ITIL Change Management

ITIL is a framework for an effective IT Service Management (ITSM) that delivers real value to customers and business. ITIL consists of different stages and each stage includes a set of relevant processes. ITIL Change management is a part of service transition stage that recommends a process flow to evaluate, plan and deploy a specific change request. The primary objective of ITIL Change management is to ensure that change execution does not interrupt ongoing operations. ITIL Change management process acts as a gatekeeper that authorizes every change record before it is moved to release management stage.

ITIL Change management process flow includes five stages:

Types of changes

Change management includes four types of changes depending on the risk and impact. Process flow is decided based on the type of change.

Major change

As the name implies, major change is a high risk and high impact change that could interrupt production live environments if not planned properly. Change evaluation is crucial to determine the schedule and approval workflow. It requires Management approval along with CAB approval. RFC contains a detailed proposal on cost-benefit, risk-impact analysis and financial implications if any. 
Examples of major change include migration from one datacenter to another; replacing an existing enterprise solution(ERP).

Standard change

A Standard change is a low risk and low impact change that is pre-defined and pre-approved. Standard changes are periodical changes that follow a standard operating procedure. They use change templates that have pre-filled information. Standard change does not follow the conventional process flow. Approval happens only once initially and does not require CAB approval everytime. 
Examples include OS upgrade, patch deployment etc.

Minor change

A minor change is a non-trivial change that have low impact and low risk. These are non-trivial changes that do not occur frequently but this undergoes every stage of change lifecycle including CAB approval. It is important to document relevant information for future reference. Minor change could be converted to a standard change in future. 
Examples include Website changes, Performance improvement

Emergency change

Emergency changes are unexpected disruptions that need to be resolved as soon as possible. Emergency changes handles RFC retrospectively post implementation. It is crucial for the Emergency CAB (ECAB) to understand the impact and handle approvals. Post implementation review is crucial for emergency changes to understand potential risks in future and detailed documentation is mandatory post change execution. 
Examples - Fix for security breach, server outage.

Use cases for ITIL change management

IT and DevOps teams use ITIL Change management effectively on a day to day basis to handle new change requests and plan for deployment. There are different possible use cases where ITIL Change management can be utilized.

Use case 1 - Business Continuity Management

Business Continuity Plan (BCP) and Disaster Recovery (DR) are vital to ensure seamless business operations. This is an ideal example of high impact and high risk major change that requires prudent change planning. The responsibilities of change management in BCP&DR include

  • Minimal or no interruption to the current ecosystem

  • Optimal resource utilization

  • Impact analysis to identify vulnerable Configuration Items (CIs)

  • Proper documentation of all relevant changes

  • Communication strategy to all stakeholders

  • Service monitoring including recovery time taken (RTO,RPO)

business continuity management 30c2bc62 business continuity management 30c2bc62

Change Record Template

Stage BCP/DR Process
Request For Change (RFC) Customer reports an Incident and requests for a new implementation. It includes changes to infrastructure level components.
Change Evaluation & Planning Change manager evaluates RFC template and understand cost associate. Change planning involves proper scheduling without any conflict. BCP & DR is applicable to multiple locations. Change team identifies specific location where BCP/DR will be executed
Approvals Change Advisory Board (CAB) includes members from BCP team and other stakeholders; Communicate the new changes to all customers, vendors; Update all relevant collaterals including BCP template.
Implementation & Review   Release management team handles deployment of the change and Change team is responsible for post implementation review and CSI.
Use case 2 - Security Fix

Security breach costs a lot to the business if not fixed quickly. Security bug fix and enhancement is an example of emergency change. Emergency change has limited time available and therefore, implement only necessary change management processes. Live environments and production systems are vulnerable when you execute emergency changes. Standard testing and Emergency CAB (ECAB) approval are crucial to avoid any unintended disruptions. Emergency Change management process involves:

  • End user reports an emergency change ticket

  • Change Manager assesses risk and impact

  • Change Planning is done quickly using change template

  • Approval is triggered to ECAB members (Emergency CAB members)

  • Change implementation includes security bug fix

  • Change assessment is done again post implementation

  • Retrospective RFC happens post implementation for the purpose of IT audit

  • Continuous review takes place to avoid any similar emergency change in future

security fix 69d81a18 security fix 69d81a18
Use Case 3 - Cloud Change Management

Businesses are moving towards cloud and agile. Change management in cloud is a standard change with a pre-approved process. In cloud environment, there are frequent releases and time to release is fast. Therefore, an effective change management process is essential. QA and testing happen frequently and therefore, following a standard change management process helps to control risk.

  • Create a change request that is assigned to the respective Change team

  • Associate relevant tickets to this change record

  • Understand Service Level Agreement (SLA) with cloud service providers

  • Prepare a standard change template to eliminate repetitive tasks

  • Proper scheduling of releases in a multi-tenant architecture

  • Prepare a back-up plan to roll back to working state

  • Use sandbox environment for QA & testing to ensure desired working state

ITIL Change management is useful for any business irrespective of the size and nature. Change management solves multiple use cases and leverage change management process flow to improve efficiency and mitigate risk.

cloud change management 2x afa52ec4 cloud change management 2x afa52ec4

Benefits of ITIL Change Management 

Other Related Resources