Академический Документы
Профессиональный Документы
Культура Документы
Prepared by:
[ORGANIZATION]
IT Security Policies [ORGANIZATION] 2010.1
This sample document and all of its contents are copyright of Saltlake Infosolutions Pvt. Ltd.
(http://www.saltlakesoft.com). All rights reserved.
2/[ORGANIZATION]/2010.1
IT Security Policies [ORGANIZATION] 2010.1
Table of Contents
3/[ORGANIZATION]/2010.1
IT Security Policies [ORGANIZATION] 2010.1
Overview
From time to time, these IT Resources may need to undergo changes which could be planned upgrades
or maintenance. In addition, unexpected events can occur which require upgrades or maintenance of
the resource. During the upgrades or maintenance, the IT Resource could be unavailable or partially
available.
It is critical for the organization to manage the changes occurring due to planned or unplanned events in
such a way that the disruption in the business services of the [ORGANIZATION] is minimized.
Purpose
The purpose of the Change Management Policy is to manage changes in a rational and predictable
manner so that staff members and clients can plan accordingly, to minimize disruption in the business
services of the [ORGANIZATION].
The Change Management Procedures are designed to provide an orderly process and control under
which all change requests made for [ORGANIZATION]’s IT infrastructure are reviewed and approved
prior to the installation or implementation of the change. Furthermore, it also defines the procedure
and steps which need to be followed in case any Unplanned or Emergency change takes place.
Scope
Any change in [ORGANIZATION]’s IT environment requires approval via the process defined in this
policy.
77/[ORGANIZATION]/2010.1
IT Security Policies [ORGANIZATION] 2010.1
Definitions
Planned Change: A change for which Formal notification received, reviewed, and approved by the
Management in advance of the change being implemented.
Unplanned Change: Failure to present notification to the formal process in advance of the change being
made. It happens in case of unexpected changes, where time is too short to follow any formal
procedure.
Emergency Change: An immediate on-spot response required for an Incident requiring an urgent
solution which is needed to prevent widespread service or system disruption.
Process
The Change management process will consist of the following general procedures which are required to
be followed for all types of changes and few specific procedures which will be followed for respective
type of change being made, i.e. planned, unplanned & emergency changes.
78/[ORGANIZATION]/2010.1
IT Security Policies [ORGANIZATION] 2010.1
1. A Change Request Form must be filled and submitted to the senior management for providing
necessary details and information about the change. e.g.
a. Why the change is required?
b. Who is responsible for implementing the change?
c. The estimated date of the change.
d. A description of the change, including a timeline and potential risks associated.
e. Whether the change has been approved by other staff in charge of resources that may
be affected, if any.
f. The IT staff members who are involved in change must be listed.
g. What assistance will be needed by other employees, if any.
2. Potential changes must be communicated before several working days in advance of when the
work is to be done.
3. After receiving notification of a potential change, any user/employee who needs more
information or has an objection to the change should contact the System Administrator.
4. In the event that an objection to the change cannot be resolved informally, the Director or
Senior Management person involved will call a meeting of all involved parties to resolve the
dispute.
In the case of emergency changes the above mentioned steps will be followed to allow the
fastest possible response while still maintaining the proper levels of approval, monitoring,
communication and documentation of all change related procedure
79/[ORGANIZATION]/2010.1
IT Security Policies [ORGANIZATION] 2010.1
Enforcement
Any employee found to have violated this policy may be subject to disciplinary action, penalty and/or
suspension, up to and including termination of employment.
80/[ORGANIZATION]/2010.1
IT Security Policies [ORGANIZATION] 2010.1
Associated Risks:
Hardware Required:
Software Required:
81/[ORGANIZATION]/2010.1
IT Security Policies [ORGANIZATION] 2010.1
Department:
Comments:
Signature of Person
Implementing Change
(in full):
Comments of
Reviewer:
Signature of Reviewer
(in full):
82/[ORGANIZATION]/2010.1
IT Security Policies [ORGANIZATION] 2010.1
Change Request Requested Requested Department Change Status Date of Change Change Change Change Cost Result Details Signature
Request Date By (Name) By Description (Approved Approval Initiated Implemented Implemented Supervisor Incurred (Success Entered
No. (Designation) /Rejected) / On On By (Amount / By
Rejection in INR) Failure)
83/[ORGANIZATION]/2010.1