PFI-QA-SOP-02 Change Management

STANDARD OPERATING PROCEDURE FOR CHANGE

MANAGEMENT

PSALMS FOOD INDUSTRIES LIMITED

ISO FSSC ISO BS OHSAS

9001:2015 22000:2018 14001:2015 18001:2007

Issue: A Revision: 0 Effective Date: 01.03.2021 Controlled copy do not duplicate

 PFI-QA-SOP-02 Change Management

1.0 Approvals
The signatures below certify that the procedure has been verified and accepted and demonstrates that the signatories are aware of all the
requirements contained herein and are committed to ensuring their implementation.

Name Position Signature Date

Prepared by

Verified by Operations Manager

Approval Quality Manager

Commercial Manager

Production Manager

Sales Manager

2.0 Amendment Record

This procedure is reviewed annually to ensure its continuing relevance to the Psalms Food Industries systems and the process that it
describes.

3.0 Distribution List

3.1. Operations Manager
3.2. Director Finance and Administration
3.3. Manager Sales
3.4. Manager Marketing
3.5. Manager Procurement
3.6. Commercial Manager
3.7. Logistics Manager
3.8. Food Safety team leader
3.9. Quality Manager
3.10. Maintenance Manager
3.11. Customer Service Officers

4.0 Purpose

Issue: A Revision: 0 Effective Date: 01.03.2021 Controlled copy do not duplicate

 PFI-QA-SOP-02 Change Management

To ensure that changes related to any part of the process, such as; inputs, resources, people, activities, equipment, controls, measurements or
outputs are documented, evaluated, authorized, prioritized, planned, tested, implemented, reviewed to more rapidly meet business needs
better, faster, cheaper while minimizing negative effects on all stakeholders.

5.0 Goal
5.1. Support timely and effective implementation of business-required changes.
5.2. Appropriately manage risk.
5.3. Minimize negative impact.
5.4. Ensure changes achieve desired business outcomes.

6.0 Scope
This procedure applies to changes directly linked to:

6.1. Legal requirements.

6.2. Workplace Safety.
6.3. Meeting customer requirements and enhancing customer satisfaction.
6.4. Product; attributes, safeguarding product quality and food safety.
6.5. Ensuring effectiveness and continual improvement of Quality, Food safety, Environment and workplace safety Management
Systems.
6.6. The addition, modification or removal of authorized, planned or supported service or service component and its associated
documentation.

7.0 Triggers for change

PFI has identified but not limited to the following as triggers for change

7.1 Customer feedback.

7.2 Customer complaint.
7.3 Product and service failure.
7.4 Employees and other interested parties feedback.
7.5 Innovation.
7.6 Determined risk.
7.7 Determined opportunity.
7.8 Internal or external audit results.
7.9 Identified nonconformity.
7.10 Identified opportunities for improvement.
7.11 Incidents and accidents.
7.12 Business initiatives that are or will exceed our current capability to manage changes.
7.13 Management review results.

8.0 Value of change management to PFI

8.1. More changes fulfill the desired business outcome leading to increased customer satisfaction.
8.2. Contributing towards meeting governance, legal, contractual and regulatory requirements.
8.3. Faster time-to-value of changes lead to more on-time delivery of projects / outputs.
8.4. Less rework of changes result to more labor available for value-add work.
8.5. Fewer post-implementation Incidents lead to higher product and service Availability.
8.6. Increased Services and infrastructure stability lead to more staff time for value-add work.

Issue: A Revision: 0 Effective Date: 01.03.2021 Controlled copy do not duplicate

 PFI-QA-SOP-02 Change Management

8.7. Increased team collaboration across silos result to more focus on business value.

9.0 PFI Change management focus

9.1 Creating a culture of change management across the organization.
9.2 Aligning the service/product/culture change management process with business objectives
9.3 Prioritization of changes.
9.4 Establishing accountability/responsibilities for changes through the product / service lifecycle.
9.5 Establishing a single focal point for changes to minimize conflicting changes and potential disruption.
9.6 Preventing anyone who is not authorized to make changes from having access to the production environment and process
controls.
9.7 Establishing change windows.
9.8 Performance and risk evaluation of all changes.
9.9 Performance measures for the process.

