Policies

Change Management Policy

Hendrix College, Technology Services
Policy # 12140
Effective: Friday, April 27, 2018
Purpose

This policy defines the requirements for the formal process of making changes to institutional data and College information systems.

Additional Authority
Scope

This Policy applies to all institutional data and information systems by faculty, staff, any third-parties contracted by the College, and any other individual or group authorized to access College information systems and institutional data.

Responsible Party

1. Statement

  1. All changes to institutional data must be recorded in a continuous log. Logging should be performed preferentially by native system logging where possible.
  2. Changes to architecture, tools, or data that are beyond the scope of normal operations or that do not natively leave an audit trail must be approved based on the classification of the data :
    1. Changes to public data or information systems containing only public data must be approved by the Data Steward of the affected systems.
    2. Changes to private data or information systems containing private data must be approved by the Data Steward of the affected systems and reviewable by the CIO.
    3. Changes to restricted data or information systems containing restricted data must be approved by the Data Steward of the affected systems and by the CIO and must be reviewable by the SLT.
  3. Follow-up timeline will be established at time of change completion and on follow-up date requestor will verify correct operation.
  4. Change logs must be reviewed quarterly.

2. Definitions

Information system
Any electronic system that stores, processes, or transmits information.
Institutional Data
Any data that is owned or licensed by the College. See the Data Classification Standard for more information.

Revisions

Date Change
5/9/2018 Initial Draft
3/21/2022 Senior Leadership Approval