A change request is a formal communication requesting a change to one or more CIs. Different types of change may require different types of change request, each with specific forms and procedures (e.g. for impact assessment and change authorization).
Request for Change – RFC:
A Request for Change (RFC) is a formal request for a change which may be submitted via a paper form or electronically through a service management tool. Most tools will ensure that complete information is provided, and automatically add some data such as identifiers and dates. This will avoid wasted time.
Changes are categorized into the following change types:
• Normal - A change that goes through the full assessment, authorization and implementation stages.
• Standard - A pre-approved change that is low risk, relatively common and follows a procedure or work instruction (e.g. a password reset or the provision of a standard PC to a new employee). RFCs are not always required to implement a standard change, and they may be logged and tracked using a different mechanism (e.g. through the Request Fulfillment process). Often operational maintenance changes are treated as standard changes.
• Emergency - Reserved only for highly critical changes that must be introduced as soon as possible (e.g. changes needed to restore failed high-availability services or widespread service failure, or changes that will prevent such a failure from imminently occurring). The Change Management process normally has a specific procedure for handling emergency changes.
The Change Authority is the person or persons who will authorize specific changes to take place. Organizations can decide who will be responsible for authorizing different types of change and, in the interests of operational efficiency, will often devolve this authority to the Change Management team or operational staff. It is vital that the designated Change Authority has the appropriate knowledge and skills to be able to make such decisions. Modern tools will allow electronic approvals, with definable defaults that ensure changes are progressed in a timely manner.
Change Advisory Board (Also called Change Management Board)
The Change Advisory Board (CAB) is a group of people that advises the Change Manager in the assessment, prioritization and scheduling of changes. The CAB is made up of representatives from all relevant areas within the IT service provider, the business and third parties. The key factor is that all parties who have a view on a particular change should be represented. Membership of the CAB is therefore likely to be dynamic, even within a single meeting.
Meetings may involve face-to-face contact or be conducted by telephone or online. Depending on choices made within the organization, meetings may be held at different times and intervals as demand dictates. CAB members assess both business and technical perspectives of proposed changes.
For emergency changes there may not be time to convene the full CAB, so it is necessary to identify a smaller group with authority to make emergency decisions (i.e. an Emergency Change Advisory Board (ECAB)).
Change procedures should specify how the composition of the CAB and ECAB will be determined in each instance.
No change should be approved without there being a Remediation Plan (i.e. what to do if the change is unsuccessful). Where possible, a back-out plan should be provided to recover the organization to its original, or another, known state should the change fail. This might involve reloading a baselined set of configuration items, revisiting the change itself or, if the failure is severe, invoking the organization’s business continuity plan. It should be recognized that not all changes can be backed out, so the Remediation Plan must cover what to do in such situations. Only by considering the remediation options available prior to instigating a change, and establishing that the remediation is viable, can the risk of the proposed change be determined and the appropriate decisions taken.
The Change Schedule lists all approved changes and planned implementation dates. It becomes an important audit trail to support Incident/Problem Management among other processes.
Change Process Model:
A Change Process model is a repeatable way of dealing with a particular type of change. It sets out specific defined steps that are followed for a specific type of change. Standard and Emergency changes are typical examples that might be handled this way. Support tools can be used to automate the handling, management, reporting and escalation of the process. The Change Process model includes:
• Steps to handle the change including handling issues and unexpected events
• The chronological order to take the steps, with any dependences or co-processing defined
• Responsibilities (who should do what)
• Timescales and thresholds for completion of the actions
• Escalation procedures (who should be contacted and when).
Prev: Goals, Purpose & Objectives
Next: Key Activities in Change Management