Professional Documents
Culture Documents
The policy describes the rules and regulations in the change of ICT resources and provides
details on the roles and responsibilities and further related policies and procedures.
Change Control Policy
Policy No: 5
Policy Name: Change Control Policy
Version History
Revision
Version Approved By Description Author
Date
1 DM Admin 20/07/2020 Initial document Mr. Dilawar
1
Change Control Policy
Purpose
The purpose of this policy is to ensure that all changes to application, network devices, network
infrastructure and ICT services minimizes any potential negative impact on services and users
provided by ICT Directorate.
Scope
This policy and all policies referenced herein, shall apply to all members working in the decision
process and change management of the application development, network design and
infrastructure, and ICT services.
Policy Statement
The change request should be prioritized based on the type of change (emergency,
standard, major, normal).
Request related to failure in power systems, connectivity failures, security incidents, system
crashes, system reports, and other common as mentioned that leads to stop the operation
are considered as request for emergency change.
Requests related to software maintenance, permissions and access to ICT services (IP phones,
emails, share folders, connectivity etc…) are considered as requests for standard changes.
Requests having significant financial implications and impacts on operation and resources
such as migration of systems, integration of systems, establishing new systems, and related
operations are considered as request for major changes.
Changes should be examined for security implications through the participation of the
security administrators.
2
Change Control Policy
For ensuring appropriate approval, planning, and execution all ICT resources changes
which comes under the type of normal, standard, and major change should follow the
change control process.
The change initiator should note that the change has been successfully applied, tested,
and verified in a non-production environment when an applicable environment(s) exists.
Change requests may not be required for non-production environments unless there is a
significant upgrade or an impact.
As per the change control process all ICT resources changes should be clearly
documented.
A lesson learned session should occur in the event of an incident during a change
request.
3
Change Control Policy
Exceptions
Unexpected and emergency changes requests that occurs due to unplanned and
unconditional events where immediate action is required.
4
Change Control Policy
5
Change Control Policy
Disclaimer Statement
Deviations from policies, procedures, processes, or guidelines published and approved by ICT
Directorate can only be done cooperatively between the ICT Directorate authorized personals
and the requesting entity with sufficient time to allow for appropriate risk analysis,
documentation, and possible presentation to ICT Directorate. Willful failure to adhere to ICT
Directorate written policies will meet governmental laws and regulations.