Change Management

As technologies advance, markets adapt, and businesses grow, organizations’ IT

infrastructures need to be able to evolve to address new needs. However, rolling out
change requests to a company’s internal systems can be difficult, risky, and time
consuming.

Perhaps even more importantly, IT changes can directly affect the productivity and
engagement of employees who depend on company technology. And whether the
change is limited to adding a new office printer, or involves a new technology being
implemented across an entire organization, necessary documentation, approval, and
implementation practices are vital.

IT change management classifies all changes as either standard, emergency,

or normal, and relies heavily on automation wherever possible. This helps ensure a
smooth transition, establishing a standardized set of processes to guide IT changes
from conceptualization to closure. IT change management is different
from organizational change management, which typically refers to managing changes to
employee roles and processes within an organization.
Why is IT change management important?
Consider something as routine as applying a scheduled antivirus update. This
necessary maintenance task is usually very straightforward and relatively painless.
However, while security patches are being applied, inward- and outward-facing
systems may experience downtime or other issues. As such, the organization is
presented with a difficult choice: experience regular interruptions while updating
systems, or risk potentially devastating consequences from not updating their
security tools.

For organizations to remain competitive, their IT teams need to be able to provide

stable, reliable, consistent service. At the same time, they must help the organization
adapt to changing needs through regular service updates. Unfortunately, these two
directives are often at odds with one another—stability and reliability demand
consistency, while service updates, by their very nature, introduce change.
Scenarios for IT Change Management

IT change management takes a best-of-both-worlds approach, providing a defined

path for businesses to implement vital changes, while minimizing the resulting
disruptions of service. It does this by helping organizations do the following:

 Prioritizing changes and allocating resources.

 Collecting relevant information and organizing it into easy-to-understand
documents.
 Implementing reliable testing and vetting of proposed changes.
  Establishing a definitive framework for managing change processes.
 Creating communications channels between necessary stakeholders.
 Establishing effective approval processes.
 Streamlining the entire change process, significantly reducing service
downtime while also delivering value to end users more quickly.

What are change management definitions?

IT change management incorporates a few terms and acronyms, including the
following:
IT infrastructure library (ITIL)

ITIL is a framework for standardizing the lifecycle of IT services within an

organization. ITIL improves the efficiency and predictability of IT-service selection,
delivery, management, maintenance, etc.

ITIL is one of the most popular frameworks for IT service management (ITSM), and is
used throughout nearly every industry. In terms of IT change management, ITIL
categorizes change into three groups:

 Standard changes
Standard changes are low-risk changes that follow an established procedure.
These changes are pre-authorized and usually very low risk. Because they
follow a set process, these may be easily automated. Examples of standard
changes include software patching and updating, replacing outdated
hardware, and making new DNS entries.
 Emergency changes
Emergency changes are unexpected, and generally must be implemented
immediately to mitigate or minimize the negative effects of an emergent
situation. Emergency changes may include isolating a network from a large-
scale DDoS attack or applying an emergency patch in response to a zero-day
exploit
 Normal changes
Normal changes describe any changes that are not standard changes or
emergency changes. These changes are further categorized as minor,
significant, or major, based on the amount of risk involved. These changes are
not pre-authorized or scheduled, but also do not carry the same urgency as
emergency changes.
Request for change (RFC)

RFC is a formal request for implementing a specific change. The RFC should contain
all information necessary for evaluating and approving or rejecting the change, with
the level of detail depending upon the size of the change and its potential impact
and risk.

The RFC is a detailed request for change but is not the change itself. This request is
sent to the CAB and must provide them with all the information they need to
accurately assess the change.
Change advisory board (CAB)

CAB describes the team of individuals tasked with evaluating proposed changes to
the IT environment. The formality and complexity of a CAB will vary from
organization to organization and may be as simple as an email list or forum, or
something as formal as an actual board led by a designated chairman. In all cases,
the CAB must be composed of IT decision makers and technical experts, who can
apply their own knowledge and experience in reviewing changes.

