store.theartofservice.com/itil.html
Change Management ?& ITIL V3
Service Transition
Change Management
The process responsible for controlling the lifecycle of all changes. The primary objective is to enable beneficial changes to be made with minimum disruption to IT Services and the business.
Goal
The goal of Change Management is to:
Respond to the customers changing business requirements while maximizing value and reducing incidents, disruption and re-work.
Respond to the business and IT requests for change that will align the services with the business needs.
Scope
Scope of change and release management for services.
Terminology of Change
Terminology (2)
Policies
Increasing the success rate of changes and releases requires
Executive support for implementing a culture that sets
stakeholder expectation about changes and releases and
reduces unplanned work.
It must be policies and standards defined which make it clear
to the internal and external providers what must be done and
what the consequence of non-adherence to policy will me.
Design & Planning
The Change Management processes should be planned in conjunction with
Release and Configuration Management. This helps the service provider to
evaluate the impact of the change on the current and planned services and
releases. The requirements and design for the Change Management
process include:
Legislation, codes of practice, standards requirements
Approach to eliminating unauthorized change
Identification and classification
Organizational, roles and responsibilities
Stakeholders
Grouping and relating changes
Procedures
Interfaces to other Service Management processes
Approach to interfacing Change, Release and Configuration Management
Types of Change Request
A change request is a formal communication seeking an alteration to
one or more configuration items. This could take several forms e.g.
RFC
Service Desk call
Project Initiation Document.
The organization must ensure that appropriate procedures and forms
are available to cover anticipated requests. Avoiding bureaucracy by
using a standard change procedure and ‘pre’ authorizing minor
changes removes some of the cultural barriers to adopting the
Change Management process.
Change process models and workflows
It is helpful to predefine change process models – and apply them to
appropriate changes when they occur. A process model is a way of
predefining the steps that should be taken to handle a process (in this
case a process for dealing with a particular type of change) in an
agreed way.
Support tools can then be used to manage the required process.
This will ensure that such changes are handled in a predefined path
and to predefined timescales.
Standard Change (pre-authorized)
Approval of each occurrence of a standard change will be granted by the
delegated authority for the standard change, e.g. by the budget holding
customer for installation of software for an approved list on a PC registered
to their organizational unit or by a 3rd party engineer for replacement of a
faulty desktop printer.
The crucial elements of a standard change are:
Defined trigger to initiate RFC
Tasks are well known, documented and proven
Authority is effectively given in advance
Budgetary approval will typically be preordained or within the control of the change requester
Risk is usually low and always well understood.
Remediation Planning
No change should be approved without having explicitly addressed the
question of ‘what do we do if it is not successful?’.
A back-out plan should be created that will restore the organization to the pre
change state, this is often achieved through the reloading of a baselined set
of CI’s.
However, not all changes are reversible, so an alternative approach to
remediation is required. This may involve revisiting the change itself in the
event of failure, or it may be so severe that it requires invocation of the
continuity plan.
Only by considering what remediation option are available before
implementing a change can the risk of the proposed change be determined
and informed decisions taken.
Activities
Creating & Record RFC’s
The change is raised by a request from the initiator – the individual or
organizational group that requires the change.
For a major change with significant organizational and/or financial
implications, a change proposal may be required. This will contain:
full description
business and financial justifications
signed off by relevant members of business management.
Change Logging
All RFC’s received should be logged and allocated to an identification
number.
Where change requests are submitted in response to a trigger such as a
resolution to a Problem Record, it is important that the reference number of
the triggering document is also documented to provide traceability.
Logging of RFC’s should be done by means of an integrated Service
Management tool, capable of storing data on all assets and CI’s and the
relationships between them.
Procedures should specify levels of access and who has access to the
logging system. While any authorized personnel may create, or add reports
of progress to, an RFC only Change Management staff will have permission
to close an RFC.
Review RFC
Procedures should stipulate that, as changes are logged, Change
Management should briefly consider each request and filter out any
that seem to be:
Totally impractical
Repeats of earlier RFC’s
Incomplete submissions.
These should be returned to the initiator, together with brief details of
the reason for rejection, and a record should be entered in the
change log. A right of appeal against rejection should exist, via
normal management channels, and should be incorporated within the
procedures.
Assess & Evaluate
The potential impact on the services of all changes and their
impact on service assets and configurations need to be
considered. The Seven R’s of Change Management provide a
good starting point.
Many organizations develop specific impact assessment forms
to prompt the impact assessors about specific types of change.
This can help with the learning process, particularly for new
services or when implementing a formal impact assessment
step for the first time.
The 7 R’s of Change Management
Who RAISED the change?
What is the REASON for the change?
What is the RETURN required from the change?
What are the RISKS involved in the change?
What RESOURCES are required to deliver the change?
Who is RESPONSIBLE for the build, test and implementation of the change?
What is the RELATIONSHIP between this change and other changes?
