Change Management

What is ITIL Change Management?

The Change Management process is designed to help control the life cycle of strategic, tactical, and operational changes to IT services through standardized procedures. The goal of Change Management is to control risk and minimize disruption to associated IT services and business operations.

Note: Organizational Change Management (OCM) is sometimes confused with Change Management. However, OCM deals with the impact new processes and changes in organization structure have of people. OCM and Change Management work together because organizational structure influences behavior of people and process.

The Goal of Change Management

The goal of Change Management is to establish standard procedures for managing change requests in an agile and efficient manner in an effort to drastically minimize the risk and impact a change can have on business operations.

Benefits of Change Management

While no best practice, framework or methodology can assure 100% success, Change Management can help manage risk and safeguard the IT services you deliver and support against unnecessary errors. Maintaining reliable business systems is essential for the survival of any organization in today’s competitive market space. Adjustments to any element within the IT infrastructure can disrupt service value and negatively impact productivity. Structured and planned change helps to minimize the potential risk that comes with infrastructure changes. At the same time a well-structured and planned Change Management process comes with significant business benefits.

Some of the benefits that result from Change Management include:

• Improved IT to business alignment

• Decreased adverse impact on business operations

• Improved visibility into IT change

• Prioritized responsiveness to change

• Adherence to government and other compliance regulations

• Improved risk management

• Reduced service disruptions and system downtime

• Increased staff productivity

• Faster change implementation

The Role of Change Management within Service Transition

Change Management is a critical process within the Service Transition publication, part of ITIL's Service Management best practice framework that includes guidance for building, deploying, and transitioning new or changed IT services into operation. Guidance is also given on how to retire services. The objective of Service Transition in the IT process lifecycle is to plan and manage changes to IT services, while minimizing risk and improving decision support to users and the business.

ITIL Service Transition processes include:

• Change Management

• Service Asset and Configuration Management

• Release and Deployment Management

• Knowledge Management

• Service Validation and Testing

• Change Evaluation

• Transition Planning and Support

Definition of a "Change"

According to ITIL, a Change is "the addition, modification or removal of any authorized, planned, or supported service or service component that could have an effect on IT services." Most often, a change is an event that has been approved by the change authority, is evaluated and implemented while minimizing risk, adjusts the status of a configuration item (CI), and adds value to the business and its customers.

Changes can be brought about in two ways:

1) Change Request or Request for Change (RFC)

A change request is a formal proposal that can be submitted by a stakeholder in the organization or by a service user via the service desk, utilizing the request fulfillment process to alter a configuration item.

2) Change Proposal

A change proposal is a high-level description of a potential service introduction or significant change and includes the business case and implementation schedule. These proposals are normally created by the service portfolio management process in Service Strategy and are passed to the change management process.

**A service request that is normally handled by the service desk can be a change request. A service request can be a change request if the change affects an IT Service with an addition, modification, or retirement of components or configuration items of the IT service. Service requests are fulfilled using the service desk’s request fulfillment process and do involve the change management processes (and potentially the supplier management process). Many service requests are standard changes.

Types of Changes

1) Emergency Change/Urgent Change

An emergency change is one that must be assessed and implemented as quickly as possible to resolve a major incident. Emergency changes tend to be more disruptive and have a high failure rate, so they should be kept to a minimum. The exact definition of an emergency change should be defined in the change management policy.

2) Standard Change

A standard change is one that occurs frequently, is low risk and has a pre-established procedure with documented tasks for completion. Standard changes are subject to pre-approval in order to speed up the change management process. Change Models (a documented and repeatable plan for managing a specific type of change) that describe the process for handling recurring changes are often times created for standard changes. If the standard change type increases in risk to the organization, it may become a Normal Change.

3) Major Change

A change that may have significant financial implications and/or be high risk. Such a change requires an in depth change proposal with financial justification and appropriate levels of management approval. Each organization’s process for identifying and managing a major change will differ depending on the size and complexity of the business. A change in this instance may change from being operational to tactical, or tactical to strategic and require a different level of authority for the approval.

4) Normal Change

A normal change is one that is not standard and not emergency and typically requires an important change to a service or the IT infrastructure. A normal change is subject to the full change management review process, including review by the Change Advisory Board (CAB) and authorization/rejection.

Additional Change Requests may include:

• Application Changes

• Hardware Changes

• Software Changes

• Network Changes

• Documentation Changes

• Environmental Changes

The Change Management Process Flow

ITIL provides a framework that is adaptable to meet individual organization’s service delivery and support requirements. Designing a standardized change management process that is sanctioned by management will aid in quickly, economically and effectively managing changes when they occur. The process can then be automated by service management support software. Change control is a subordinate element of the overall change management process designed to ensure changes are controlled, recorded, analyzed and approved. A typical Change Management Process includes the following activities: 1) Create & Log the Request for Change (RFC) A Request for Change is typically created by the individual, process or business unit requiring the change. Depending on the type of change, an RFC record will contain varying information necessary to make decisions for authorization and implementation of the change, including, identifying information, a description, configuration item incurring the change, a reason for the change, requestor’s contact information, type of change, timeframe, costs, back out plan and business justification. 2) Review Request for Change (RFC) Each Request for Change should be reviewed and prioritized by the change authority for business practicality. These requests can be rejected and returned to the submitter or management as notification or in request of more detail. These unapproved changes should be monitored and closed as needed.

3) Evaluate the Change

Evaluating the change to assess the impact, risk and benefits to IT services is critical in order to avoid unnecessary disruption to business operations. For certain types of changes, such as major changes, a formal change evaluation takes place by the change evaluation process and is documented in a Change Evaluation Report. Impact assessment will consider the impact on the business, infrastructure, customer service, other services – both IT and non-IT services, implementation resources and currently scheduled changes in the change log. A Change Advisory Board (CAB) can also evaluate changes. The CAB can consist of various stakeholders such as the service owner, technical personnel, and/or financial personnel to help evaluate the need for the change.

4) Approve/Authorize the Change

Change requests commonly require authorization prior to implementation and each change requires authorization from the appropriate authority level depending on type of change (strategic, tactical, operational). This varies across organizations, but commonly depends on the size of the business, anticipated risk of the change, potential financial repercussions and the scope of the change.

5) Coordinate Implementation

Once authorized, a change request or the change record is handed over to the release and deployment process for coordination and collaboration with the appropriate technical and/or application management teams for building, testing and deploying the change. Each change should have remediation plans prepared in the case of an implementation failure. Once building and testing are complete, release and deployment should notify the change manager of the results and suggested implementation requirements. The Change Manager should schedule each CHANGE based on the suggested implementation requirements and the management of business risk. The Change Manager using a Forward Schedule of Changes (FSC) or Change Schedule will communicate to all stakeholders upcoming changes that may impact them. The FSC along with projected service outages (PSO), or expected deviations in service availability, will be taken into consideration when coordinating change implementation. Release and Deployment will be responsible for implementation and coordination of training needs.

6) Review and Close Change Request

Upon completion of the change, a Post Implementation Review (PIR), which is a review of the detail implementation results, should take place to confirm the change has successfully achieved its objectives. If successfully implemented, and the change was associated with fixing and error in service all associated problems and known errors should be closed. If not successful, the remediation plan should be activated appropriately.

A Change Management policy should also be defined to support the process. This policy might include, defining what an emergency change is; implied benefit of the process; encouraging a change and ITIL friendly business culture, establishing roles and responsibilities for various change management activities, restricting change management access to authorized staff, risk management and performance measurement.