Modernize Your PKI → Optimize Productivity → Reduce Risks    |Here’s how to replace Microsoft PKI with EJBCA

ITIL Change Management

Change Management is one of the most important processes of Service Transition because it allows us to:

  • Reduce Costs
  • Lower Overhead
  • Add to bottom line
  • Improve Productivity
  • Improve Quality
  • Improve Services

The RFC (Request for Change) can be generated from anywhere in the organization. Implementing a Change Management program allows us to quickly update configurations, resolve errors and adapt to a changing environment.

Overview of Change Management

The overall purpose of Change Management is to make sure that we have well defined, standardized methods and processes for the efficient and prompt handling of all of our changes.

During the Change Management process, we will make sure that all the changes to service assets and Configuration Items (CIs) get accurately recorded in the Change Management System (CMS).  We want to reduce unplanned outages, achieve a high change success rate and effectively control changes.

Not implementing Change Management can result in emergency changes as well as unauthorized changes.

Change Management should be:

  • Well-defined
  • Well-documented
  • Consistent
  • Measurable

In the early process of the Change Management lifecycle we should gather information. One of the questions we could ask our team is: “Why do changes occur?” “Why do modifications to the Configuration Items happen?” Probable reasons include:

  • Business requests
  • Customer needs
  • Service Improvement
  • Cost Reduction
  • Effective Delivery and Support from IT Groups

Change Management minimizes risk exposure, lowers disruption impact, reduces incident negatives, and ensures change delivery is done correctly the first time.

Key Terminology

Types of Changes:

  • Change
  • Standard Change
  • Normal Changes
  • Emergency Changes (EC)
  • Remediation

Let’s go over each of the above in little more detail.

Change: When CI is modified in any way it can be a huge scope. Change(s) to the steps of procedures results in change(s) to the documentation.

Standard Change: Something already authorized and deemed low risk. It will follow some pre-established procedures (password reset, new hire procedure – any change to the process) – no RFC is necessary.

Normal Change: Follows defined steps of the Change Management process. It will have an RFC behind it.

Emergency Change: Has to be implemented immediately (security patches, etc.). Necessary processes should be in place on how to deal with ECs.

Remediation: Action to take when change fails. Fallback, rollback, backing out of the change.

Change Advisory Board (CAB)

Change Advisory Board is a group that assesses, authorizes, schedules and prioritizes changes. Typically, the CAB represents all units of IT services including third parties. Emergency Changes are usually handled by the subset of the CAB called ECAB (Emergency Change Advisory Board). Usually, meetings with ECAB are called on ad-hoc basis.

Change Model

Change model is a methodology for handling granular categories of change, which includes repeatable, simple to complex steps and procedures. Change Model requires authorization of possible workflow approval.

Change Record

Change Record is a detailed change event that is documented for the entire lifecycle. Change Record is generated for every RFC received, even for the rejected requests and will reference a Configuration Item.

Change Proposal

Before the change can be rejected or accepted, a Change Proposal document representing a high level description of major change or new service must be created. It includes business cases and anticipated schedule for deployment.

Change Proposal is typically part of the service portfolio management process and is sent to Change Management for authorization. Service Portfolio then “charters” the service or major change.

The Scope of Change Management:

Before the change can be rejected or accepted, a Change Proposal document representing a high level description of major change or new service must be created. It includes business cases and anticipated schedule for deployment.

Change Proposal is typically part of the service portfolio management process and is sent to Change Management for authorization. Service Portfolio then “charters” the service or major change.

ITIL Cabinet Office Diagram

 

ITIL Change Management

Service Change

Let’s go over the diagram above from theITIL Cabinet Office to describe the scope of the Change Management for the IT Services. Notice how we have three players (Business, Service Provider and Supplier – Vendor Partner)

There are three main categories of change:

  • Strategic Change – this change would be done by upper management (CIO, CEO). Strategic Change influences overall management of the business or the organization. For Service Providers, this change would mean the ability to manage IT services, for Supplier and Vendors, strategic change would relate to Supplier Business and any changes in that relationship.
  • Tactical Change – in this change, we actually manage the processes for Business, for the Service Providers, it will be Service Portfolio and for Suppliers, we will be tactically managing external services.
  • Operational Changes – In this type of change, we will concentrate on Business Operations for businesses or organizations, for Service Providers – Service Operations and for Suppliers and Vendors – External Operations.

Notice the relationship between Operational Changes, Tactical Changes and Strategic Changes. Everything is working together.

Our Strategic Changes will go through the Service Provider to manage IT services, as well as Supplier Changes. The Service Changes will be handled by Service Portfolio at the Tactical Change level and Service Operations at the Operation Changes level.

Supplier Business, External Services and External Operations also have relations to each other for Suppliers and Vendors.

All of this is done under the Service Change umbrella.

Change Management, followed by ITIL’s best practices is very important. As mentioned at the beginning of this article, it allows companies to reduce costs, lower overhead, improve productivity and quality of services and add to the bottom line of the business.