ICT INFRASTRUCTURE CHANGE MANAGEMENT GUIDELINE QGEA ICT INFRASTRUCTURE CHANGE

ICT INFRASTRUCTURE CHANGE MANAGEMENT GUIDELINE QGEA ICT INFRASTRUCTURE CHANGE
0 COMMON LANGUAGE INFRASTRUCTURE (CLI) PARTITION V
6 INFORMATION INFRASTRUCTURE ADVISORY COMMITTEE DEVELOPING

GOVERNMENT RESPONSE CONSULTATION ON MAJOR INFRASTRUCTURE PLANNING REFORM
1 E1676 V 1 E1675 BELARUS SOCIAL INFRASTRUCTURE RETROFITS
16 INFORMATION BOOKLET TRANSPORT INFRASTRUCTURE IRELAND IS HOLDING A

Change management guideline

ICT infrastructure change management guideline


QGEA








ICT infrastructure change management guideline

Final

September 2010

v1.0.0





PUBLIC

Document details

  1. Security classification

  1. PUBLIC

  1. Date of review of security classification

  1. September 2010

  1. Authority

  1. Queensland Government Chief Information Officer

  1. Author

  1. Queensland Government Chief Technology Office

  1. Documentation status

  1. Working draft

  1. Consultation release

  1. Final version

Contact for enquiries and proposed changes

All enquiries regarding this document should be directed in the first instance to:

Director, Technology Architecture and Strategy
Queensland Government Chief Technology Office
[email protected]

Acknowledgements

This version of the Queensland Government Enterprise Architecture (QGEA) ICT infrastructure change management guideline was developed and updated by the Network and Security Architecture Team, Queensland Government Chief Technology Office (QGCTO).

Feedback was also received from a number of agencies, which was greatly appreciated.

Copyright

ICT infrastructure change management guideline

Copyright © The State of Queensland (Department of Public Works) 2010

Licence

ICT INFRASTRUCTURE CHANGE MANAGEMENT GUIDELINE QGEA ICT INFRASTRUCTURE CHANGE   

  1. ICT infrastructure change management guideline by the QGCTO is licensed under a Creative Commons Attribution 2.5 Australia Licence.

  2. To attribute this material, cite the Queensland Department of Public Works.

Information security

This document has been security classified using the Queensland Government Information Security Classification Framework (QGISCF) as PUBLIC and will be managed according to the requirements of the QGISCF.

Contents

1 Introduction 5

1.1 Purpose 5

1.2 Audience 5

1.3 Scope 5

2 Background 5

3 Change management 5

3.1 Roles and responsibilities 6

3.2 Change management procedures 6

3.3 Assessment, prioritisation and authorisation 6

3.4 Emergency changes 6

3.5 Change status tracking and reporting 6

3.6 Change closure and documentation 7


1Introduction

1.1Purpose

  1. A Queensland Government Enterprise Architecture (QGEA) guideline provides information for Queensland Government agencies on the recommended practices for a given topic area. Guidelines are generally for information only and agencies are not required to comply. They are intended to help agencies understand the appropriate approach to addressing a particular issue or doing a particular task.

  2. This guideline specifies the Queensland Government’s recommended approach to change management.

1.2Audience

  1. This document is primarily intended for:

1.3Scope

1.3.1In scope

  1. The discipline of change management should be applied consistently across all domains of the QGEA. This guideline relates specifically to ICT hardware and software assets, including the supporting processes and documentation.

2Background

  1. The Queensland Government expects that all changes to ICT hardware and software assets, including the introduction of new or replacement technologies, are traceable to business decisions and requirements, and approved by all stakeholders prior to implementation. This standardised approach is designed to ensure that all changes are reviewed and approved in a consistent and co-ordinated manner.

  2. Effective change management will reduce both the frequency and severity of adverse information security and ICT incidents by:

3Change management

  1. All ICT infrastructure used within an agency either has a well-defined or implied life cycle associated with the intended use. In addition, there are supporting processes associated with managing this environment.

  2. This life cycle covers the introduction of an ICT asset to an agency’s infrastructure, and has associated management activities, including modifications, patches, updates and disposal or retirement. Each stage of the asset life cycle needs to be fully understood by the asset owner and those personnel tasked with managing the asset.

3.1Roles and responsibilities

  1. Change management is a process that should clearly identify, support and incorporate the following roles and associated responsibilities:

3.2Change management procedures

  1. Formal change management procedures should be established to control, in a standardised manner, all changes to ICT infrastructure, as well as supporting procedures, processes, and configuration parameters. This ensures that:

3.3Assessment, prioritisation and authorisation

  1. All change requests should be individually assessed using a risk management approach in order to determine the impact on ICT infrastructure, procedures, processes, service delivery and available resources. This ensures that change requests are:

3.4Emergency changes

  1. Emergency change requests, outside formal change management procedure, allow agencies to be flexible and agile in response to various threats. Emergency change requests should be:

3.5Change status tracking and reporting

  1. The status of all changes, whether completed, in-progress, reverted or rejected should be tracked and reported in order to communicate the progress to all stakeholders. Recording and reporting the current status ensures that all outcomes are traceable and that decisions makers are accountable.

  2. The status of a change request may be one of the following with respect to the original change management request:

3.6Change closure and documentation

  1. Changes that have been completed, in-progress, reverted or rejected may cause associated documentation to be updated. All relevant and affected documentation should be updated as part of the change management process to ensure that the current state has been accurately recorded. This includes, but is not limited to:

  1. Where possible, these documents should have the ability to be dynamically updated in order to reduce workload on staff resources and the introduction of manual errors.

Version history

Document authors: Peter Nikitser

Filename: 145472.doc


Change management guideline

  1. Version

  1. Date

  1. Author

  1. Description

  1. 0.0.1

  1. 04/03/2010

  1. QGCIO

  1. Changed to guideline and updated styles.

  1. 0.0.2

  1. 12/04/2010

  1. QGCTO

  1. Subsequent draft including feedback from the Information Security Reference Group.

  1. 0.0.3

  1. 13/05/2010

  1. QGCTO

  1. Subsequent draft including feedback from the Department of Community Services.

  1. 0.0.4

  1. 07/07/2010

  1. QGCTO

  1. Moved from Draft status to Final document after endorsement by the ICT Security Sub-Committee.

  1. 0.1.0

  1. 31/08/2010

  1. ICT Governance, Policy and Coordination Office

  1. Updated by Director, ICT Governance, Policy and Coordination Office.




17 INFRASTRUCTURE REGULATION AND INVESTMENTS PETER FORSYTH DEPARTMENT OF
28975 INFRASTRUCTURE AND DEVELOPMENT1 RÉMY PRUD’HOMME2 UNIVERSITY OF PARIS
4 IIAC PAPER NO 122002 INFORMATION INFRASTRUCTURE


Tags: change management, 145472.doc change, change, infrastructure, management, guideline