Change Management in ITIL is a process designed to understand the risks involved and minimize them while making changes in the IT infrastructure.
The Change management process is a sequence of activities that are followed by a change management team to use change management on a project to ensure that it meets the intended outcome.
The main purpose of change management is to control the lifecycle of all the changes and enable changes to be made which are beneficial in nature with little or no disruption to the IT services. Change management aims to establish standard procedures for managing change requests in an efficient manner.
The objectives of change management are:
To respond to the rapidly changing requirements of the business and simultaneously maximizing the value of the service offered.
The number and intensity of incidents, disruptions and re-works should be reduced.
To respond adequately to Requests for Change (RFCs) which align the IT services with the core business.
The implemented changes should be recorded and evaluated.
The changes which have been authorized for implementation should be planned, tested, implemented, documented and reviewed in a systematic manner to ensure that it is a right fit.
The overall risk to the business should be minimized so that the risks do not spiral out of control and affect the core business of the company.
The change management’s scope covers the changes made to all the configuration items across the physical and virtual assets of the entire service lifecycle. It covers the changes made to the five aspects of service design:
Management information system and tools
Technology architectures and management architectures
Measurement systems, methods, and metrics
A normal change is a type of change which is neither a standard nor an emergency.
It is an important change made to the IT service or infrastructure.
They are non-trivial changes made to the services, processes, and infrastructure.
Normal changes are reviewed by the Change Advisory Board for authorization or rejection.
A type of change that occurs frequently poses a very low risk and follows standard procedures which are pre-established for completing the tasks is called a standard change.
Since they are typically small changes, they are pre-approved so that the change management process can be speeded up.
Even after approval, standard changes are under the control of change management.
If the standard changes cause any incidents after implementation, they can be brought back for review and changes can be made as needed.
Standard changes are not considered as a Request for Change but are tracked as Service Request Records.
A type of change which requires serious financial investment and has the ability to pose a major risk is called as a major change.
This type of change needs an in-depth proposal for attaining financial approval and clearance from various levels of the management.
It is a type of change which needs to be implemented as soon as possible in order to resolve a major incident or issue.
These types of changes tend to be very disruptive and have a high failure rate. Hence they should not be implemented unless absolutely necessary.
Implementing change management in an organization can minimize the risks and safeguard the services of the company. Sudden and unplanned changes can cause disruptions to IT services and result in a productivity drop. This is where change management provides benefits with well-structured and planned changes which minimize the risks associated with them.
The benefits provided by a well-structured change management process are as follows:
It improves the alignment of IT services towards the core business of the company.
The negative impact of change on business operations is greatly minimized.
Responsiveness to the changes made is prioritized so that only the most important issues are attended to first.
Risk management is improved in the face of change management.
Change management results in a lesser number of disruptions to the IT services and the system downtime if it occurs is also reduced.
Since the changes are implemented in an organized manner, the productivity of the staff is also improved.
The changes can be implemented faster in a systematic manner than in a haphazard manner.
There is strict compliance with regulations and standards set by the government.
The main activities of change management are:
To plan, control and schedule changes
To understand the impact of the implemented change
To communicate effectively with the stakeholders.
To make improvements on a continuous basis.
To make sure that they are plans to remedy any problems.
The following processes are included in a typical change management process.
An individual or a business unit can create a request for change.
The information contained in the RFC will vary depending on the type of change.
The information can be used for making decisions to authorize and implement changes.
It can also contain identifying information, description, a configuration item which is undergoing the change, the reason changes are being made, the type of change, timeframe and the costs involved in making the change.
In order to ensure that the right changes are made at the right time, each request needs to be evaluated and prioritized by the authority responsible for making changes.
Depending on the scrutiny, the requests are approved, sent back for making additional changes or rejected outright if there is no requirement.
The changes which are not yet approved should be monitored closely to make sure that they do not get implemented nevertheless.
It is essential to evaluate the changes made and assess its impact to be aware of its benefits to the IT services and to avoid needless disruptions to the business operations.
For major changes, a formal evaluation takes place to assess the change, and it will be documented in a Change Evaluation Report.
An internal assessment will be made, which will consider the impact of the change to be implemented in the business, infrastructure and other IT & non-IT services.
