Division:
Administration & Finance
Department:
Information Technology Services
Contact Information:
Nish Malik / Senior Associate Vice President (AVP) and Chief Information Officer (CIO) / (415) 405-4105 / nish@sfsu.edu
Effective Date:
Tuesday, June 1, 2010
Revised Date:
Tuesday, June 10, 2024
Authority:
Objective:
This Business Policy defines requirements for system change management for SF State owned information technology systems, network resources and applications.
Statement:
Purpose and scope
This Policy defines requirements for system change management for San Francisco State University-owned information technology systems, network resources (such as switches, routers and firewalls) and applications.
Policy:
All information technology systems, network resources and applications owned by San Francisco State University will be administered according to a documented and management approved change control process.
Changes made to information technology systems, network resources and applications will be documented in a change management system, reviewed and have documented approval by a designated change control authority as defined in the SF State change control guidelines before being put into production.
A selective review of configuration changes will be performed periodically to verify accountability and identify misconfigured information technology systems, network resources and applications.
References:
Configuration and patch management implementation Guidelines
CSU configuration management information security policy