IT change management is an essential practice that delivers its weight in gold for businesses that apply a change management model. But what is it, what are the benefits of adopting IT Change Management, and what steps must you follow to effectively practice change management in your organization? (For more information, see our Guide to Business Continuity Plans.)
What is IT Change Management?
IT Change Management is the systematic process of managing the lifecycle of all changes to an IT environment to improve the way it functions with minimum disruption to all IT services.
IT Change Management Objectives
Applying IT Change Management principles allows organizations to:
- Mitigate risk and impact of internal or external requirements that result in changes
- Retain the current working state and ensure organizational effectiveness
- Manage communication and approvals to effectively control all changes
- Ensure effective change planning using available resources for greater efficiency
- Reduce the number of incidents due to change and ensure operational excellence
The importance of IT Change Management
IT Change Management allows organizations to systematically implement changes while maintaining their working state. When there is an internal or external requirement to make a change to an IT environment, change management ensures that enhancements are managed effectively and efficiently.
While addressing issues is a part of the scope, IT Change Management isn’t just about plugging holes, it’s about developing and maintaining structure, and dealing with issues by applying specific principles that ensure specific outcomes are achieved. When practiced effectively, change management can also prevent catastrophe should something go wrong in your network.
Benefits of IT Change Management
A well-defined change management process accounts for the management of common issues that result from planned and uncontrolled change events. Benefits of developing a change management process included:
- IT services become better aligned with business requirements
- Greater visibility and communication of Change team members
- A more comprehensive approach to risk assessment
- Lower impact on operations
- Improve cost assessment for proposed changes before they are applied
- Back-out changes are reduced or are streamlined
- Problem and Availability Management is enhanced due to documented change history
- Users experience, less disruption and greater productivity
- Greater agility and ability to complete more changes
Consequences of not using IT Change Management
There is much to be gained from a structured approach to managing changes in an IT environment, however, there’s even more that can be lost without one. Consequences of not using IT Changement Management include:
- Unplanned spending caused by poorly planned changes
- Operational downtime caused by critical system failures
- Lack of productivity as staff cannot meet performance goals
- Customer attrition due to poor or non-existent service delivery
- Revenue loss
- Regulatory non-compliance that can lead to fines
Incident management is the practice of resolving critical incidents. It includes establishing how incidents are detected and reported, who is responsible for managing them, what tools are used to address them, and the steps that are taken to resolve an incident.
While IT incidents and IT Change Managements center around the remediation of an event, incident management is used to manage one-off cases, where IT Change Management is used to resolve recurring issues.
The ITIL IT Change Management Model
ITIL IT Change Management includes four key steps for effective change management. These include:
1. Request for Change
For a change to be initiated, it must be considered valid and there are four reasons that are acceptable:
- An incident causes a new change
- Change is created as a result of a known problem
- End-user requests a new change
- Change manager creates a change as a result of an ongoing maintenance
A Request for Change proposal is created and must contain the following information:
- Reason for change: Why it must be created, who the affected parties are, and a desired outcome
- Impact & risk assessment: Impact and risk of implementing the change are calculated and documented including configuration items
- Cost-benefit analysis: An estimated resource utilization and cost incurred with potential benefits.
- Implementation planning: Steps for implementing change along with project management members, timelines and the methodology to be applied
2. Change Evaluation and planning
With a completed proposal, the change assessment committee evaluates the submitted RFC and suggests changes. Change planning is then initiated, including the following procedures:
- Prioritizing a change after analyzing the reasons and RFC and determining the change type depending on the risk/impact
- Scheduling a change according to priority. Low priority changes are often postponed to a later date or development window. Scheduling also includes:
- Establishing a start date and end date
- Ensuring there aren’t any clashes with other planned major activities
- Creating plan details for the implementation steps and approach
- Identifying stakeholders responsible for implementing and approving the change
3. Change approvals
Communicating the change and its details to relevant stakeholders is essential. To streamline approvals, aim to automate the approval process to reduce manual effort. The approval process flow is decided depending on the type of change. Major changes require approval from the Change Advisory Board (CAB), a group of stakeholders tasked with assessing changes to an IT environment.
4. Change implementation & review
Once approved, implementation is executed with the assistance of the release management team. The release team manages the planning and testing and change review occurs once implementation is completed to determine whether it’s a success or failure. Reviews are also instrumental when revisiting and modifying existing change management processes if necessary.
Types of IT Change Management
There are four types of changes that exist. They are applied for varying degrees of change and associated risk. These include:
Major changes are high impact and high-risk items that may change or affect production systems. Major changes require CAB approval and business approval due to the financial impact they have on ongoing business. An example of a major change could be the replacement of enterprise resource planning software or migrating.
Standard changes are typically low-impact and low-risk, and also typically pre-approved. They take place periodically. Given their low-pact and risk profile, these types of changes do not follow the conventional process flow and it can be saved as a standard change template for reuse. As a result, CAB approval is not required for each standard change as they are evaluated and approved once initially.
Standard change examples include operating systems upgrades, deploying a patch, or creating a user account.
Minor changes are less risky to execute. They are typical changes that do not occur frequently but must follow each stage of the change lifecycle including CAB approval. Minor changes can also be converted to a standard change in the future. Examples include application performance improvements or website changes.
Emergency changes are unexpected interruptions that need to be fixed as quickly as possible These can be major incidents. As emergencies, RFCs are produced in retrospect (after implementation) and approvals can be managed through Emergency CAB (ECAB). It’s a best practice to review these changes later to avoid potential infrastructure risks. Documentation is completed after the change has been executed. Examples include addressing security breaches or managing a server outage.
A simpler & smarter approach to IT management
IT Change Management was designed to mitigate as much risk as possible, and for busy infrastructure admins, business application owners and IT consultants, it’s a godsend. But there is an even safer and more effective way to get a grip on an IT environment, ensuring that changes are less stressful, less complex, and that touching one application won’t break another.
Faddom’s dependency mapping tool discovers and maps business application dependencies in only 30 minutes. It is a 100% non-intrusive solution. It’s also agentless, credential-less, no need to reconfigure firewalls – we work passively using existing network traffic protocols (IP address based) and map automatically 24/7 and in real-time so our maps are always up-to-date.
Watch a free demo to see how you can discover all applications and their dependencies, plan for microsegmentation, and more. Access a demo.