commons Attribution 2.5 Australia Licence.

    Final v1.0.0, September 2010

    Page 2 of 8
    PUBLIC

    PUBLIC

    ICT infrastructure change management guideline

    QGEA

    To attribute this material, cite the Queensland Department of Public Works.

    Information security
    This document has been security classified using the Queensland Government Information
    Security Classification Framework (QGISCF) as PUBLIC and will be managed according to the
    requirements of the QGISCF.

    Final v1.0.0, September 2010

    Page 3 of 8
    PUBLIC

    PUBLIC

    ICT infrastructure change management guideline

    QGEA

    Contents
    1

    Introduction...........................................................................................................................
    1.1 Purpose.........................................................................................................................
    1.2 Audience........................................................................................................................
    1.3 Scope............................................................................................................................

    Background...........................................................................................................................

    Change management............................................................................................................
    3.1 Roles and responsibilities..............................................................................................
    3.2 Change management procedures..................................................................................
    3.3 Assessment, prioritisation and authorisation..................................................................
    3.4 Emergency changes......................................................................................................
    3.5 Change status tracking and reporting............................................................................
    3.6 Change closure and documentation...............................................................................

    Final v1.0.0, September 2010

    Page 4 of 8
    PUBLIC

    PUBLIC

    ICT infrastructure change management guideline

    QGEA

    Introduction

    1.1

    Purpose
    A Queensland Government Enterprise Architecture (QGEA) guideline provides information
    for Queensland Government agencies on the recommended practices for a given topic
    area. Guidelines are generally for information only and agencies are not required to
    comply. They are intended to help agencies understand the appropriate approach to
    addressing a particular issue or doing a particular task.
    This guideline specifies the Queensland Governments recommended approach to change
    management.

    1.2

    Audience
    This document is primarily intended for:

    agency staff responsible for implementing changes

    agency staff responsible for approving changes

    agency staff responsible for maintaining change management documentation.

    1.3

    Scope

    1.3.1 In scope
    The discipline of change management should be applied consistently across all domains of
    the QGEA. This guideline relates specifically to ICT hardware and software assets,
    including the supporting processes and documentation.

    Background
    The Queensland Government expects that all changes to ICT hardware and software
    assets, including the introduction of new or replacement technologies, are traceable to
    business decisions and requirements, and approved by all stakeholders prior to
    implementation. This standardised approach is designed to ensure that all changes are
    reviewed and approved in a consistent and co-ordinated manner.
    Effective change management will reduce both the frequency and severity of adverse
    information security and ICT incidents by:

    reducing uncontrolled and unapproved changes to ICT infrastructure and processes

    improving the governance of ICT infrastructure and processes

    ensuring that each agency assesses the potential impact of all changes to, or the
    introduction of, ICT infrastructure and processes prior to deployment into production
    environments.

    Change management
    All ICT infrastructure used within an agency either has a well-defined or implied life cycle
    associated with the intended use. In addition, there are supporting processes associated
    with managing this environment.

    Final v1.0.0, September 2010

    Page 5 of 8
    PUBLIC

    PUBLIC

    ICT infrastructure change management guideline

    QGEA

    This life cycle covers the introduction of an ICT asset to an agencys infrastructure, and has
    associated management activities, including modifications, patches, updates and disposal
    or retirement. Each stage of the asset life cycle needs to be fully understood by the asset
    owner and those personnel tasked with managing the asset.

    3.1

    Roles and responsibilities


    Change management is a process that should clearly identify, support and incorporate the
    following roles and associated responsibilities:

    requestors the people, or regular process, making the change request

    Change Advisory Board a group of people authorised to approve change requests

    stakeholders anyone who has a business interest in the outcome of the change
    request.

    3.2

    Change management procedures


    Formal change management procedures should be established to control, in a standardised
    manner, all changes to ICT infrastructure, as well as supporting procedures, processes, and
    configuration parameters. This ensures that:

    changes are managed through a standardised approach that ensures consistency and
    repeatability

    changes are formally reviewed and approved in a consistent and coordinated manner

    expectations between all stakeholders are clearly defined and managed.

    3.3

    Assessment, prioritisation and authorisation


    All change requests should be individually assessed using a risk management approach in
    order to determine the impact on ICT infrastructure, procedures, processes, service delivery
    and available resources. This ensures that change requests are:

    assessed for impact on people, process and technology

    prioritised according to resources, service level agreements and service availability

    dependent upon the impact severity, authorised by the Change Advisory Board after
    consultation with, and approval by, key stakeholders.

    3.4

    Emergency changes
    Emergency change requests, outside formal change management procedure, allow
    agencies to be flexible and agile in response to various threats. Emergency change
    requests should be:

    correctly identified and consistently managed through a standardised approach

    formally reviewed and analysed after the change has been implemented to ensure
    compliance with the formal change management procedure.

    3.5

    Change status tracking and reporting


    The status of all changes, whether completed, in-progress, reverted or rejected should be
    tracked and reported in order to communicate the progress to all stakeholders. Recording
    and reporting the current status ensures that all outcomes are traceable and that decisions
    makers are accountable.

    Final v1.0.0, September 2010

    Page 6 of 8
    PUBLIC

    PUBLIC

    ICT infrastructure change management guideline

    QGEA

    The status of a change request may be one of the following with respect to the original
    change management request:

    completed where a change has been implemented

    in-progress where a change has not yet been implemented

    reverted where a change was not successful

    rejected where a change was not approved.

    3.6

    Change closure and documentation


    Changes that have been completed, in-progress, reverted or rejected may cause
    associated documentation to be updated. All relevant and affected documentation should
    be updated as part of the change management process to ensure that the current state has
    been accurately recorded. This includes, but is not limited to:

    policies, procedures, processes and guidelines

    automation of tasks, including workflow software, programs and scripts

    architectural documentation

    physical and logical network diagrams.


    Where possible, these documents should have the ability to be dynamically updated in
    order to reduce workload on staff resources and the introduction of manual errors.

    Final v1.0.0, September 2010

    Page 7 of 8
    PUBLIC

    PUBLIC

    ICT infrastructure change management guideline

    QGEA

    Version history
    Document authors: Peter Nikitser
    Filename: 339419351.doc
    Change management guideline
    Version Date
    Author

    Description

    0.0.1

    04/03/2010

    QGCIO

    Changed to guideline and updated styles.

    0.0.2

    12/04/2010

    QGCTO

    Subsequent draft including feedback from the


    Information Security Reference Group.

    0.0.3

    13/05/2010

    QGCTO

    Subsequent draft including feedback from the


    Department of Community Services.

    0.0.4

    07/07/2010

    QGCTO

    Moved from Draft status to Final document after


    endorsement by the ICT Security Sub-Committee.

    0.1.0

    31/08/2010

    ICT Governance, Policy


    and Coordination Office

    Updated by Director, ICT Governance, Policy and


    Coordination Office.

    Final v1.0.0, September 2010

    Page 8 of 8
    PUBLIC

    You might also like