Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Description

The university has established a change management process designed to document and communicate changes to LTS defined Tier 0, 1, and Tier 2 services.

Scope

This standard applies to all LTS staff.

Security Requirements

Lehigh’s Information Security Program (ISP) is built around NIST 800-171 controls and other control frameworks, regulations, and guidance (eg, FERPA, HIPAA, GDPR, PCI, and others). This section should reference which frameworks are relevant to this particular standard.

Example:

NIST 800-171 references the following security requirements within the Security Assessment family:

  • 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.

  • 3.6.2 Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization.

  • Incident Response Training [800.53 IR-2]

  • Incident Response Testing  [800.53 IR-3]    

Change Management Training

Every January, there will be an open 1 hour training session to bring staff up to date on changes to the process, provide a refresher of the process, and to capture feedback. In addition, the following links will be sent to LTS as a reminder.

Change Management

Change Management process that must include the following.

  • Provide guidance on what changes should be submitted through the change management process.

  • Defines how changes will be approved, denied, or modified.

  • Communicate the impact of the change and document fallback plans.

  • Provide a method for LTS staff to get notifications when changes are approved.

  • Provide a feature to put closer to the change including if it was a success or failure.

  • Optionally, a retrospective can be initiated as part of the process.

  • Process to be reviewed annually by TIO Director, CTO, and the Change Management Oversight Committee.

Detail associated standards and guidances.

Definitions

List any terms used in this standard which need to be defined for the readers understanding

Revision History

Date

Version

Description

Approval

1.1

Updated to Jira Cloud

Approved

1.0

Original release

Approved

1.0

Draft Original Document

Approved

  • No labels