Skip Maine state header navigation

Agencies | Online Services | Help


Maine State Government

Dept. of Administrative & Financial Services

Office of Information Technology


Change Management Policy

I. Statement

Technology organizations require a process to manage changes to production systems in order to assure the highest performance and availability of the systems we provide for the state. 


II. Purpose

A. The purpose of this standard is to provide a set of rules and guidelines so that personnel will clearly understand the required change management process. It will help personnel identify the reason for a change, the risks posed, elements to consider when planning, how to document, how best to ensure success and prevent damage, how to communicate and to whom, and how to learn in order to improve future change process.

B. As an allied best practice, system administrators, programmers and others involved with changes must develop a specific change management regimen for each system, particularly regarding appropriate testing processes, version control, quality control, change approval, back out control, and disaster recovery.


III. Applicability

A. This standard is intended to manage proposed changes to production systems by

1. All OIT personnel that administer, manage, or modify any computer, application, or network system used by others. 

2. Any non-OIT personnel who can modify an enterprise system.


IV. Responsibilities

A. Change Manager (CAB co-chair or designee) is responsible for the change process RFC submission review and monitoring of all authorized changes. This applies to all OIT divisions and sections within Core Technology and Application Development.

B. Change Advisory Board reviews all changes with any possibility for risk of service impact as well as scheduling conflicts that may arise. The Change Advisory Board serves as “facilitators” for all proposed changes.


V. Directives

A. All Request for Changes (RFC) will be submitted via Footprints by the Change Initiator at least one CAB meeting (Thursdays at 10:00) prior to the planned change.  Changes submitted with only a single CAB review may result in an implementation delay. At a minimum, the CI will include in the RFC the following actions germane to the requested change.    The information will contain nothing that would compromise system security.  Any substantial modification of the information requires re-notification.

B. Non-emergency changes must be posted to allow for one (1) CAB review prior to execution, unless there are extenuating circumstances or the section director approves the short notice.  Short notice change approvals must be annotated in the RFC.

C. The plan’s checklist must be followed meticulously. Should it be revealed during the walkthrough that a step were omitted, then it must be added into the RFC. Should it be revealed that the actual action deviates from the plan, or that risk was underestimated, then STOP, RETHINK, DOCUMENT, and BACKOUT. Should the change causes a malfunction, and the planned backout does not work, then Disaster Management protocol applies. Immediate notification must be made to the supervising director, stakeholders, the help desk, and the CAB. The supervising director will direct the next steps.

D. A document titled “OIT Enterprise Services Change Management Process” further defines specific planning steps, implementation guidelines and procedural requirements in approaching the change management process.


VI. Definitions


A. Back Out – Ability to undo a change to a system to return it to its fully functional pre-change condition.

B. Change – An action that has a distinct possibility of having a noticeable impact on an enterprise or agency production system.

C. Change Manager (CM) (Approving management entity) - Responsible for the change process communications and monitors all assigned changes.

D. Change Initiator (CI) – The individual requesting a change.

E. Change Advisory Board (CAB) - A group of Information Technology professionals that reviews all changes that will cause any possibility for risk of service impact and for scheduling conflicts. Serve as ‘facilitators’ for all proposed changes.

F. Enterprise System – A system managed and operated by OIT for the benefit of one or more outside agencies.

G. Stakeholder – A person or group that has an investment, share, or interest in a computer system, or is a subject matter expert or contributor to that system.


VII. References


VIII. Document Information

Document Reference Number: 13


Adoption Date: 10/24/07

Effective Date: 10/24/07

Update Date:  3/31/2013

Next Review Date: 3/31/2015

Point of Contact: Office of Information Technology: Bob Corum, Infrastructure Architect, telephone: 207-624-8895.


Approved By:  James R. Smith, Chief Information Officer, State House Station #145, Augusta, ME 04333, (207) 624-9471.

Position Title(s) or Agency Responsible for Enforcement: Greg McNeal, Chief Technology Officer, telephone 207-624-9471

Legal Citation: 5 M.R.S.A. Chapter 163 § 1973.   Responsibilities of the Chief Information Officer, paragraph 1B “Set policies and standards for the implementation and use of information and telecommunications technologies, including privacy and security standards…”


Waiver Process: See the Waiver Policy[1].