Handbook of Operating Procedures > Series 700 Information Resources > 7.1.8 Change Management for Information Resources

7.1.8 Change Management for Information Resources

A. Purpose

Change Management establishes the process for controlling significant modifications to IT resources through an oversight process to ensure that these resources are protected in the interest of the institution before, during, and after change implementations.

B. Persons Affected

The UT Tyler Change Management Policy applies to all individuals that install, operate, maintain, or develop Information Technology resources. These resources include the hardware and software components of any network, server, or workstations maintained by Information Technology.

C. Definitions

N/A

D. Policy

Changes to IT resources that have an impact on immediate patient care or user productivity as a result of downtime (realized or potential), or will impact greater than 25% of the end-user population are subject to the Change Management Policy. This policy does not apply to regularly scheduled downtime for events that include server reboots and security updates.

An electronic change request must be submitted for changes that are applicable to the Change Management Policy. The change requests must be reviewed and approved by IT management or by other designated individuals appointed by IT management prior to making the proposed changes. In the event IT management is not available to approve the request and the requester deems the situation as critical, the change can be made but the change management request must still be submitted.

Individuals involved in implementing a change (including change request originator) should be available at least 24 hours after the change in order to resolve any possible issues that may result from the change.

An electronic record must be maintained for all submitted change requests and at a minimum, include:

• Person who originates the change request
• IT manager or designee(s) who approves/denies the change
• Reasons for the change

Violation of this policy may result in disciplinary action that may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student.

E. Review Responsibilities and Dates

The Division Head for this Policy is the Chief Information Officer and this Policy shall be reviewed every two (2) years or sooner, if necessary, by the Division Head or their designee.