A change Advisory Board (CAB) consisting of various stakeholders such as the service owner, technical can financial personnel, can also be constituted to evaluate the necessity for change.
Before they can be implemented, each change needs to be approved by the concerned authority depending on the type of change.
The approval depends on the size of the business, the forecasted risk of implementing the change, the scope of the change and financial repercussions.
After the change has been authorized by a competent authority, it needs to be implemented,
A change request is given to the release and deployment team who coordinate with the appropriate technical and management teams for building, testing and implementing the change.
Every change which has been implemented should have a remedial plan prepared in case of a situation where the implementation fails.
Once the change has been implemented, a Post Implementation Review (PIR) is conducted, which confirms if the change has been implemented properly and whether it has successfully achieved all its objectives.
If the change has been implemented successfully, then all the associated problems will be solved.
If the change is not successfully implemented, then the remedial plan should be activated immediately.
A proper process must be defined to support the change management process.
The following roles are assigned to a team in ITIL change management.
The role of the change initiator is to recognize and identify the need for change.
A change initiator should be someone with experience in working with service support tools.
A person who provides support services to customers may be best suited for this role as they frequently interact with the system.
A change coordinator has to analyze the requests which originate from other departments such as incident management, problem management, release or continuity management.
The change coordinator also needs to register the changes received and determine the risk and the potential impact of the change.
In addition to that, the change coordinator has to prepare plans for implementation and monitor the progress of the change.
A change manager is needed only in medium and large organizations.
Their duty is to manage the change procedures, receiving and prioritizing the change requests, evaluating the risk associated with the request and maintaining detailed records of each change.
The primary duty of the change advisory board is to authorize the requests for changes and making further evaluations on the requests when it is determined by the change manager that there is a high risk associated with it.
The board considers all the affects that the requested change can have on all the involved parties.
A meeting will be scheduled to determine the path to proceed with a clear agenda in mind.
The duty of the approver is to decide whether the changes need to be approved or rejected.
The change implementation is formed with a set of specialists who can actually implement all the changes.
The IT manager is responsible for overseeing the changes.
Nowadays, changes happen at a very fast rate, and it is a challenge to implement a quality change management process, which in turn makes the handling of constant change easier. It is essential to have the full support of the top-level management and executive leadership to implement and follow up on the changes successfully. The following best practices guide you to adopt and implement change management.
It is essential to build a proper business case by highlighting the purpose and benefits provided by a properly structured change management process. This case should be shared with all the leaders in the organization from the highest to the base-level leaders. It is essential to get all the stakeholders in on the plan as it will be important to the success of the change management.
It is important to define each change along with its types and the criteria it fulfills.
The roles and responsibilities should be identified and assigned to the right people who are involved with the change management process such as the Change Manager, Change Advisory Board members, and the sponsors.
Every change that should be incorporated needs a systematic process that will help it meet expectations.
There will be certain key areas to be identified which will be affected by the implemented change. The measurement of these key areas needs to be demonstrated and shared with the stakeholders.
The performance of the change management process, the people involved in it and the technology used in it needs to be evaluated on a regular basis to ensure that they are operating at the required levels of efficiency.
The risk tolerance level of the organization should be determined based on the type of governance in the organization and the maturity of the change management process in handling the various types of changes.
The challenges faced by change management are:
Making sure that each and every change is tracked, recorded and managed properly.
It is the duty of change management to ensure that it adds value to the changes by making them happen faster and helping them achieve higher success rates.
In certain organizations where change management covers only the operational change authorization, it becomes difficult to migrate to a true change management process.
There can be significant challenges in a large organization to agree and document the multiple levels of change authority which are required to manage and communicate the changes between the relevant change authorities effectively.
There are several risks encountered during change management. Some of them are:
The business, IT staff, and IT management can have a lack of commitment to the change management process.
Implementing changes without making use of the change management process carries a certain risk along with it.
It is possible that there can be a lack of clarity regarding how the change management should interact with the other service management processes.
The presence of excessively bureaucratic processes can cause several delays in implementing changes.
Change management thus can respond to the rapidly changing business requirements and maximize the value of the offered services. By ensuring that the implemented changes are recorded and evaluated, it makes sure that they are a right fit. It also ensures that the overall risk to the business is minimized to prevent the risks from spiraling out of control.