Effective management of change provides a structured, consistent, and measurable change environment to be utilized across an organization and is a critical component in the success of its daily business. Its goal is to increase awareness and understanding of proposed changes across the organization and ensure that all changes are made in a thoughtful way that minimizes negative impacts to services and customers. An organization should have a document that defines the implementation of Change Management procedure. The computing systems, networks, peripherals, and associated facilities are subject to continuous changes driven by new technology, evolving business requirements, changing contractual requirements, and growing regulatory policies. Effective change management applies to both systems and supporting infrastructure, and is a necessary component for the continuous success and growth of the organization.
Key Steps of Change Management Procedure
- Post Implementation review
The Change Management Lifecycle
Change Categories and Change Definition
The organization needs to define change categories. The two most common change categories are Normal and Emergency changes. There is no strict rule to follow as to how to define the change categories; however, the design of the categories should fit a particular organizations unique needs.
Change categories should be reviewed for total risk value when the following type of changes are identified:
- Removal of new or existing Data Center located equipment, servers, or major network components.
- Changes of existing Data Center equipment, servers, or major network components
- Planned environmental changes (i.e. electrical, air conditioning, and etc.)
- Installation of new network wide service, systems software, operating system or program products on productions systems
- Modifications to production operating systems
- Any application software/microcode changes whose implementation procedure may affect system/subsystem availability or networking capability
- Any change with the intent of fixing a major (Severity 1) system problem that is causing an outage
- Any change that may affect the normal availability of services including the production schedule
- Routing hardware and preventative maintenance that may impact service availability
- Catalog maintenance and procedures.
Roles and Responsibilities
Roles and responsibilities need to be clearly defined within the change management procedure to establish accountability. The roles and responsibilities may vary depends on the organization’s job functions.
Change Control Review Borad (CCRB)
Some organizations call it Change Review Board (CRB) or Change Advisory Board (CAB). Regardless of the name, an CCRB reviews impact, assesses risk, proposes, considers, recommends and accepts or rejects change implementation actions for all categories for all changes. The CCRB membership consists of selected members of the IT Management Team, the Change Manager, and the representatives from each IT Department, Customer Representatives and third Party Providers.
Change Request (CR)
A Change Request documents the scope of the change, including indentifying the system impact, duration of any outage, business units affected, and assessment of risk. The request also includes change category, the verification of testing, testing sign-off for pre and post implementation by all affected parties, clear implementation steps, back out steps, and success criteria. Entering accurate information with appropriate detail is a requirement to get a CR approved. In addition, any impact of the change to contingency plans, operational documentation, or any other documentation or procedures must be indicated in the CR. The CRs are submitted for review and approval by CCRB.
Approved and scheduled changes should be communicated to the impacted business community, users, and appropriate parties.
The change implementer performs the steps described in the CR to implement the change. Any variation in the approved Implementation Plan from what was authorized must be escalated for approval during the implementation.
The success of a change implementation must be verified for appropriate functionality. The Implementer involves the Requestor and the Customer for validation per the pre-defined acceptance criteria, as previously concurred with by the Customer. If a change fails to meet the pre-defined acceptance criteria, it must be backed out.
If a change fails during implementation or is backed out following implementation, the request must be closed as failed.
Backouts are performed in accordance to the approved Backout Plan and instructions defined in the CR. To maintain the integrity of the IT environment, any change that fails to meet the defined acceptance criteria must be backed out in its entirety.
Perform Post Implementation Review
A Post Implementation Review (PIR) is conducted after a change or project has been implemented. A PIR determines if the change or project was successful, and identifies opportunities for improvement.
There you have it. 8 key steps to implementing an effective change management program. For each of these steps, we have prepared an appropriate guide or checklist as required and assembled them into a downloadable change management kit, which you can download by clicking the button.