This concepts article will help IT Change Management/Enablement process owners to design their request for change process to drive requirements for change Workflows in the TDAdmin interface.
Overview
When building your change management process, you could take a risk-based approach to change review and approval where changes are evaluated in terms of risk. This would apply to Normal changes as described by IT service management methodologies, such as ITIL. This means the change is not a Standard change, which are low risk changes that are pre-approved and do not require. These also will not include Emergency changes which would likely circumvent normal approval processes in favor of immediate escalation to leadership due to the urgent nature of these changes. Normal changes require some consideration, but the level of consideration could vary based on risk.
Risk and approval levels could be:
- Low-risk – Requires approval by a local authority, such as an IT manager for the area that would perform the change. The local authority can choose to approve, reject, or escalate the change to medium risk.
- Medium-risk – Reviewed first by a local authority, and then they move on to the Change Advisory Board (or CAB). The CAB then chooses to approve, reject, or escalate the change to high risk.
- High-risk – Reviewed by the local authority and the CAB, and then a higher-level group such as an IT Management Board (ITMB) chooses to approve or reject the changes.
When using multiple levels of risk to determine the path of approvals, it is important to have a clear definition of each level. Factors to consider include:
- Complexity of the change (in terms of interdependencies of systems and/or teams)
- Length of downtime
- Criticality of the service(s) being impacted by the change
- Confidence/capability of rolling back the change
- Confidence in the change success (i.e. have we done a change like this in the past?)
If you implement an approach like this, consider structuring your deadlines and meetings in such a way that escalating a change to a higher-level review does not take much time.
For example, to efficiently escalate a change from the CAB to the ITMB:
- Friday at noon: Medium- and high-risk changes might be due to the CAB and ITMB for review.
- Friday, end of day: An initial agenda could be sent to the CAB and ITMB.
- Monday morning: The CAB might meet to review and possibly escalate changes.
- Monday, end of day: The ITMB could receive a list of changes escalated by the CAB.
- Tuesday morning: The ITMB might meet to review changes, including those escalated by the CAB.
Example Change Advisory Board (CAB) Agenda
It can be helpful to have an agenda to send to a change advisory board (CAB) ahead of time, so that CAB attendees understand what will be covered in the meeting. Potentially, this same agenda can be used in the meeting to take notes, and afterwards that document becomes the CAB meeting minutes.
If you do build CAB agendas and use them to record minutes, please consider archiving these minutes. They can be helpful later as a point of reference and sometimes IT auditors ask to see CAB documentation.
Below is an example CAB agenda that you can use as a starting point for your meetings.
CAB Agenda for Month/Day/Year
Attendees
[Add names for each person attending at the beginning of the meeting.]
Action item review
Here, you put action items from previous CAB meetings. These are for items that aren't changes but that should be addressed.
|
Description
|
Owner
|
Next action date
|
|
|
|
|
|
|
|
|
Post-implementation reviews
This is an FYI – you do not need to talk about these closed changes in detail. However, the CAB may decide it wants to discuss selected changes or hold a separate review session.
This section can be populated by a TeamDynamix report for changes with a resolved date greater than the value you specify.
|
Change ID
|
Title
|
Start Date
|
End Date
|
Resolved by
|
Notes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Changes for CAB review
[Change ID]: [Change Title]
[Change description]
|
Change ID
|
[Change ID]
|
|
Decision
Could be approved, rejected, or escalated
|
|
|
Security review needed?
|
|
|
Communications plan needed?
|
|
Changes for IT management board review
[Change ID]: [Change Title]
[Change description]
|
Change ID
|
[Change ID]
|
|
Notes for IT management board
|
|
New action items
These items will be reviewed at a future CAB meeting.
|
Description
|
Owner
|
Next action date
|
|
|
|
|
|
|
|
|