Basic Principles of Technology Change Control

IT-Toolkits_Change_Control

The basic principles for managing “technology change” can be broken down into four (4) categories for simplified planning, covering technology use, change control targets, change delivery mechanisms and change “purpose”.

How is change control used to manage technology?

  • Change control is a management practice used to “control” the initiation, planning, approval, execution and processing of required changes to in-place technology.

What are the most common change control targets?

  • The targets of change management practices, and related policies, are in-place technology including networks, servers, storage devices, end-user devices (desktops, laptops, notebooks, tablets), software, and related products.

How is change control delivered?

  • Change control practices are delivered as documented policies, implemented through the use of related operational procedures and related tools.

What are the primary change control “goals and objectives”?

  • To manage and create a documented record of required changes and ensure that each change is implemented in the most cost effective, high quality manner with minimal disruption to ongoing operations.

Navigating the Change Control Decision Tree

What does it take to plan effective change control policies that are relevant, realistic and appropriately aligned with the established IT strategic vision?  The following 12 step decision tree lays out the key issues and factors to be addressed:

  1. Change Control Policy Scope: What types of changes will be encountered considering in place hardware and software?
  2. Change Request Initiation:  How will change requests be received,initiated and submitted (considering procedures and deliverable s)?
  3. Change Evaluation Criteria:  What criteria, variables and factors will be used to review, analyze, approve or reject change requests?
  4. Change Design and Development:  How will planned changes be designed, planned and tested considering procedures, requirements, roles and responsibilities?
  5. Change Scheduling: How will changes be scheduled in order to minimize business disruptions without placing undue burdens on responsible staff (i.e. using nights, weekends, holidays, or scheduled downtime)?
  6. Change Stakeholders: Who will be responsible for change planning and implementation?
  7. Change Communication:  How will scheduled changes be communicated to staff and end-users?
  8. Change Conflict Resolution: How will change related disputes and problems be resolved considering escalation procedures and decision making authority?
  9. Technical Problem Resolution: What safety measures will be required should problems occur as a result of an implemented change (i.e. back-out plans)?
  10. Post Change Support: What resources and activities will be required to provide “post-change” support considering change complexity, end-user support requirement, Help Desk services, and anticipated problems?
  11. Change Related Record keeping:  How are change “specifications” to be documented and tracked once implementation is completed?
  12. Change Process Maintenance:  How will change control practices be maintained and validated to ensure continuity and viability?