Information Services seeks to communicate with the OSU community about the changes we make to the IT systems that we manage. Our goal is to manage, maintain, and upgrade systems in a thoughtful way so that we minimize negative impact to services and customers.

Achieving this goal requires that we plan changes carefully, consult with members of the community regarding planned changes, and respond to unplanned changes systematically to ensure minimal downtime.

Change Management is the formal term for defining our policies and processes.

Change Policies

While all Information Technology units on campus are encouraged to practice diligent change management and are welcome to submit their changes to to Change Advisory Board for review, the following policies apply only to services and systems operated by Oregon State University's Information Services.

The Incident Response policy does not apply to Security Incidents, which are covered by the Information Security Manual section 502: Incident Response and Escalation.

Types of Changes

The IS Change Management Policy defines three types of changes based on the ITIL framework for service delivery. These changes are:

  • 1. Standard Change – A repeatable change that has been pre-authorized by the Change Authority by means of a documented procedure that controls risk and has predictable outcomes.
  • 2. Normal Change – A change that is not an Emergency change or a Standard change. Normal changes follow the defined steps of the change management process. Low, Medium, or High priority is determined by Unit Directors or delegates.
    • a. Normal Low Changes must be reviewed and approved by the Unit Director or delegate as Change Authority.
    • b. Normal Medium Changes must be reviewed and approved by the Change Advisory Board as Change Authority.
    • c. Normal High changes must be approved by the IS Executive Team as Change Authority.
  • 3. Emergency Change – A change that must be introduced as soon as possible due to likely negative service impacts. There may be fewer people involved in the change management process review, and the change assessment may involve fewer steps due to the urgent nature of the issue; however, any Emergency Change must still be authorized by a manager and reviewed by the Change Advisory Board retroactively.

Change Advisory Board

The IS Change Management Policy requires that all changes be reviewed. Normal / Medium changes should be submitted to the Change Advisory Board (CAB) for review.

The CAB reviews change requests daily between 8 AM and 5 PM on business days, and meets weekly on Wednesday afternoons at 3:30 PM.

CAB membership currently consists of:

Raul Burriel (Chair) - primary representative, Academic Technology

Emily Longman (Vice-chair) - representative, Office of Information Security

Max Cohen - primary representative, Customer Experience

Chifundo Lemani - secondary representative, Customer Experience

Marc Cholewczynski - secondary representative, Academic Technology

Sarah Payne - primary representative, Web and Mobile Services

Edward Lee - secondary representative, Web and Mobile Services

Reed Byers - primary representative, Enterprise Computing Services

vacant - secondary representative, Enterprise Computing Services

Tim Bateman - primary representative, Network Services

David Barrett - secondary representative, Network Services

vacant - primary representative, IT Infrastructure

vacant -  secondary representative, IT Infrastructure

Jason Peak - primary representative, Identity and Access

Chris Evans - secondary representative, Identity and Access

Jim Galloway - primary representative, Endpoint Management