The Charge

On August 2, 2012, the Vice Provost of Information Services, Lois Brooks, formally launched a process to define Change Management and Incident Response practices for Information Services. The goal of change management is to increase awareness and understanding of proposed changes across an organization and ensure that all changes are made in a thoughtful way that minimize negative impact to services and customers, while the goal of incident management is to respond to incidents effectively.

The outcome of this process will be an operational framework that all parts of the organization will follow. A Change Advisory Board shall define roles and responsibilities; ensure documented processes for planning, execution, validation, documentation and communication; and develop response processes to unplanned outages.

The Process

Per VPIS direction, a task force chaired by Jon Dolan (Director, Network Services) and Kent Kuo (Director, Enterprise Computing Services) developed policy that:

  • is based on the ITIL framework for service delivery;
  • is informed by best practices at peer institutions;
  • ensures that changes are not only well thought out and executed well, but documented appropriately for review toward process improvement; and
  • ensures appropriate engagement and communication with OSU and external customers.
Prior to adoption of policy, the task force sought input from IS managers to ensure the draft policy was clear, useful, appropriate, and meaningful, and draft language was changed as a result of feedback.

The Policies

Both the Change Management and Incident Response Policies were formally adopted on December 5, 2012.

Any change to an IT system shall be categorized as a Standard change, a Significant change, or an Emergency change, and units within Information Services shall follow both organization-wide defined processes and additional processes defined by the applicable unit within IS.

The Incident Response policy applies to all service-affecting incidents involving IT services provided by OSU Information Services. This policy does not apply to Security Incidents, which are covered by the Information Security Manual section 502: Incident Response and Escalation.

Change Advisory Board

The Change Advisory Board convened in December, 2012 and began drafting appropriate processes for changes and incidents. As basic processes are defined, the CAB will begin performing its function as a change review body even as it continues to define and refine change processes.

For Academic Year 2014, board membership is as follows.

  • Mark Baldwin, Enterprise Computing (two year term)
  • Alec Dhuse, Office of Information Security (two year term)
  • Joseph Duncan, Shared Infrastructure Group (two year term)
  • Mike Hinds, IT Communications (ex oficio)
  • Kirsten Petersen, IT Infrastructure Services (one year term)
  • José Cedeno, Academic Technologies (two year term)
  • Chris Sinnett, Client Services (one year term)