Systematic Change Control Procedures

Systematic Change Control Procedures

1.0 Purpose

Systematic change control refers to the criteria and procedures used for managing critical changes to server hardware, software and data, including the process for audit review of changes, and responsibility for oversight.

2.0 Scope

In accordance with the “security standards” incorporated into the Health Information Portability and Accountability Act, systematic change control methods must be an integral part of the College of Public Health Information Technology procedures and guidelines. Documented procedures for systematic change control reduces the risk that key information technology assets are accessed inadvertently or inappropriately by persons without authority, while providing procedures that will enhance stability and integrity of server hardware and software.

3.0 Applicability

Systematic change control procedures are applicable to all College of Public Health system administrators responsible for managing critical server hardware, software, and data. The collegiate Office of Information Technology is applicable as an administrator of the core server infrastructure for the College of Public Health.

4.0 Guidelines

4.1 Required

Major changes to infrastructure, personnel, and services must be discussed, assessed, evaluated, and planned thoroughly by the Director of Information Technology, in coordination with departmental administrators and supervisors.

4.2 Required

The Computation and Informatics Committee will act as a consultant and advisor to the Director of Information Technology, including representation from all departments within the College of Public Health.

4.3 Required

In coordination with the Director of Information Technology, System Administrators will document major changes to infrastructure, personnel and services.

4.4 Required

The requestor of the change will apply for approval, document change, test change, perform quality assurance, implement, and report on the change.

4.4 Required

The Director of Information Technology is responsible for the oversight of the systematic change.

5.0 Procedures

  • The requestor of IT change (infrastructure, personnel, or service) will contact the collegiate Director of Information Technology to initiate or apply for the change.
  • In coordination with departmental administrators and supervisors, as well as the Computation and Informatics Committee, the collegiate Director of Information Technology will assess and evaluate the change for approval.
  • If the change is denied, the process for systematic change is stopped or closed.
  • If the change is approved, the collegiate Director of Information Technology documents the change and informs the requestor to begin testing phase.
  • The requestor (in conjunction with the System Administrator) begins the thorough testing phase of the change.
  • Upon completion of the testing phase, the requestor (in conjunction with the System Administrator) performs a quality assurance check on the change.
  • After completion of quality assurance check, the requestor (in conjunction with the System Administrator) notifies the appropriate end-users of the scheduled change.
  • After notification, the requestor (in conjunction with the System Administrator) implements the change into production environment.
  • After the change has been implemented, the requestor will report on the change to the collegiate Director of Information Technology.
  • The collegiate Director of Information Technology will document and file the final report of the change.

6.0 Contacts and Technical Experts

College of Public Health Office of Information Technology (384-3838)
cph-support@uiowa.edu