A: The process of configuration changes, patches, and updates creates a risk to university business in all areas. Due to the complexity of our technology systems, such changes must be carefully reviewed, performed, and vetted as, if done improperly, can cause disruptions, weaken security postures, and cause a loss of data. To address this, as well as assist in the University’s compliance and audit requirements, this process and accompanying policy provide that:

Changes are performed in a way to minimize risks to the university.
All security and compliance requirements remain enforced consistent with U of I standards and principles of least privilege and functionality.
All impactful changes to technology resources are tracked and approved in a timely manner.

Q3: How will Change Enablement benefit our Users?

A: Change enablement opens communication amongst groups that make these changes on a regular basis. It creates transparency and mitigates risks associated with these tasks.

Q4:When Will Change Enablement Practices Start?

A: The pilot will start with semester start lockdown: 1/3/2024 at midnight.

Q5: What is the Scope of Pilot?

A: All changes to production services that may impact any services relative to university business.

Back to Questions

Q6: How Are We Going to Track These Changes?

A: Any changes to any production environment must be requested for approval. This is done by submitting a Request for Change (RFC) through the OIT Portal. Once it is submitted, you will need to create a Maintenance Activity for the ticket. From there a workflow process begins to start the approval process.

Q7: How are Change Types Defined?

A: Normal Change - All other changes that are not Emergency or Standard Changes. Examples include, but are not limited to, data migrations and software implementations, network, or system configuration changes. Each change has a predefined scope and action plan.

Minor Change - Minor changes are a sub-category of normal changes that may be approved by a stakeholder designated and approved by the CAB. Minor changes include low-risk and low-impact changes. It is important to note that though they are low impact, that does not mean they are non-trivial.

Emergency Change - Emergency changes are performed to address unexpected disruptions such as security incidents, application, or server outages that need to be resolved immediately.

Standard Change - Periodical, low-risk and low-impact changes that follow a standard operating procedure approved by the CAB. Each change has a predefined scope and action plan.

Q8: Will We Still Have to Post Outages?

A: Yes, outages will still need to be posted until the RFC workflow is configured to automatically post to the outage channel.

Q9: Who is Responsible for Approving a Change?

A: A Change Advisory Board (CAB) is created to review and discuss all changes proposed. Based on the type of change that is requested, the appropriate number of CAB members must approve the change prior to implementation. In the event of an emergency change, the approval should be made by a CAB member that isn't related to the area the change request is coming from.

Q10: What is the Make Up of the Change Advisory Board (CAB)?

A: The CAB consists of the following:

OIT Security – Mitch Parks
Infrastructure and Operations – Brian Jemes
Enterprise Applications – Kali Armitage
IT planning and Initiatives – Teresa Amos
Technology Partnerships – Tom English
Student Technology – Darren Kearney

Back to Questions

Q11: How Does the CAB Vote to Approve Changes?

A: A simple majority (4 out of 6) is required to approve an RFC. If there is a tie in voting, then the decision will go to the VP, CIO

Q12: What is the Approval Schedule for RFC’s?

A. CAB meetings will be weekly on Thursdays for Normal Changes. However, during the pilot, all changes will be reviewed by CAB members to evaluate categorization of each to determine the ongoing classifications for the types of changes requested to look for items that are done more frequently and provide minimal risk.

Q13: Do CAB members need to have a proxy attend in their place when they are on vacation or have a conflict?

A: Yes, CAB members should assign a proxy while on vacation to attend CAB meetings for approval of Normal changes.

Q14: Can Anyone Attend a CAB Meeting?

A: Everyone is invited to attend the CAB meeting. If you have something on the agenda, you might consider attending to answer any questions that may come up.

Q15: What Does the RFC Workflow Look Like?