Change control
Using this practice the organization will be able to increase the number of successful changes by using better management methods. The change management needs scheduling to support planning, prevent conflicts, and help the resource assignment. In addition, the knowledge provided by this practice could be used by other practices.
Change: addition, modification, or removal of whatever that could directly or indirectly affect on services.
In change management, it’s important that an equivalence between new values production and the effects on customers and users be provided. In addition, risks and benefits of changes should have been by experts analyzed.
There might be individuals or groups of people called “Change authorities” who authorize the changes across the organization. It’s the best practice to have multiple change authorities for different types of changes.
There are three kinds of changes in an organization. The behavior of an organization against different kinds of changes is different.
- Standard changes: This category of changes has low risks. They are already understood, pre-authorized, and documented and could be implemented without the need for another confirmation. These changes are normally initialized by service requests but they might be also operational changes.
- Normal changes: This type of change needs to be fully scheduled, assessed, and be authorized by a workflow. Some of them are low risk and the change authority for them is someone who can quickly decide, but some of them are major changes that their change authority could be even directing board of the organization. The initialization of these changes normally is by a “Change request”.
- Emergency changes: These are changes that should be implemented very quickly. (for example, installing a critical patch) These changes are not normally planned and the speed of assessment and authorization must be increased by the organization. These changes have the steps of assessment and test and authorization but the documentation step could be postponed to another time after implementation. It’s possible that an individual or a group of people are assigned specifically for this kind of changes e.g. some technical managers of the organization who understand the related risks carefully.
Figure 5.19