Information Services seeks to communicate with the OSU community about the changes we make to the IT systems that we manage. Our goal is to manage, maintain, and upgrade systems in a thoughtful way so that we minimize negative impact to services and customers.
Achieving this goal requires that we plan changes carefully, consult with members of the community regarding planned changes, and respond to unplanned changes systematically to ensure minimal downtime.
Change Management is the formal term for defining our policies and processes.
While all Information Technology units on campus are encouraged to practice diligent change management and are welcome to submit their changes to to Change Advisory Board for review, the following policies apply only to services and systems operated by Oregon State University's Information Services.
The Incident Response policy does not apply to Security Incidents, which are covered by the Information Security Manual section 502: Incident Response and Escalation.
Types of Changes
The IS Change Management Policy defines three types of changes based on the ITIL framework for service delivery. These changes are:
1. Standard Change – A repeatable change that has been pre-authorized by the Change Authority by means of a documented procedure that controls risk and has predictable outcomes.
2. Normal Change – A change that is not an Emergency change or a Standard change. Normal changes follow the defined steps of the change management process. Low, Medium, or High priority is determined by Unit Directors or delegates.
a. Normal Low Changes must be reviewed and approved by the Unit Director or delegate as Change Authority.
b. Normal Medium Changes must be reviewed and approved by the Change Advisory Board as Change Authority.
c. Normal High changes must be approved by the IS Executive Team as Change Authority.
3. Emergency Change – A change that must be introduced as soon as possible due to likely negative service impacts. There may be fewer people involved in the change management process review, and the change assessment may involve fewer steps due to the urgent nature of the issue; however, any Emergency Change must still be authorized by a manager and reviewed by the Change Advisory Board retroactively.
Change Advisory Board
The IS Change Management Policy requires that all changes be reviewed. Normal / Medium changes should be submitted to the Change Advisory Board (CAB) for review.
The CAB reviews change requests daily between 8 AM and 5 PM on business days, and meets weekly on Wednesday afternoons at 3:30 PM.
CAB membership currently consists of:
Raul Burriel (Chair) - primary representative, Academic Technology
Emily Longman (Vice-chair) - representative, Office of Information Security
Max Cohen - primary representative, Customer Experience
Chifundo Lemani - secondary representative, Customer Experience
Marc Cholewczynski - secondary representative, Academic Technology
Sarah Payne - primary representative, Web and Mobile Services
Edward Lee - secondary representative, Web and Mobile Services
Reed Byers - primary representative, Enterprise Computing Services
vacant - secondary representative, Enterprise Computing Services
Tim Bateman - primary representative, Network Services
David Barrett - secondary representative, Network Services
vacant - primary representative, IT Infrastructure
vacant - secondary representative, IT Infrastructure
Jason Peak - primary representative, Identity and Access
Chris Evans - secondary representative, Identity and Access
Jim Galloway - primary representative, Endpoint Management