When a change is suggested, the CAB receives the relevant RFC and uses that
information to inform their evaluation. However, the CAB is not responsible for
making the final decision. Final approval instead falls to the change manager.
What are common change management roles and responsibilities?
IT change management has an impact on essentially every part of an organization. As
such, the roles and responsibilities associated with change management can be
difficult to clearly define. Likewise, different businesses may assign different tasks to
different roles, making a universally standardized list impossible. That said, many
companies include the following (or similar) roles in their change management
initiatives:
Change owner

Oversees and takes responsibility for the entire change management process.
Change manager

Manages the CAB, coordinates teams and stakeholders, makes final decisions to
approve or reject proposed changes, and directs the implementation of approved
changes.
Change initiator

Proposes changes, collects, and organizes relevant details, and creates plans for
change implementation.
CAB

Analyzes and evaluates proposed changes and provides recommendations that the
change manager may use in making approvals.
Software developer

Often takes on the role of ‘change initiator;’ software developers are directly involved
in most IT changes and are worth considering in conjunction with most other IT
change management roles.
How does IT change management relate to release management?
While IT change management relates to the processes of requesting, evaluating,
authorizing, implementing, and reviewing IT changes, release management is more
involved in the details of planning and rolling out changes.

The primary purpose of release management is to ensure that everyone involved is

fully aware of available resources, how these resources are being deployed, what
changes are being made by which teams and departments, and the sequence of
tasks being followed.

While there is some overlap, release management is a different—but related—

function from change management. Release management often incorporates
advanced automation to facilitate seamless review, tracking, and oversight.
What are the goals of IT change management?
IT change management is an essential aspect of business growth and adaptation. The
key objectives of IT change management include the following:
Help organizations control changes

Without the right processes, changes can quickly get out of hand. IT change
management gives organizations more control over the changes they implement,
allowing for effective administration every step of the way, including planning, risk
assessment, and tracking. This helps minimize risk and ensures that changes are
implemented quickly and accurately.
Improve the implementation of changes

IT change management tracks all change requests. This not only allows for a more
organized and manageable approach to IT changes, but it also helps eliminate
unauthorized changes. By creating a single set of processes and establishing clear
responsibilities, organizations can optimize change implementation throughout their
business.
Promote continuous improvement

Huge, sweeping changes tend to entail significant risk, and often throw everything
into disarray. On the other hand, ongoing changes that take small, on-going steps to
refine and enhance IT infrastructure are much more manageable. Proper IT change
management allows businesses to maintain continuous improvement, keeping up with
industry trends and rolling out important changes without significantly interrupting
their day-to-day operations.
Bring together ITSM, ITOM, and DevOps teams

Possibly the most important goal of IT change management should be to unite

teams across ITSM, ITOM, and DevOps. As DevOps and related approaches demand
increased rates of change, change managers may find themselves feeling increased
pressure. Top change management solutions not only incorporate advanced
automation and governance capabilities to ensure that changes are being effectively
and timely implemented, but they also need to be able to facilitate improved
communication and coordination between departments.

By bringing together each of these key players and providing a single centralized
source of truth throughout the entire organization, the ServiceNow Now Platform
makes optimal change management collaboration possible.
What does the IT change management process look like?
Effective IT change management demands clear processes for submitting, assessing,
approving, and implementing changes. As such, most organizations follow a
sequence of prescribed steps:
1. Change request

When the need for change becomes apparent, the first step is to collect basic change
information, including notes on possible risks, rewards, and systems that are likely to
be affected. This information is then organized into an RFC.
2. Change request review

Before being sent off, the RFC is reviewed to ensure accuracy, and to validate that the
requested change is necessary and feasible.
3. Change planning

With the request finalized, the change must now be fully planned out. The planning
stage should incorporate and document details such as impact, rollout plans,
backout plans, change roles, and any associated downtime the change might
necessitate.

Change approval

The RFC is sent to the CAB, as well as any other authorities or internal groups that
might have a stake in the change. The CAB reviews the available information, makes
an educated assessment of the risk and rewards, and provides a recommendation to
the change manager responsible for giving final approval. The change manager then
accepts or rejects the change.
5. Change implementation

With approvals in place, the organization can begin implementing the change.
Implementation includes scheduling, assigning, and delegating related tasks. Also, by
leveraging IT project management, organizations can more effectively handle large-
scale changes, more easily directing increased numbers of people and tasks.
6. Change review

Once the change has been implemented, organizations must then review and assess
to determine whether the change was successful and if there are any unacceptable
deviations from the plan. If any issues are present, they must be resolved before the
change can be closed.
7. Change closure

As a final step, the implemented and reviewed change is recorded as either

successful, failed, or incomplete. Proper closure documentation helps reduce the risk
of duplicate work and prevents essential changes from falling off the company’s
radar.

What are the benefits of IT change management?