10.0 Definitions and Abbreviations

10.1 Change Advisory Team (CAT)- Team composed of representatives from all functions and thought leaders tasked with
reviewing Requests for Change to assess risk of adverse business impact of proposed changes.

10.2 Change advisory team leader (CATL) - individual responsible for facilitating the Change Management process, Chair CAT
meetings, and is ultimately responsible for approving changes

10.3 Request for Change (RFC) - Formal request to make a change

10.4 Change Initiator – Name of the person requesting the change. Initiator must attend CAT to represent the change and answer
any questions or concerns raised by CAT

10.5 Change Implementers - Staff who will be carrying out the work described

10.6 Tracking number - Unique ID number assigned by CATL / CAT

10.7 Status – current status of request – Field Managed by CATL / CAT.

10.7.1. Submitted - RFC has been accepted by CATL / CAT for consideration

10.7.2. Approved - RFC has been reviewed and approved by CATL / CAT

10.7.3. Rejected - RFC has been reviewed and rejected by CATL / CAT - explanation provided in comments field

10.7.4. Pending - RFC has been reviewed and is awaiting further information, explanation or other input. Explanation provided
in Comments field

10.8 Priority - Priority of RFC: Field completed by change initiator

10.8.1. Normal - Normal changes

10.8.2. Standard - Standard, pre-approved change

10.8.3. Emergency - Changes that must happen faster than normal CAT schedule allows. Typically associated with either
rapidly emerging business needs or Incident Management

10.9 Submission Date - Date the RFC is submitted

10.10 Short Description of Change - Description of the change being requested

Issue: A Revision: 0 Effective Date: 01.03.2021 Controlled copy do not duplicate

 PFI-QA-SOP-02 Change Management

10.11 Reason for Change - Description of why the change is being requested. Should explain the expected results and and benefits
from the quality and business perspective. For significant changes, this can be a pointer to a more complete plan

10.12 Configuration Items - Components of the infrastructure, both hardware and software that managed by the organization
impacted by the change

10.13 Stakeholders – Customers, Users, regulatory authorities Impacted by the proposed change

10.14 Proposed Change Date - Desired implementation date of proposed change

10.15 Proposed Change Time - Desired time to implement change

10.16 Change Duration - Estimated time to fully implement change, including time to fully roll back if needed

10.17 Approved Change Date / Established release windows - Date for which CATL / CAT approves change

10.18 Approved Change Time - Time for which CATL / CAT approves change

10.19 Implementation Plan - Detailed plan to implement proposed change. Describes the major steps to be performed. Should
include who will be performing the steps. For large, or high impact changes, may be a pointer to Release or project plans (The
level of detail depends on the culture as well as the nature of the requested change. Encourage requestors to error on the side of
more detail

10.20 Communication Plan - What information will be communicated to customers/stakeholders, by who, and how will the
information be communicated

10.21 Post-Implementation Test Plan - How will the change be tested once complete to ensure the desired outcomes will be realized
by the business

10.22 Backout Plan - Detailed plan to undo (backout) the change in the event of trouble or unintended results. For large or high
impact changes, may be a pointer to Release or project plans

10.23 Comments - Additional information as needed - use to document "Pending" or "Rejected" requests

10.24 Result - Status indicating the result of the change:

10.24.1. Success - Change worked as planned

10.24.2. Failed - Change failed, customer impacted

10.24.3. Rolled Back - Change failed, rolled back without customer impact

10.25 Post Implementation Review - Comments on CAT's review of the change. Include any lessons learned or opportunities for
improvement

11.0 Change categorization at PFI

11.1 Standard changes (pre-authorized)
A standard change is a change to product, service or infrastructure for which the approach is pre-authorized by change
management that has an accepted and established procedure to provide a specific change requirement i.e. a new staff being
assigned a new role.

