Change control is a very critical service management practice within ITIL. It is here that we can introduce improvements in services as well as other service management practices. A change is defined as the addition, modification, or removal of anything that could have a direct or indirect effect on services. This would typically include changes to IT infrastructure, applications, documentation, processes, supplier relationships, and any other critical components of the service. Although some IT organizations limit their focus only to hardware and software change control, it is important to remember that there are other elements play a significant role in service development and delivery, and changes to them can negatively impact customers.
BMC Helix: Next Generation ITSM
The purpose of the change control practice is to maximize the number of successful IT changes by ensuring that risks have been properly assessed, authorizing changes to proceed, and managing the change schedule
It is important to distinguish change control from organizational change management. While organizational change management manages the people aspects of changes to ensure that improvements and organizational transformation initiatives are implemented successfully, change control is usually focused on changes in products and services.
In ITIL, we usually identify three types of change that are each managed in different ways i.e. standard, normal and emergency changes.
The change authority is defined as a person or group who authorizes a change. This can be a team, supervisor, manager, CEO, board, customer or regulator depending on the nature of the change as well as the organizational approach and culture. It is essential that the correct change authority is assigned to each type of change to ensure that change control is both efficient and effective. There is no point constituting a board to review every relatively low risk change that can be locally approved.
In high-velocity organizations, it is a common practice to decentralize change approval, making peer review a top predictor of high performance. For example, an agile product team would make decisions on which elements of the product backlog will be tackled in a sprint, while the agile product manager would make decisions on which customer requirements would be included into the product backlog. Organizations adopting DevOps practices might establish systemic approval based on the success of automated checks in the continuous integration/continuous deployment (CI/CD) pipeline.
Regardless of who the change authority is, they may need to communicate widely across the organization as well as to key stakeholders. It is important to prepare all persons involved and all persons affected in advance to prevent surprises. Good communication with the Service Desk, for example, may be important to ensure that high call volumes do not come as an unmanageable surprise following a change that went wrong. Marketing teams might wish to avoid planned campaign activity at a time when key systems are expected to be unavailable. Good communication is also particularly important where a large cross-section of persons with specialist knowledge are needed, for example when assessing the risk of a complex change.
The change schedule is used to help plan changes, assist in communication, avoid conflicts, and assign resources. It can also be used after changes have been deployed to provide information needed for incident management, problem management, and improvement planning. It is important to expose the change schedule to all key stakeholders involved in the changes, through communication channels which are likely to get the message to them in a timely manner.
Contribution of Change Control to the Service Value Chain
The change control practice is involved in all the activities of the service value chain as shown below:
|Plan||Changes to product and service portfolios, policies, and practices all require a certain level of control, and the change control practice is used to provide it.|
|Engage||Customers and users may need to be consulted or informed about changes, depending on the nature of the change.|
|Design and Transition||Many changes are initiated as a result of new or changed services. Change control activity is a major contributor to transition.|
|Obtain/Build||Changes to components are subject to change control, whether they are built in house or obtained from suppliers.|
|Deliver and Support||Changes may have an impact on delivery and support, and information about changes must be communicated to personnel who carry out this value chain activity. These people may also play a part in assessing and authorizing changes.|
|Improve||Many improvements will require changes to be made, and these should be assessed and authorized in the same way as all other changes.|
BMC Helix: Next Generation ITSM
BMC Helix ITSM combines the latest in digital and cognitive automation technologies to enable best-practice ITSM principles, helping you to provide intelligent and predictive service management across any environment. Learn more about BMC Helix ITSM
- Optimized for ITIL® 4
- Predictive service management through auto-classification, assignment, and routing of incidents
- Integrations with leading agile DevOps tools such as Jira
- Delivered in containers to enable operational and cloud deployment efficiencies
ITIL® is a registered trade mark of AXELOS Limited. IT Infrastructure Library® is a registered trade mark of AXELOS Limited.
These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.
See an error or have a suggestion? Please let us know by emailing firstname.lastname@example.org.