By providing a set or clear processes to follow in planning, approving, and
implementing IT changes, change management provides several significant
advantages.
Benefits to the organization

 Decreased number of change collisions, in which too many changes are

scheduled simultaneously, resulting in conflicts and strained resources.
 Increased ability to roll out changes without negatively impacting other
operations.
 Fewer failed changes, due to detailed documentation and effective review and
evaluation processes.
 More-accurate change classification.
 Integrate organization-wide change processes.
 Improved change automation, streamlining processes and freeing up teams to
focus on other vital tasks.
 Enabling of business outcomes, in line with ITIL 4, which blends key DevOps
concepts—such as CI/CD, safe-to-fail testing, and shortened feedback loops—
into change activities.
Benefits to end users

 Enhanced transparency related to scheduled changes.

 Reduced downtime due to improved communication.
 Fewer disruptions because of unauthorized or poorly planned changes.
What are common challenges of IT change management?
While the benefits of IT change management are widely recognized, there are also
several challenges that can easily stand in the way and hinder effective deployment.
Prohibitive costs

Depending on the scope of the proposed changes, IT change management

processes may be prohibitively expensive to deploy.
Reduction in process speed

Occasionally, incorporating a detailed, step-by-step change process may slow down

the overall time to delivery, particularly in the case of standard changes that could
otherwise be handled without having to include them in the IT change management
process.
Failed changes

A high number of failed changes may be indicative of a poor change management

process and can eat up resources and time without producing viable results.
Unauthorized changes

Unauthorized changes occur when IT change management adoption is not

widespread, approval mechanisms are not effective or not in place, or relevant
stakeholders are not included in the approval process. Unauthorized changes incur
expenses without being properly documented and are thus difficult to track. They
can also create unanticipated problems that could otherwise be avoided by following
established procedures.
Change collisions

Poor communication and ineffective planning may lead to multiple changes being
scheduled for implementation at the same time. This can cause interruptions in the
changes themselves and result in further complications within the IT infrastructure.
High number of emergency changes

Because emergency changes must be addressed as quickly as possible, they tend to

circumvent certain parts of the IT change management process. When too many
changes are flagged as emergency changes, it can easily lead to delays, confusion,
and failure to handle actual emergencies with the earnestness they require.
What are IT change management best practices?
To ensure the best possible results, organizations should approach change
management using the following best practices:
Categorize changes and create specific processes

Different kinds of changes may demand different sets of processes. Creating specific
categories for proposed changes, and establishing processes for each that are most
effective, depending on priority and other requirements empower organizations to
approach each change in the most efficient way possible.
Understand risks and regulations

Organizations have their own levels of risk tolerance and regulatory restrictions.
Understanding these considerations and incorporating them into planning and
evaluation phases will help ensure that proposed changes don’t create unnecessary
problems.
Delegate roles and responsibilities

Where possible and appropriate, change managers and other change leaders should
be willing to delegate responsibilities to other reliable individuals. This will allow
them to focus on the bigger picture without getting too bogged down in the day-to-
day tasks.
Document change proposals

Change documentation should begin during the change-request stage. Managing

and proposed changes in a single digital location allows organizations to prioritize
changes more effectively, and to revisit lower-priority changes when bandwidth
allows.
Perform risk and impact analysis

Every proposed change brings with it certain risks and resource requirements.
Applying risk and impact analysis to each change gives decision makers clearer
insight to use in making final approval.
Automate wherever possible

The change management process often includes many different steps incorporating
a range of roles and can easily get bogged down waiting for approvals or other
information. Effective automation helps streamline the entire process and should be
employed liberally to ensure that the change is proceeding on schedule.
Leverage reusable change-process templates

Change-process templates are essentially forms that can be customized to the needs
of individual organizations. Creating and using these templates can help standardize
change requests and the assigning of relevant tasks.
Normalize change

IT change management is as much a cultural shift as it is a procedural one.

Organizations should work to make ongoing change the new normal and strive for
full adoption among all relevant departments and stakeholders.
Select a framework that fits the business need

A range of frameworks exist for facilitating effective change management. Businesses

should take the time to fully review the advantages of each and select the framework
that best fits their needs.
Keep stakeholders informed of schedules

When stakeholders are not informed of planned change schedules, it can lead to
incidents and confusion, and can also negatively impact other services. Including
stakeholders in scheduling not only helps eliminate possible problems, but also
encourages continued support from management.
Establish and measure key metrics and KPIs

To determine how effective a change process is, businesses must first identify
relevant metrics and KPIs. Quantifying and measuring change management success
provides concrete data that can be used to improve processes going forward.
Create contingency plans

Not every change is going to produce the desired outcome. When changes fail,
having a backout plan can help organizations cut their losses, and may be the only
thing standing in the way of damaging the existing IT infrastructure.