It shall have a documented process that’s been reviewed and approved by Change Management

11.1.1. The elements of a standard change are:

11.1.1.1. There is a defined trigger to initiate the request for change

Issue: A Revision: 0 Effective Date: 01.03.2021 Controlled copy do not duplicate

 PFI-QA-SOP-02 Change Management

11.1.1.2. The activities/tasks are well known, documented and proven

11.1.1.3. Authority is given in advance (these changes are pre-authorized)

11.1.1.4. The risk is usually low

11.1.1.5. Enables rapid implementation of frequent changes while managing the risk

11.1.1.6. Not tracked as a Request for Change (RFC), but are tracked elsewhere, often as Service Request records

11.1.1.7. The proposed Standard change which describes how the change and associated risks will be managed shall be presented to
Change Management team to review/approve.

11.1.1.8. Once Change Management has approved the Standard Change, it can be carried out in production as needed per the defined
process

11.1.1.9. Rationale: Standard Changes, even after approval, are still under the jurisdiction of Change Management. If Standard Changes
start causing Incidents, Change Management can bring the Standard Change back for review and request changes as needed.

11.2 Normal change

Is a non-emergency, often non-trivial proposed changes to services, processes, and infrastructure raised as Request for Change (RFC) that
must follow the complete change management process.

Categories:

11.2.1. Minor change – low risk and impact

11.2.2. Significant change – medium risk and impact
11.2.3. Major change – high risk and impact.

Activities of the normal change process:

 Record requests for change

 Change logging

 Review the request for change

 Assess and evaluate the change request

 Evaluation of change

 Allocation of priorities

 Change planning and scheduling

 Authorizing the change

 Coordinating change implementation

 Review and close change record

11.3 Emergency changes

Changes intended to repair an error in a process or equipment that is negatively impacting the process & business to a high degree or to
protect the organization from a threat.

Issue: A Revision: 0 Effective Date: 01.03.2021 Controlled copy do not duplicate

 PFI-QA-SOP-02 Change Management

12.0 Process
12.1 Change initiation
Any member of the PFI team or external providers can request the change. He or she shall pick and complete the request for change form
from the section head and complete the details:-

12.1.1. Date of submission

12.1.2. Priority – emergency, normal, standard

12.1.3. Name of the initiator

12.1.4. Short description of change

12.1.5. Reason for change alongside with any other relevant comments, annexes or references related to proposed change

12.1.6. Proposed change date

12.1.7. Proposed change time

12.1.8. Change duration

12.1.9. Concept and feasibility

12.1.10. Definition of requirements

12.1.11. Design

12.1.12. Configuration items, inputs, product, process for which change is to be carried on

12.1.13. Impact on; customers, users, relevant stakeholders, time schedule, costs – current and future, outputs, the objectives set for quality,
food safety, safety, environment, effectiveness of processes that are part of the Quality Management System

12.1.14. Description of the level of validation documentation requirements

12.1.15. Specification on whether independent validation for quality & safety is required and how that is to be achieved

12.1.16. Criteria and guidance on the extent and nature of the consultation and briefing that should be carried out for the level of validation
being applied.

12.1.17. Implementation plan outlining- Plans for introducing the change including modifications to the system

12.1.18. Communication plan - How changes regarding operations, equipment and procedures shall be effectively communicated to all the
stakeholders Operations and maintenance

12.1.19. Requirements for instruction and training

12.1.20. Any additional resources required to implement the change, for example supervision or verification

12.1.21. Documents that need to be revised, for example, operating procedures, risk registers, training material, interface coordination plans,
emergency plans and management of change documentation itself

12.1.22. Health, safety and environmental responsibilities

12.1.23. Security responsibilities – i.e. passwords

12.1.24. Post implementation plan - Plans for monitoring and reviewing the change following implementation. Test and validation

12.1.25. Back out plan

Issue: A Revision: 0 Effective Date: 01.03.2021 Controlled copy do not duplicate

 PFI-QA-SOP-02 Change Management

12.1.26. Any other comments

12.1.27. The completed RFC form shall be forwarded to section head.

12.1.28. Section head shall register the change request in the change request log in Compliance office and discuss the preliminary request
with the General Manager for the department.

