1. WOSM Staff Support Centre
  2. Workplace and Travel
  3. Digital and Information Technology

WSB Policy: Information Technology Change Management

Updated
Have more questions? Submit a request

Purpose

  1. The World Scout Bureau (WSB) formally manages changes to its Information Technology (IT) resources to prevent disruptions to the stability or integrity of the WSB’s IT systems, applications and data
  2. Uncontrolled changes to IT systems and applications could potentially result in significant system disruption, data corruption or loss. A formalised IT change management process is designed to ensure that changes are authorised and operate as intended.
  3. The objective of this policy is to define formal requirements to manage changes to IT systems and applications, in order to prevent unscheduled disruption, data corruption or loss.

 

Scope

  1. This policy represents the WSB’s official position and takes precedence over all other relevant policies which may be developed at a local level. This policy applies to:
    • All WSB Offices globally.
    • All WSB Responsible & Relevant IT support staff.
  2. All IT systems or applications managed by WSB that store, process or transmit information, including network and computer hardware, software and applications, mobile devices, and telecommunication systems.
  3. All change requests to IT systems and applications, including standard, minor, major and emergency changes.

 

Definitions

A list of terms used throughout this policy are defined in Appendix A.

 

Guiding Principles

  1. The WSB IT Team will apply a formal approach to managing IT systems and applications changes.
  2. Changes to IT systems and applications must be managed in accordance with the IT Change Management Guidelines.
  3. All change requests must be:
    • Classified before being processed. The level of analysis, approval and testing must be aligned with the change classification level in order to address potential risks.
    • Approved prior to commencing the change or development, and prior to implementing the fully tested change into the live environment.
    • Documented before, during and after implementation. See attached file for a sample of the type of information required for a Request for Change (“RFC”).
  4. Business value, business risks, technical risks (including potential impact to performance and security risks), as well as costs must be formally considered before authorising changes.

 

Roles & Responsibilities

Stakeholder

Responsibilities

Senior Management Team

Review, approve and formally support this policy

Senior Manager, Digital & IT Services
  • Develop and maintain this Policy.
  • Take proactive steps to reinforce compliance of all stakeholders with this Policy.
  • Communicate with the WSB, directly or through a WSB representatives, in informal or formal instances, to understand the WSB’s needs and expectations, explain the capabilities of the existing technology in production, and facilitate the process to manage change requests.
  • Report to the Senior Management Team.

 

Policy Distribution & Awareness

This policy and it's supporting policies, standards and guidelines will be published on the WSB Dropbox.

Soft copies of the policy and its supporting policies, standards and guidelines will be available on WSB Staff Support Center.

The IT Personnel and/or the Senior Manager, Digital & IT Services may make periodic policy announcements by email.

WSB line managers will ensure that all existing and new staff, contractors, consultants, interns, volunteers and third-party commercial service providers who report to them are made aware of and have access to the policy and its supporting policies, standards and guidelines.

Individuals requiring clarification on any aspect of the policy and its supporting policies, standards and guidelines and/or advice on general I.T. security matters may email their queries to the Senior Manager, Digital & IT Services or the local IT Personnel.

 

Exceptions to this Policy

Exceptions to the guiding principles in this policy must be documented and formally approved by the Global Director, Communications , with evidence of support from the appropriate Senior Management Team.

Policy exceptions must describe:

  • The nature of the exception.
  • A reasonable explanation for why the policy exception is required
  • Any risks created by the policy exception.
  • Evidence of approval.

 

Policy Enforcement

The WSB reserves the right to take such action as it deems appropriate against individuals who breach the conditions of this policy. WSB staff, contractors, consultants, interns and volunteers who breach this policy maybe subject to disciplinary action, including suspension and dismissal as provided for in the WSB disciplinary procedure.

Breaches of this policy by a third-party commercial service provider, may lead to the withdrawal of WSB information technology resources to that third party commercial service provider and/or the cancellation of any contract(s) between the WSB and the third-party commercial service provider.

The WSB reserves the right to refer any use of its IT resources for illegal activities to the relevant Authorities.

 

Review & Update

This policy will be reviewed and updated annually or more frequently if necessary, to ensure any changes to the WSB’s organisation structure and business practices are properly reflected in the policy.

 

Appendix A: Definitions

Change Advisory Board (CAB): A group of people that make decisions related to major changes to IT systems. Members of the CAB include the Global Director, Communications & Partnership and Manger, IT & Digital Services. IT Project Managers and system owners affected by the change are included, where applicable. The chair of the CAB is the Global Director, Communications & Partnerships.

Emergency IT Change: An unplanned modification to an IT system that requires immediate implementation to correct an important issue, such as a disruption or outage of service

IT Change: A planned modification to an IT system.

Information: Any data in an electronic format that is capable of being processed or has already been processed.

Information Technology (I.T.) resources: Includes all computer facilities and devices, networks and data communications infrastructure, telecommunications systems and equipment, internet/intranet and email facilities, software, information systems and applications, account usernames and passwords, and information and data that are owned or leased by the WSB.

IT Personnel: These are the individuals responsible for the day to day management of a WSB network domain. Also includes WSB personnel who have been authorised to create and manage user accounts and passwords on a WSB network domain

Line manager: The individual a user reports directly to.

Password: A string of characters that a user must supply in order to gain access to an IT resource.

Process / Processed / Processing: Performing any manual or automated operation or set of operations on information including:

  • Obtaining, recording or keeping the information.
  • Collecting, organising, storing, altering or adapting the information.
  • Retrieving, consulting or using the information.
  • Disclosing the information or data by transmitting, disseminating or otherwise making it available.
  • Aligning, combining, blocking, erasing or destroying the information.

Users: Any authorised individual who uses the WSB’s IT resources

 

Articles in this section

See more
Was this article helpful?
0 out of 0 found this helpful