CHANGE MANAGEMENT

PROCESS & IMPLEMENTATION

I. Change
A change is that process in infrastructure which involves in production environment and
is classified into groups according to Scope, Impact and Urgency. The ITIL definition of
a change is ‘the addition, modification or removal of anything that could have an effect
on IT services’.

II. Types of Changes

There are five change categories that can be assigned to a production change.

 Maintenance Change
 New/Modify Maintenance Change
 Planned Change
 Urgent Change
 Emergency Change

III. Change Management

Change Management process is to maintain the integrity of the production environment
by ensuring that changes are implemented with minimum risk to business. Change
Management is the gatekeeper to production environments through which every change
must pass.

IV. Objectives of Change Management

The goal of the change management process is to ensure that standardized methods and
procedures are used for efficient and prompt handling of all changes, in order to minimize
the impact of change-related incidents upon service quality, and consequently improve
the day-to-day operations of the organization.

 Effective communication about requested changes among the stakeholders of the

affected systems
 Minimization of the uncertainty around the existence, state, and outcome of a
change that has been requested in a work product.
  Impact to clients and end users is minimized and/or mitigated using established
risk criteria.

V. Scope
The scope of change management covers changes to all configuration items across the whole
service lifecycle

 Service solutions for new or changed services, including all of the functional
requirements, resources and capabilities needed and agreed
 Management information systems and tools, especially the service portfolio, for
the management and control of services through their lifecycle
 Technology architectures and management architectures required to provide the
services
 Processes needed to design, transition, operate and improve the services
VI. Risk Assessment
Key highlights of the risk assessment policy are:

 The assignment of risk is a two factor process involving assessment of negative

impact in case of a failed change and the probability that a change will fail to
meet the planned outcome once implemented.
 Impact refers to the effect that a failed implementation of the change would
impose and Probability refers to the likelihood that a change implementation will
fail in a manner that realizes the maximum negative impact.

VII. RFC Creation & Submission

Key highlights of RFC submission policy are:

 All members of IT and business are authorized to initiate Requests for Change
(RFC).
 Creation of an RFC must be initiated only when proper justification exists, stating
why a change is required.

VIII. Change Management Roles

The below mentioned roles are defined for Change Management:

 Change Initiator: a support user authorized to raise the change. He is also

responsible for closing all the change categories.
 Change Manager: is the owner of the change throughout the change lifecycle.
 Change Approver: An authorized person who can review the requirement and can
approve and reject the change.
 Change Implementer: a support user who will implement the change in the
production environment and perform the roll back if required.
  Change Owner: Establishes impact of change failure. Establishes probability of
change failure. Calculates risk based upon impact and probability. Documents the
risk level in the RFC.
 IT/Technical Manager (Technical Manager for particular technology/domain):
review the change, validates risk assignment, based upon an external review of
impact and probability, prior to the CAB meeting.
 CAB: Validates risk assignment, based upon an external review of impact and
probability, during the CAB review meeting.

IX. Emergency Change Advisory Board (ECAB)

 For emergency cases when immediate decisions need to be made, an Emergency

Change Advisory Board (ECAB) is formed.
 The members of ECAB may be different from members of CAB and a smaller
group of people.
X. Moratorium Period

 Moratorium period is the time period during which an organization wants to avoid
any changes in the production environment because of business criticality. This
period may also be referred to as a change freeze period.
 A change that demands implementation within moratorium period will go through
additional controls. These controls include but are not limited to additional
approvals, justification documentations and risk mitigation plans.
XI. Generic Workflow
 XII. Activities
Change management ensures that there is a standard process to handle all changes, of which
the activities are as follows:

 Create and record RFCs

 Review RFC and change proposal
Filtering changes
 Assess and evaluate the change
Establish appropriate level of change authority
Establish relevant areas of interest
 Authorize the change
Obtaining authorization/rejection
Communicating the decision with stakeholders and initiator of RFC
 Plan updates
 Coordinate Change implementation
Where the change is actually built, tested and implemented
 Review and close the Change
Collating the change documentation
Review the change(s) and change documentation
Closing the change document when all actions are completed

Depending on the type of change, the exact procedures to execute the activities may be
different.

XIII. Challenges
Challenges affecting Change Management are as follows:

 Change in culture: A central process comes into place that influences everyone’s
activities
 Bypassing: Projects dodging the Change Management process
 Close relationship with Service Asset and Configuration Management: To execute
a controlled change, all data must be reliable. Change Management relies on
configuration data, whereas Service Asset and Configuration Management relies
on Change Management for the information on changes