12.1.29. Both General Manager and section head shall appoint a cross-functional change advisory team to review the RFC

12.2 Change advisory team

12.2.1. Each function within each department shall identify technical people and key thought leaders to serve as change advisory team on need
basis.

12.2.2. The initiator shall attend all the review meeting to present the change and shed more light if need be.

12.2.3. Operations staff shall be part of the CAT and have access to the details of changes

12.3 Role of change advisory team are as follows:

12.3.1. Leverage and embrace existing practices if they are effectively facilitating Changes, assessing and mitigating risk of negative impact
unless if they are not producing value for the business.

12.3.2. Review proposed changes by ensuring they are business aligned and does not pose undue risk to the business.

12.3.3. Invite business representatives and guests with specialized skill set useful in evaluating a particular change if need be

12.3.4. Ensure it does not become a bureaucratic roadblock

12.3.5. Maintain Change Log focused on the value of the process, and not the details to keep track of proposed and approved changes.

12.3.6. Track Change and outcomes using the request for change tracking tool

12.3.7. Establish an emergency change process to handle urgent and critical changes via email. This is important to avoid the “too slow and
bureaucratic” criticism

12.3.8. Define critical success factors - outcomes for the proposed change; i.e. reduce negative business impact of changes (value). Timely and
successful changes (effectiveness). Consistent and effective handling of changes (risk)

12.3.9. Define appropriate KPIs for proposed change: Average time to implement changes. Number and percentage of failed/rolled back
changes

12.3.10. Draft a proposed solution to meet the requirements once the request has been made, and initial requirements have been gathered.

12.3.11. Document the plan in enough detail that it can be understood and reviewed by technical staff and decision makers

12.3.12. Break the plan into tasks and assign roles of people who are; responsible, accountable, to be consulted and to be informed

12.3.13. Formally review and validate a proposed course of action before work begins so as to think through the proposed solution and
identify any potential problems or likely unintended consequences. Making adjustments before work starts to minimize unnecessary rework
and downstream problems.

12.4 Guidelines to pre-implementation review and validation of documented plan (course of

action)
The review shall be done by well qualified staff, who are together looking at the big picture. Considering:

Issue: A Revision: 0 Effective Date: 01.03.2021 Controlled copy do not duplicate

 PFI-QA-SOP-02 Change Management

12.4.1. Whether the desired outcomes are well understood, documented, and has the business approved

12.4.2. If it is understood how the change will impact existing business and processes

12.4.3. How the proposed change will impact existing services

12.4.4. The activity and items involved if used by other services / processes, how the proposed change effect that and mitigations.

12.4.5. If the infrastructure will support the change

12.4.6. If the plan follow established technical and architectural standards

12.4.7. If the change will introduce new technologies, and if so, how are we prepared to support them

12.4.8. If the change will add unnecessary complexity, and if there a simpler solution

12.4.9. If the organization have the knowledge, experience, and capacity to deliver the proposed solutions, and if the proposal describe how
these will be accomplished – training, partnerships, consulting, etc

12.4.10. If the business is likely to realize the desired outcomes

12.5 Building change

12.5.1. Where change involve introducing a new product or modifying the existing one the process shall involve; change planning, change
build, and change implementation

12.5.2. Initial bench trials shall be carried out, sensory evaluation done by all stakeholders to assess feasibility

12.5.3. A commercial trial batch with the volume able to depict all the process steps – product, primary, secondary packaging to enable all the
stakeholders to assess viability on potential impacts during implementation and or after completion of change

12.6 Guidelines to post- build / implementation review

This second review focus on:

