Change Control

Division: 

Administration & Finance

Department: 

Information Technology Services

Contact Information: 

Nish Malik / Associate Vice President and Chief Information Officer, Information Technology Services / (415) 405-4105 / nish@sfsu.edu

Effective Date: 

Tuesday, June 1, 2010

Revised Date: 

Tuesday, June 1, 2010

Authority: 


Objective: 

This Business Practice Directive defines requirements for system change management for SF State owned information technology systems, network resources and applications.


Statement: 

Purpose and scope

This Practice Directive defines requirements for system change management for San Francisco State University-owned information technology systems, network resources (such as switches, routers and firewalls) and applications.

Practice Directive

All information technology systems, network resources and applications owned by San Francisco State University will be administered according to a documented and management approved change control process.

Changes made to information technology systems, network resources and applications will be documented in a change management system, reviewed and have documented approval by a designated change control authority as defined in the SF State change control guidelines before being put into production.

A selective review of configuration changes will be performed periodically to verify accountability and identify misconfigured information technology systems, network resources and applications.

References

Configuration and patch management implementation Guidelines
CSU configuration management information security policy
CSU change control information security policy