IS Change Management Policy

Purpose

The primary objective of this policy is to ensure that a consistent and systematic approach is used for modifying UMKC's IT resources. The intent is to streamline processes while mitigating security vulnerabilities and potential loss due to system outages. Modifications to IT resources require serious forethought, testing, appropriate communication and post-change evaluation. Changes to university IT resources must have intended impact and avoid unintended consequences. 

Audience

This policy applies to all individuals that install, operate or maintain information technology resources.  

Background

In any large organization, it is often necessary to make IT infrastructure changes that are broad in scope and are meant to address serious security or compatibility issues. For instance, when a security flaw is discovered in a widely-used software application or a piece of hardware, all affected systems must be patched to curb the vulnerability, and usually with a degree of urgency. Such "patches" may be in the form of new software or hardware, or even new methods or procedures used to support and use the affected product. In any case, the necessary change affects many or all people in the organization, but may also have negative consequences if applied haphazardly. Testing software updates for undesirable effects and weighing the urgency of a patch against the degree to which services are interrupted are just two ways to ensure change happens smoothly. A well-engineered change management process for updating and upgrading IT resources will aid in streamlining these procedures and reducing risks.  

Scope

Any change that might affect IT resources upon which University personnel rely to conduct normal business operations are within the scope of this policy. The following non-exhaustive list depicts common types of change:

  • Software upgrades, updates or additions
  • IT Infrastructure changes
  • Preventative maintenance
  • Security patches
  • System architecture and configuration changes
  • Hardware upgrades
  • Product management

Policy

Any changes to the University's IT resources will be documented, coordinated and communicated with all stakeholders as outlined in the various IS Guidelines for Change Management. Management approval will be obtained prior to updating as detailed in the guidelines. Changes covered by this policy include any modifications to the University's IT resources.