Risk Categorization
Evaluation of Change
Based on the impact and risk assessment, and the potential benefits
of the change, each of the assessors should evaluate the information
and indicate whether they support approval of the change.
All members of the change authority should evaluate the change
based on impact, urgency, risk, benefits and costs. Each will then
indicate whether they support approval and be prepared to argue
their case.
Authorizing the Change
Coordinate Change Implementation
Authorized RFC’s should be passed to the relevant technical groups
for building of the changes. It is essential that this is a formal process
so that it can be tracked and reviewed.
Change Management has a responsibility for ensuring changes are
implemented as scheduled. This is a coordination role as the actual
implementation will be completed by other parties.
Remediation procedures will be documented in advance for each
authorized change, this documentation should include who is
responsible for invoking remediation.
Review & Close Change Record
On completion of the change, the results should be reported for
evaluation to the parties responsible for managing changes and then
presented as a completed change for stakeholder agreement.
A review should also include any incidents arising as a result of the
change. If the change is part of a service managed by an external
provider, details of any contractual service targets will be required.
Change Review
This review should be carried out to confirm that:
the change has met its objectives
the initiator and stakeholders are happy with the results
there has been no unexpected side-effects.
Any lessons learned should be fed back into future changes.
CAB
The cab may be asked to consider and recommend the adoption or rejection
of changes appropriate for higher level authorization and then
recommendations will be submitted to the appropriate change authority. To
achieve this the CAB needs to include people with a clear understanding
across a wide range of stakeholder needs. The Change Manger will chair
the CAB, exampled of potential members are:
Customers
User Managers
User group representatives
Applications Developers
Specialist/ technical consultants
Service and operation staff
Facilities/ office service staff
Contractors or 3rd party representatives
Other parties as applicable to specific circumstances.
ECAB
When the need for an emergency change arises it may not be
possible to convent a full CAB, it is necessary to identify a smaller
organization with authority to make emergency decisions. This body
is the Emergency Change Advisory Board (ECAB).
The number of emergency changes proposed should be kept to an
absolute minimum, as they are generally more disruptive and prone
to failure. Defined authorization levels should exist and the levels of
delegated authority must be clearly documented and understood.
Not all emergency changes will require the ECAB involvement, many
may be predictable both in occurrence and resolution and well
understood changes readily available.
Inputs & Outputs
Inputs:
Policy and strategies for change and release
RFC
Change Proposal
Plans e.g. change, transition, release, deployment, test, evaluation and remediation.
Current change schedule
Current assets or configuration items
Test results, test reports and evaluation report
Outputs:
Rejected RFC’s
Approved RFC’s
Change to the services
New, changed or disposed assets and CI’s
Change schedule
Authorized change plans
Change documents and records.
Interfaces with Service Management
The service management processes may require change and
improvements. Many will also be involved in the impact
assessment and implementation of service changes e.g.
Service Asset & Configuration Management
Problem Management
IT Service Continuity Management
Information Security Management
Capacity & Demand Management
Roles, Responsibilities and Skills
Change Manager
Administration of all RFC’s
Prepare RFC’s for CAB meetings, FSC for Service Desk.
Authorize (or reject) changes
CAB
Advises Change Manager on authorization issues for RFC’s with significant or major impact
Release Manager
Manages the release of changes
Advises the Change Manager (as part of CAB) on release issues
Technical specialists
Build and test the actual change
Skills: Business knowledge, technical, project management
Value to business
Reliability and business continuity are essential for the success and survival
of any organization. Service and infrastructure changes can have a negative
impact on the business through service disruption and delay in identifying
business requirements, but Change Management enables the service provider
to add value to the business by:
Prioritizing and responding to business and customer change proposals
Implementing changes that meet the customers’ agreed service requirements while optimizing costs
Contributing to meet governance, legal, contractual and regulatory requirements
Reducing failed changes and therefore service disruption, defects and re-work
Delivering change promptly to meet business timescales
Tracking changes through the service lifecycle and to the assets of its customers
Liaising with business change process to identify opportunities for business improvement.
Key Performance Indicators
Number of changes implemented to services which met the customers agreed requirements
Benefits of change expressed as ‘value of improvement made’ and ‘negative impacts prevented or terminated’ compared with the cost of the change
Reduction in number of disruption to services
Reduction in number of unauthorized changes
Reduction in backlog of RFC’s
Reduction in number and percentage of unplanned changes and emergency fixes
Change success rate
Reduction in number of failed changes
Incidents attributable to changes
Percentage accuracy in change estimate
Challenges
Change in culture
1 central process comes into place that influences everyone’s activities
Bypassing
projects ducking the Change Management planning
Optimal link with Configuration Management
to execute a controlled change all data MUST be reliable
Commitment of the supplier(s) to the process
Commitment of the management
because the Change Manager ultimately decides, ?not the management of the company !!!