12.6.1. If testing verify that change meet the stated outcomes

12.6.2. If build and test process identified any additional risks, and if they been addressed

12.6.3. If the business ready for the change at the proposed time, and if there has been effective communication

12.6.4. If the Implementation Plan is complete, and staff trained and prepared for a successful implementation

12.6.5. Looking closely at changes that are taking greater than predetermined period to understand why. Make adjustments to shorten the
process, and monitor the KPI to make sure you’re moving in the right direction

12.7 Submission
Change advisory team shall consolidate documentation on the change including any supporting records (such as external reports, quotes, or
findings), details the work to complete the change and the impact of the change to the project and deliverables and submit the report to
General Manager concerned for consideration

12.8 Approval
12.8.1. The authority for approval is guided by: business impact, risk level and sections affected.

12.8.2. General Manager and Line Manager shall approve low risk, standard and emergency changes

Issue: A Revision: 0 Effective Date: 01.03.2021 Controlled copy do not duplicate

 PFI-QA-SOP-02 Change Management

12.8.3. Board of General Managers shall approve changes touching on multiple departments

12.8.4. Board of Directors shall approve high risk and significant cost changes.

12.8.5. The relevant authority shall review the change request, indicate their recommendations, decisions, and if any other level of approval is
required then return it to the CAT.

12.8.6. If approved the change advisory team through the chair shall:

12.8.7. Update the appropriate documentation to reflect the change i.e. scope, schedule, costs, or other terms.

12.8.8. Set an appropriate date to review the implementation of the change.

12.8.9. If rejected, the Chair of the CAT will update the Change Control Log

12.9 Implementation
12.9.1. Shall be done as per the approved implementation plan

12.9.2. Change advisory team shall work in partnership to align all the processes and people involved in change initiatives.

12.10 Monitoring and Review

At the first relevant CAT meeting following the implementation of a change, the meeting will consider the management of changes against
the following criteria:

12.10.1. An item concerning all changes implemented since the last meeting

12.10.2. Setting performance targets for the change, and where applicable review organizational key performance targets

12.10.3. Status of training provided to staff affected by the change

12.10.4. Status of post implementation competency assessment to ensure the training provided was adequate for facilitating the change

12.10.5. Any new risks eventuated or pre-existing risks increased after implementation

12.10.6. Status of pre-existing risks whether have been reduced or eliminated

12.10.7. Additional risk controls, implemented as part of the change, whether appropriate

12.10.8. Process to revise the risk assessment as new information accumulates

12.10.9. Any improvements which could be made to the change process

12.11 Improvement
12.11.1. Failed changes shall be used as opportunities to improve not finger point

12.11.2. Outcomes data shall be used to identify ways to improve the CAT. For instance, for a failed change, are there things CAB could have
anticipated and avoided the failure

12.11.3. If any rolled back or failed, are there any lessons to be learned that could improve the CAB process

12.11.4. If the lessons learned are small and doable, they shall be made part of the CAB culture immediately

12.11.5. If the lessons learned require more work, a prioritized list shall be maintained, and the high priority ones implemented as opportunity
allows.

Issue: A Revision: 0 Effective Date: 01.03.2021 Controlled copy do not duplicate

 PFI-QA-SOP-02 Change Management

12.11.6. Initiatives uncovering sources of unintended consequences from proposed changes before causing customer impact as a standard shall
be acknowledged and celebrated.

12.12 Key performance indicators and metrics for change management

12.12.1. Number/percent of failed changes

12.12.2. Number of incidents caused by changes

12.12.3. Service downtime caused by changes

12.12.4. Number/percent of unplanned/emergency changes

12.12.5. Number/percent changes that met customer’s established requirements.

12.12.6. Average time to implement changes

13.0 Records
13.1. Request for change form

13.2. Request for change Log

13.3. Minutes for CAT meetings

13.4. Plans – communication, implementation

13.5. Training records.

Issue: A Revision: 0 Effective Date: 01.03.2021 Controlled copy do not duplicate