Change Control Procedure

ICT Directorate, Ministry of Finance

Kabul, Afghanistan
 Change Control Procedure


Procedure No: 5-A

Procedure Name: Change Control Procedure

Effective Date: 01, September 2020

Date of Last Revision: 20, August 2020

Version No: 1

Responsible Person: Dilawar, ICT Advisor

Contact Information: dilawar.khan@mof.gov.af

Applications, Network Devices, Network

Applies to:
Infrastructure, ICT Services

Version History
Revision
Version Approved By Description Author
Date
1 20/07/2020 Initial document ICT Directorate

Approval And Review

1
 Change Control Procedure


Purpose
The purpose of this procedure manual is to outline the steps that has to be carried for managing
changes in the ICT resources to the entire roles in the Change Control Process. The manual will
manage change requests so that approved changes will be controlled, ensuring the efficiency
and effectiveness of work.

Scope
This procedure and all other documents referenced herein, shall apply to all members working
in the Change Control and change management of the application development, network
design and infrastructure, and ICT services.

Procedure Statements
I. Create and Log the RFC
Actions Responsibility
1. Identify and record the RFC (identifying information, a Change Initiator
description, configuration item incurring the change, a reason
for the change, requestor’s contact information, type of
change, timeframe, costs, back out plan and business
justification)
II. Verification of the RFC
Actions Responsibility
2. Prioritize, review and validate change request to ensure all Change Approver
necessary information is provided.

3. Review with technical peers to ensure the possibility and

implementation need of the RFC

4. Approve or deny the RFC.

III. Analyze and record schedule, cost and effort impact of change

Actions Responsibility
5. Consultation with the technical peers Change Control
Committee

2
 Change Control Procedure


6. Assign resources to review the impact of the change request.

7. Direct activity to assess the scope, cost and schedule impact

of the change.

8. Update change request with impact analysis and estimates

in terms of scope, cost, schedule and effort impacts.

9. Update change request with target date for decision.

IV. Decide whether to execute the change

Actions Responsibility
10. If changes impact scope, budget or schedule place request Change Control
on agenda for next meeting. Committee

11. If changes do not impact scope, budget or schedule decide

whether to proceed with the change.

12. Review and discuss analysis of change request.

13. Develop recommendation and coordination with requesting
party if required.

14. Decide whether to proceed with the change

15. Generating work plan, assign resources, and expected

output and time.
16. Update status of change request with control decision.

V. Execute decision, including revision to project plans if necessary

Actions Responsibility
17. Authorization from the appropriate authority level depending Change Manager
on type of change (strategic, tactical, operational).

18. Final approval/rejection.

19. Implement and test the change in non-production

environment.

3
 Change Control Procedure


20. Establishing remediation plan in coordination with technical

personals.

21. Incorporate change request into appropriate plans and work

plan.

22. Update work plan baseline for agreed changes.

23. Implement the successful actions in the operational and

production environment.

24. Communicating and training stakeholders with the incoming

change.

VI. Verify that action is complete and close change request

Actions Responsibility
21. Test the output and process of the change. Change Manager,
Change initiator
22. Close change request.

23. Monitor and report progress against project plan.

24. Confirm all updates have been recorded and file all change
request documents.

Terms and Definitions

It is a systematic approach to managing all changes made to

ICT Resources. The purpose is to ensure that unnecessary
Change Control changes are not made, that all changes are documented,
that services are not unnecessarily disrupted, and that
resources are used efficiently.

4
 Change Control Procedure


It includes computing, networking, communications,

application, and telecommunications systems, infrastructure,
ICT Resources hardware, software, data, databases, procedures, physical
facilities, cloud-based vendors, Software as a Service (SaaS)
vendors, and any related materials and services.

The Request for Change is formal request for the

implementation of a Change. The RFC is a precursor to the
Request for Change
'Change Record' and contains all information required to
approve a Change.

A plan that describes alternatives and tactics to be carried in

Remediation Plan
case of implementation failures.

Change Manager,
Change Initiator,
Roles and personals involved in overall change activities as
Change Approver,
indicated by the Change Control Policy.
Change Control
Committee

Related Procedures and other References

 Software development procedure

 Systems integration procedure

 Systems migration procedure

 Information security policy

 Risk management plan

5
 Change Control Procedure


Disclaimer Statement
Deviations from policies, procedures, processes, or guidelines published and approved by ICT
Directorate can only be done cooperatively between the ICT Directorate authorized personals
and the requesting entity with sufficient time to allow for appropriate risk analysis,
documentation, and possible presentation to ICT Directorate. Willful failure to adhere to ICT
Directorate written policies will meet governmental laws and regulations.