In this series of articles on implementing IT processes, previously we have discussed setting up the Service Desk function and the Incident Management and Problem Management processes.
We will now take a look at the process that affects and influences both day-to-day work and future planning: Change Management.
Purpose and Definitions
ITIL defines the purpose of Change Management as: to ensure that standardized methods and procedures are used for efficient and prompt handling of all Changes to control the IT infrastructure to minimize the number and impact of any related Incidents upon service.
As discussed earlier in the series, reactive Changes to the IT infrastructure may be necessary to restore service (resolve an Incident) or address root causes of Incidents (resolve Known Errors). Scheduled Changes to the IT infrastructure may be necessary for legal compliance, service improvement, growth or expansion and other business initiatives.
The goal of Change Management is to ensure that all of these Changes are handled in a standard way and to maintain an appropriate balance between the need for Change and the potential impact of those Changes.
Change Management is responsible for controlling Changes to Configuration Items (CIs) within the IT infrastructure, from planning through implementation and post-implementation review. This process will typically entail the following tasks in the planning phase: raising and recording Changes, assessing the Change Request for impact, as well as the cost/benefit and risk of each Change Request.
Each Change requires business justification and approval from appropriate business and IT management (to include designated application or service owners). Certain types of Changes which are simple, low-risk and must be performed regularly (such as maintenance tasks) may be pre-approved.
All other Changes are discussed and approved or rejected in a regular meeting of the Change Advisory Board (CAB); Emergency Changes are subject to a streamlined and accelerated Emergency CAB. The CAB is usually composed of the Change Manager, IT staff, suppliers, developers, customers/users, and subject-matter experts, depending on the Change Requests to be reviewed.
Changes that are approved for implementation are added to the Forward Schedule of Change (FSC). The FSC provides insight across IT and the business into upcoming Changes and is a valuable input for planning.
Change Management is also responsible for managing and coordinating implementation; actual implementation is usually handled by the relevant IT staff. Typically, planned Changes will be implemented during agreed times of low-activity or demand (i.e., evenings or weekends, depending on the business). And, like all ITIL processes, Change Management is also responsible for monitoring and reviewing Changes post-implementation and management reporting.
Change Management is not just about controlling the IT infrastructure. Because the only way to ensure stability is to make zero Changes, it is not practical to expect Changes will have no impact. Therefore, Change Management also plays a role in risk mitigation: finding the balance between the requirement for Changes and the means to reduce potential Incidents and disruption.
The implementation of Change Management will also necessitate cultural change within the organization. Because it depends on standardized methods, reviews and approvals, it is likely that for many people, it will represent an entirely new, more formal way of working.
And because such change typically encounters resistance, the success of the implementation requires a concerted effort to sell and demonstrate the benefits of this new way of working versus the current one. This is a subtle but important point: if you are only focused on IT, and not on the whole business, Change Management will have limited effectiveness and authority.
In the next article in this Introducing IT series, we will take a more in-depth look at the Change Management process, the CAB, and measurements for continuous improvement.