Change Management
Approval and Planning
Planning is essential for good change management.
Information management systems are highly sensitive to configuration changes due to the complex relationships between all the CIs involved. An apparently minor change may trigger a chain reaction with catastrophic results. At the very least, back-out plans are essential. These should allow you to get back to the last stable configuration before the change. However, this is obviously not enough.
In the first place the CAB must meet at intervals to analyse and, where appropriate, approve the pending RFCs and draw up the FSC or forward schedule of changes.
Changes must be evaluated in detail before being approved:
- What are the expected benefits of the proposed change?
- Do these benefits justify the costs entailed by the change process?
- What are the associated risks?
- Do we have the necessary resources to make the change with certainty of success?
- Can the change be postponed?
- What will the general impact be on the IT infrastructure and quality of service?
- Could the change affect the established IT security levels?
In the case of high impact changes the management should also be consulted as strategic issues and the organisation's general policy may come into play.
Once the change has been approved (if it is not, the process described earlier for rejected RFCs should be followed) it should be assessed whether it should be implemented in isolation or as part of a package of changes which would be formally equivalent to a single change. This has a number of advantages:
- The necessary resources can be optimised.
- Incompatibilities between different changes can be avoided.
- Only one back-out plan is needed.
- The process of updating the CMDB and the post-implementation review are simplified.
