Division:
Administration & Finance
Department:
Information Technology Services
Contact Information:
Nish Malik / Senior Associate Vice President (AVP) and Chief Information Officer (CIO) / (415) 405-4105 / nish@sfsu.edu
Effective Date:
Tuesday, June 1, 2010
Revised Date:
Tuesday, June 10, 2024
Authority:
Objective:
This Business Policy defines requirements for system change management for SF State owned information technology systems, network resources and applications.
Statement:
Purpose and scope
This Policy defines requirements for system change management for San Francisco State University-owned information technology systems, network resources (such as switches, routers and firewalls) and applications.
Policy
All information technology systems, network resources and applications owned by San Francisco State University will be administered according to a documented and management approved change control process.
Changes made to information technology systems, network resources and applications will be documented in a change management system, reviewed and have documented approval by a designated change control authority as defined in the SF State change control guidelines before being put into production.
A selective review of configuration changes will be performed periodically to verify accountability and identify misconfigured information technology systems, network resources and applications.
References
Configuration and patch management implementation Guidelines
CSU configuration management information security policy