The Official Web site for the Office of Information Technology - UTSA

This document should be rendered in an HTML format with cascading style sheets and JavaScript turned on.

Office of Information Technology Home Page

Skip to Main Content

Skip to Navigation

Please take a few minutes to read our Accessibility Page which will make your visit through this Web site easier.

Copyright (c) 2010. The University of Texas at San Antonio. All rights reserved.

OIT Home > About OIT > Information Resource Standards > Change Management Standard for Computing Systems

Change Management Standard for Computing Systems

The Change Management Standard provides an outline for the implementation and management of changes to all UTSA computing systems.  Change requires serious forethought, careful monitoring and follow-up evaluation to reduce negative impact on the user community and to increase the reliability of system performance.

Each department is responsible for defining and documenting its own change management processes, covering changes to resources such as operating systems, computer hardware, networks, and applications and applying the practice to all multi-user systems. The changes must be documented commensurate with risk, scaling from simple change logging to the following processes for mission critical systems of those with confidential data:

  1. Planning the change
  2. Testing the change (if suitable test systems exist)
  3. Obtaining formal approval to implement the change in production
  4. Communicating with users of the system before the change occurs, especially if there are interdependencies with other systems.
  5. Implementing the change
  6. Documenting the results of the change.

All changes affecting any central computing systems supported by the Office of Information Technology (OIT) must be managed through all of the steps above, and must be thoroughly documented.  
Effective Date:

June 1, 2011

Compliance Date:

November 30, 2011

Last Revision:

February 16, 2011

Account Management

Disposal of Computers
Other Electronic Devices

Laptop Encryption

Policy Exception and Risk Assumption Procedures

Administrative/Special Access

E-Mail Management

Log-in Disclaimer

Security Monitoring

Application Registration

Incident Management

Network Access

Security Training

Enterprise Backup &
Data Recovery

Information Resource Use and Security (pending)

Network Configuration

Server Hardening

Change Management

Information Security Risk Assessment

Password

Software Licensing

Computer Naming Convention

Information Security Administrator (ISA)

Patch Management Standard

Threat Detection and Prevention

Configuration and Asset Management

Information Security Training Standard

Personal Computing

Unauthorized File Sharing

Copiers and Printers

Information Services Privacy

Physical Access

Vendor Access

Data Center

Internet Use

Portable Computing

Web Application Vulnerability Scanning

Data Classification

Intrusion Detection

Protection Against Malicious Software

Wireless Network

 

 

 

Workstation Operating Systems Support

Tools