Skip Maine state header navigation
Administrative & Financial Services
Change Management Policy
Technology organizations require a process to manage
changes to production systems in order to assure the highest performance and
availability of the systems we provide for the state.
A. The purpose
of this standard is to provide a set of rules and guidelines so that personnel
will clearly understand the required change management process. It will help
personnel identify the reason for a change, the risks posed, elements to
consider when planning, how to document, how best to ensure success and prevent
damage, how to communicate and to whom, and how to learn in order to improve
future change process.
B. As an allied
best practice, system administrators, programmers and others involved with
changes must develop a specific change management regimen for each system,
particularly regarding appropriate testing processes, version control, quality
control, change approval, back out control, and disaster recovery.
standard is intended to manage proposed changes to production systems by
1. All OIT personnel
that administer, manage, or modify any computer, application, or network system
used by others.
2. Any non-OIT personnel who can modify an enterprise system.
Manager (CAB co-chair or designee) is responsible for the change
process RFC submission review and monitoring of all authorized changes.
This applies to all OIT divisions and sections within Core Technology and
A. All Request
for Changes (RFC) will be submitted via Footprints by the Change Initiator at
least one CAB meeting (Thursdays at 10:00) prior to the planned change. Changes submitted with only a single CAB
review may result in an implementation delay. At a minimum, the CI will include
in the RFC the following actions germane to the requested change. The information will contain nothing that
would compromise system security. Any
substantial modification of the information requires re-notification.
changes must be posted to allow for one (1) CAB review
prior to execution, unless there are extenuating circumstances or the section director approves the short
notice. Short notice change
approvals must be annotated in the RFC.
C. The plan’s checklist must be
followed meticulously. Should it be revealed during the walkthrough that
a step were omitted, then it must be added into the
RFC. Should it be revealed that the actual action deviates from the plan, or
that risk was underestimated, then STOP, RETHINK, DOCUMENT, and BACKOUT. Should the change causes a malfunction, and the planned backout does not work,
then Disaster Management protocol applies. Immediate notification must be made to the supervising director, stakeholders, the
help desk, and the CAB. The supervising director will direct the next steps.
D. A document
titled “OIT Enterprise Services Change Management Process” further defines
specific planning steps, implementation guidelines and procedural requirements
in approaching the change management process.
A. Back Out – Ability to undo a change to
a system to return it to its fully functional pre-change condition.
– An action that has a distinct possibility of having a noticeable impact on an
enterprise or agency production system.
Manager (CM) (Approving management entity) - Responsible for the change process communications and monitors
all assigned changes.
Initiator (CI) – The individual requesting a change.
Advisory Board (CAB) - A group of Information Technology professionals that
reviews all changes that will cause any possibility for risk of service impact
and for scheduling conflicts. Serve as ‘facilitators’ for all proposed changes.
System – A system managed and operated by OIT for the benefit of one or more
– A person or group that has an investment, share, or interest in a computer
system, or is a subject matter expert or contributor to that system.
Document Reference Number: 13
Review Date: 3/31/2015
Point of Contact: Office of
Information Technology: Bob Corum, Infrastructure Architect, telephone:
Approved By: James R. Smith, Chief Information Officer,
State House Station #145, Augusta, ME 04333, (207) 624-9471.
Position Title(s) or Agency
Responsible for Enforcement: Greg McNeal, Chief Technology Officer, telephone
Legal Citation: 5 M.R.S.A. Chapter 163 § 1973. Responsibilities of the Chief Information
Officer, paragraph 1B “Set policies and standards for the implementation and
use of information and telecommunications technologies, including privacy and
Waiver Process: See the Waiver Policy.