Operators are responsible for executing changes, but Operators do not have the authority to approve changes.
All changes in the production environment should follow the documented change process. Changes will be categorized with a system.
- Standard Changes should have an approved and documented procedure with a well understood outcome and appropriate appreciation of risk. They are pre-qualified but not always pre-approved.
- Normal Changes should follow the full Change Management Process. Normal changes should be individually approved by the Business Owner of the resource and may not be pre-approved.
- Emergency Changes may be a Standard or Normal Change but will be on an accelerated timeline. Operators should always attempt to follow the full Change Management Process.
Appropriate review of changes shall be conducted with an appreciation of risk. Business Owners will use the review as grounds for approval. The Business Owner, upon review, can approve a documented procedure to transition the activity from a Normal to a Standard Change.
Department Directors are responsible for the regular oversight of their department’s change participation and documentation.
Violations of the policy will be met with corrective action and carry the possibility of disciplinary action up to, and including, termination.
Owner: Security and Compliance Committee
$Date: 2018-12-13 12:29:08 -0700 (Thu, 13 Dec 2018) $
$Revision: 472629 $