Change management ITSM defined
Wondering what ITSM change management is? When it comes to IT service management, change management ITSM is a discipline aimed at standardizing processes and methods for efficiently dealing with changes to control IT infrastructure. This helps to reduce the occurrences and impact of service-related incidents.
Issues or other internal and external requirements like legislative changes or service improvement initiatives can trigger the need for infrastructure changes. When these triggers occur, change management can ensure standardized methods, processes, and procedures help to facilitate efficient and timely handling of all changes and maintain the right balance between the need for change and the potential detrimental impact of changes.
Below you will find practical definitions for participant roles, types of changes, and risk levels used by many organizations when establishing an ITSM process at the enterprise level.
Roles and responsibilities
- Change requestor: Is responsible for all aspects of documenting, planning, testing, and executing change requests. They verify the success of the implementation and know what to do if a failure occurs. The change requestor communicates with all stakeholders, and shepherds change requests for approval.
- Change reviewer: Reviews the change submitted for completeness, validity, and accuracy. They ensure business justification, change tasks, and plans are accurately populated. The change reviewer approves the change during the request for authorization.
- Change manager: Provides the first level of approval, they might add additional levels of approval based on the potential risk or impact. They are responsible for managing and coordinating all activities necessary to control, track, and audit changes. The change manager is also responsible for resolving conflicts and facilitating Change Advisory Board meetings.
- Change approver: Ensures the change will meet the customer’s needs and that the customer has accepted the change. The approver ensures the request includes all required documentation. They also review the testing plan for completeness and communicates with all stakeholders as required.
- Change implementer: Executes the change implementation tasks and verifies that they are completed. They work through the entire ITSM Process to ensure only approved tasks are executed and only within the approved start and end times. When necessary, the implementer escalates any issues that arise and communicates all task outcomes.
Types of changes
All changes must have a type defined based on a standard categorization defined by the business based on the overall potential impact. Coupled then with a risk descriptor the organization is then able to determine an overall risk profile.
- Standard – Low impact, most often these are frequent changes that experienced implementors execute without fail. These could potentially be pre-approved with no additional approvers required.
- Normal – Changes that must follow a typical change review/approval process in full, including all documentation, risk analysis, scheduling, and approvals. Most changes fall within this category.
- Exceptions – A change that is not able to follow the regular process due to the nature of the change. These are typically urgent in nature that must be expedited or implemented off-cycle.
- Emergency – A change that is initiated in response to an incident and must be implemented immediately to avoid a production outage.
- Unauthorized – Used to document specific after the fact changes that are implemented without any approval process. These changes are used for audit tracking procedures.
Risk descriptor levels
- Very high – Is the highest level risk with the potential to severely disrupt the business if experienced, can result in the loss of revenue and customers likely.
- High – These risks are disruptive to the organization, and customer awareness likely.
- Medium – These risks could be disruptive to the customers, they might become aware.
- Low – The impact of low-level risks is limited to non-essential, non-customer-facing applications.
- Very low – These risks have minimal impact if any.
A solid change management process is required for any organization looking to safeguard their systems, people, and processes from unexpected disruptions. Customers and clients expect systems to be available almost 24/7 365 days so having a process for your organization to follow is the best insurance policy to guarding against avoidable mistakes or errors when maintaining or upgrading existing platforms.