Change management is an integral part of project management and in fact all business processes. Information technology is no exception and IT change management manifests itself throughout the IT services lifecycle from Service Strategy to Continual Service improvement. Service owners have to be well-versed in IT change management and the respective roles and responsibilities of the various parties when it comes to IT change management. IT change management is discussed at length in ITIL foundation trainings and also online ITIL courses.
Official definitions of IT change management
Let’s look at the official description of IT change management. Change is the addition, modification or removal of anything that could have an effect on IT Services For instance, adding a new user identification feature to an existing service, introducing a completely new service like providing finance news for the subscribers of a telecom operator and retiring an old service that will not be used anymore are all examples of changes from an IT change management point of view.
The scope of IT change management should include all IT Services, configuration items, processes, and documentation etc. IT change management does not deal with changes in the services all the time. For instance, the documentation of a service or process might require updates as well and these are also considered as changes.
IT change management: Request for change
A request for change is abbreviated as RFC. RFC is the formal proposal for a change to be made in IT change management. The business, customer or a department in the organization can request a new service to be provided, an update in existing services or a revision or update might be required in the processes of the organization or on the documentation, policies etc. In IT change management, in order to initiate the change, an RFC is made by the demanding party requesting the change. An RFC includes details of the proposed change, and may be recorded on paper or electronically. Depending on the organization and processes of the company, an RFC can be made over e-mail, meeting minutes or a specific tool tracking the change requests and following the approval progress as part of IT change management
IT change management: Types of change
There are three types of changes in that is relevant to IT change management. These are:
- Standard Change,
- Normal Change
- Emergency Change.
Standard change is a pre-approved change that is low risk, relatively common and follows a procedure or work instructions. For instance, password change of a user in each three months is a change, but it is common and when the user follows the instructions, he can change the password easily. Similarly, changing a profile picture or updating the notebook of an employee are examples of a standard change within the framework of IT change management as well. Standard changes do not require an RFC to be submitted. Standard changes are logged and tracked using different mechanism within the IT change management process. For instance, in order to upgrade the notebook, an employee can initiate a service request.
Normal Change is the second type of change within IT change management. A normal change is every change that is not classified as a standard or emergency change. If a new feature has been introduced for a new service or existing service has been updated, this is an example of a normal change. For instance, introducing fingerprint recognition service as a new user identification service for the ATMs of a bank is an example of normal change as classified in IT change management.
The third and the last type of change relevant to IT change management is Emergency Change. Emergency changes must be introduced as soon as possible. Instead of an extension of an existing service or introducing a new service, emergency changes are initiated generally to solve a major incident or implementing a security patch. For instance, if an IT service provider identified a security leakage that can cause that the credit card details of the customers can be stolen, this is a critical leakage and the security fix must be implemented immediately. As soon as the regarding solution has been developed, this is implemented through an emergency change to the system.
The IT change management process will normally have a specific procedure for handling emergency changes. Normal change procedure can be more bureaucratic and can take time to get all approvals to implement a change. But since emergency changes must be implemented as soon as possible, there can be faster and specific procedures for handling emergency changes.
IT change management: Change Advisory Board
The Change Advisory Board is abbreviated as CAB and it is a group of people that advises the Change Manager in the assessment, prioritization, and scheduling of changes during the IT change management process. The change manager is the ultimate responsible person for the coordination, organizing, prioritizing and management of changes in an IT service provider. However, there can be several departments, stakeholders, and organizations interacting with the IT Service provider in service delivery. Therefore, when managing and implementing changes in the IT service provider, representatives of these departments or organizations advise the change manager. For instance, a department using a service can advise the change manager on what happens if the change does not happen successfully. The CAB usually consists of representatives from IT Service Provider, Business, Suppliers, and Partners.
IT change management: Emergency Change Advisory Board
The Emergency Change Advisory Board is abbreviated as ECAB and sub-set of the change advisory board who make decisions about high impact emergency changes. Let’s consider the example we gave previously. It has been notified that there is a security leakage in the system that can cause the credit card details of the customers to be stolen. After developing the security fix for this issue, in order to implement this change, an immediate meeting is organized to get the opinion of the stakeholders about this emergency change. Membership of the ECAB may be decided at the time a meeting is called and depends on the nature of the emergency change. Only the relevant stakeholders are called to the meeting to notify the change. However, in normal changes, the change advisory board comes together regularly to advise change manager appropriately.
These are the definitions relevant to IT change management. IT service owners, change managers and IT service managers must familiarize themselves with these official IT change management definitions.