The Charge

On August 2, 2012, the Vice Provost of Information Services, Lois Brooks, formally launched a process to define Change Management and Incident Response practices for Information Services. The goal of change management is to increase awareness and understanding of proposed changes across an organization and ensure that all changes are made in a thoughtful way that minimize negative impact to services and customers, while the goal of incident management is to respond to incidents effectively.

The outcome of this process will be an operational framework that all parts of the organization will follow. A Change Advisory Board shall define roles and responsibilities; ensure documented processes for planning, execution, validation, documentation and communication; and develop response processes to unplanned outages.

The Process

Per VPIS direction, a task force chaired by Jon Dolan (Director, Network Services) and Kent Kuo (Director, Enterprise Computing Services) developed policy that:

  • is based on the ITIL framework for service delivery;
  • is informed by best practices at peer institutions;
  • ensures that changes are not only well thought out and executed well, but documented appropriately for review toward process improvement; and
  • ensures appropriate engagement and communication with OSU and external customers.
Prior to adoption of policy, the task force sought input from IS managers to ensure the draft policy was clear, useful, appropriate, and meaningful, and draft language was changed as a result of feedback.

The Policies

Both the Change Management and Incident Response Policies were formally adopted on December 5, 2012.

Any change to an IT system shall be categorized as a Standard change, a Significant change, or an Emergency change, and units within Information Services shall follow both organization-wide defined processes and additional processes defined by the applicable unit within IS.

The Incident Response policy applies to all service-affecting incidents involving IT services provided by OSU Information Services. This policy does not apply to Security Incidents, which are covered by the Information Security Manual section 502: Incident Response and Escalation.

Change Advisory Board

The Change Advisory Board convened in December, 2012 and began drafting appropriate processes for changes and incidents. As basic processes are defined, the CAB will begin performing its function as a change review body even as it continues to define and refine change processes.

For Academic Year 2016, board membership is as follows.

  • Reed Byers, Enterprise Computing 
  • Evan Juntunen, Enterprise Computing 
  • Rich Giesige, Office of Information Security 
  • Josh Crowl, Network Operations 
  • Patricia Zetzman, Network Operations 
  • José Cedeno, Academic Technologies 
  • Raul Burriel, Academic Technologies 
  • Max Cohen, Client Services
  • Ed Ostrander, Client Services 
  • Matt Hansen, Web and Mobile 
  • Tam Frager, IT Communications (ex oficio)