compliances , networking , security

Sample – Network UAT Change Policy

January 29, 2015

Network Services is requiring User Acceptance Testing (UAT) on all high risk/high impact changes and/or changes that will result in a known impact or system degradation. The risk scoring of the change is based on information entered in the change record as well as the Enterprise model used for scoring changes.

The change is to be thoroughly researched as to impact, proper notifications made to the Lines of Business, and testing coordinated.  The intent of the UAT requirement is to ensure that applications and servers impacted by a change validate their applications during the change window by executing tests and checks that the teams deem appropriate to verify that the applications are working as expected.

The name and email address of the line of business tester will be required to be documented in the long-description section of the change record.  For those changes that are on shared devices and that impact multiple lines of business, the project manager or technology project manager will be expected to coordinate the UAT.

The UAT is to be done during the approved change window so that should there be issues, they can be resolved prior to the start of the production day.

Some lines of business will not be able to test during this period due to services/exchanges needed to test not being available.  For these types of situations, the teams can follow their normal process for validating changes and will not be required to submit a waiver accompanied by Lines of Business approvals.

Issues reported outside of the change window will be handled as break-fix subject to normal SLA’s for incident restoral.

If the client decides they do not want to provide user acceptance testing, they must provide a UAT waiver email with Lines of Business approval attached to the change record.

Other relevant conditions that apply are outlined below:

  • Vendors in some cases are approved to test on behalf of the lines of business. That is acceptable as long as there is a detail test plan that covers all features and functionality associated with the device being changed.
  • Low risk- repeatable type changes, although not subject to this requirement, should be validated by the line of business as well.
  • Firewall rules changes are many times bundled into one change.   It is expected that the Service Request submitter will perform the UAT.
  • Non-prod devices, labs, and lower level development platforms are out of scope.