Change Management Standard

Owned by James Monek, created
Last updated: Mar 01, 2024
2 min read

Description

The university has established a change management process designed to document and communicate changes to LTS defined Tier 0, 1, and Tier 2 services.

Scope

This standard applies to all LTS staff.

Security Requirements

Lehigh’s Information Security Program (ISP) is built around NIST 800-171 controls and other control frameworks, regulations, and guidance (eg, FERPA, HIPAA, GDPR, PCI, and others). This section should reference which frameworks are relevant to this particular standard.

Example:

NIST 800-171 references the following security requirements within the Security Assessment family:

  • 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.

  • 3.6.2 Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization.

  • Incident Response Training [800.53 IR-2]

  • Incident Response Testing  [800.53 IR-3]    

Change Management Training

Every January, there will be an open 1 hour training session to bring staff up to date on changes to the process, provide a refresher of the process, and to capture feedback. In addition, the following links will be sent to LTS as a reminder.

Change Management

Change Management process that must include the following.

  • Provide guidance on what changes should be submitted through the change management process.

  • Defines how changes will be approved, denied, or modified.

  • Communicate the impact of the change and document fallback plans.

  • Provide a method for LTS staff to get notifications when changes are approved.

  • Provide a feature to put closer to the change including if it was a success or failure.

  • Optionally, a retrospective can be initiated as part of the process.

  • Process to be reviewed annually by TIO Director, CTO, and the Change Management Oversight Committee.

Related

Detail associated standards and guidances.

Definitions

List any terms used in this standard which need to be defined for the readers understanding

Revision History

Date

Version

Description

Approval

Date

Version

Description

Approval

Mar 1, 2024

1.1

Updated to Jira Cloud

Approved

Feb 10, 2022

1.0

Original release

Approved

Jan 6, 2021

1.0

Draft Original Document

Approved