Change Management Process for Information Technology

Change Management Process

For

Information Technology

Carlo Figliomeni

Copyright © 2012 by Carlo Figliomeni.

Library of Congress Control Number:       2011962007

ISBN:         Hardcover                               978-1-4691-3213-6

                   Softcover                                 978-1-4691-3212-9

                   Ebook                                      978-1-4691-3214-3

All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without permission in writing from the copyright owner.

This book was printed in the United States of America.

To order additional copies of this book, contact:

Xlibris Corporation

1-888-795-4274

www.Xlibris.com

[email protected]

108434

CONTENTS

1 Preface

1.1 INTRODUCTION

1.2 CHANGE STATE

1.3 CHALLENGES

Chapter 2 Process

2 The Change Management Process

2.1 Mission

2.2 Objectives

2.3 Scope

2.4 Defining What a Change Is

2.5 Defining a Change Category

2.5.1 Normal (Proactive)

2.5.2 Emergency

2.5.3 Urgent (Mandatory)

2.5.4 For Information Only (Reactive)

2.5.5 Delegated or Standard

2.6 Definition of a Change Management

2.7 Change Advisory Board (CAB)

3 Roles and Responsibilities

3.1 Change Management Owner

3.2 Process Leader (Change Manager)

3.3 Change Management Coordinator

3.4 Change Requester

3.5 Change Reviewer(s)

3.6 Change Approver

3.7 Change Implementer

4 Guidelines

4.1 Operational Guidelines

4.2 General Guidelines

4.3 Implementation Plan Guidelines

4.4 Install Procedure Guidelines

4.5 Test Plan Guidelines

4.6 Back-Out Plan Guidelines

4.7 Security Guidelines

4.8 Change Windows

4.9 Change Freeze

5 Change Categories

5.1 Normal Change Process

5.2 Emergency Change

5.3 Urgent Change

5.4 For Information Only

5.5 Delegated Changes (a.k.a. Standard Change)

6 Life of an RFC

6.1 Change Request Record Status

6.2 RFC Change Lead Times

7 RFC Submissions and Approvals

7.1 Preparing the RFC for Submission

7.2 Seeking CAB Approval

8 Closing an RFC

8.1 Final Closing Checklist

8.2 Waiting Period for Closure

8.3 Change Closure Codes

8.4 Backed-Out Changes—Failed Change

8.5 Postimplementation Review (PIR)

9 Measurements

9.1 User Satisfaction

9.2 Overall Process Health

9.3 Process Efficiency

9.4 Process Effectiveness

9.5 Continuous Improvement

10 Reporting

10.1 Change Schedule

10.2 Change Summary

11 Meetings

11.1 Attendees

11.2 Date, Time, Location, and Conference Number

11.3 Agenda

11.4 Quorum

11.5 Voting

11.6 Meeting Minutes

12 Forms and Templates

12.1 Request for Change (RFC)

12.2 Standard Risk Assessment Procedure

12.3 Category-to-Procedure Relationship

13 Rules

Rule No. 1:

Rule No. 2:

Chapter 3 Procedures

14 The Change Management Procedures

14.1 Procedure Flow of Change Management Process

14.2 Change Entry

14.3 CAB Assessment

14.3.1 Technical Assessment

14.3.2 Business Assessment

14.4 Scheduled Change

14.5 Monitor Implementation

14.6 Distribution and Installation

14.7 Report and Control

Chapter 4 Terminology

15 Terminology and Acronyms

Chapter 5 Exhibits

Exhibit A: Standard Risk Assessment Procedure

Exhibit B: Emergency Change Management Procedure

Exhibit C: Approver Matrix

Exhibit D: Sample Change Request Form

Exhibit E: Category-to-Procedure Relationship

Exhibit F: RFC Lead Times and Waiting Periods for Closure

Exhibit G: Sample Agenda and Minutes

CAB Meeting Minutes

Exhibit H: Carrying out a Postimplementation Review (PIR)

Exhibit I: Sample Change Schedule

Exhibit J: Sample Change Schedule

Exhibit K: General Questions and Answers

Exhibit L: Category 4 Flow

1 Preface

1.1    INTRODUCTION

Industry defines a process as the act of taking something through an established and usually routine set of procedures to convert it from one form to another. A process involves steps and decisions in the way work is accomplished. Based on this definition,

• to understand what the Change Management Process is, read the ITIL Change Management documentation;

• to understand the content of the Change Management Process, read the COBIT module AI6 documentation;

• to understand who, what, when, and how to implement the Change Management Process, continue reading the book.

The book is the result of years in providing organization transformation guidance on Information Technology Infrastructure Library (ITIL)¹ and Control Objectives for Information and related Technology (COBIT)² mandate module AI6—Manage Changes. The book can be used by any organization who wants to implement and manage a robust Change Management Process to deliver quality service by reducing or eliminating potential failed changes.

The book is designed so that it can be used by either an existing Change Management Manager who wants to improve the way changes are introduced to their environment or by an organization that is planning to introduce a formal Change Management Process within the information technology group or any other business group.

The book provides the following:

• A framework that allows for the initial creation of a Request for Change (RFC) and all the steps required for a successful implementation including the closure of the RFC;

• Guidelines which provide checklists of questions to ask to validate the change request;

• A structured format to conduct the formal Change Advisory Board (CAB) review meetings;

• Step-by-step procedures to guide all the participants during the life of the change request;

• Associated roles and responsibilities for each participant involved in the process;

• Hints and tips to help the Change Manager better manage and control the change process;

• Metrics to measure the results of the change process;

• Templates that are useful when creating the change request and assessing the categorization of the change.

There are many tools performing the same function when it comes to automating the Change Management Process. To be tool neutral, this book does not provide any tool assessment. The Change Manager should select a tool based on the architecture platform and the strategic direction adopted by their organization.

With the introduction of any new process, expect that the result will affect

• the organization,

• the staff,

• the interaction with other existing processes,

• technology, and

• knowledge management.

When considering implementing the Change Management Process, keep in mind that the organizational and people challenges will be most important aspect to take into account.

Note: Throughout the book, guidelines and parameters are provided that can be used in the introduction of the new Change Management Process. These guidelines and parameters are applicable to many different business organizations. The reader may use these or may decide to modify based on their business requirements.

The information technology (IT) Change Manager needs to understand the business commitment made based on existing Service Level Agreements (SLA)—whether they are formally documented or informal expectations already set with the business when planning to utilize these guidelines and parameters.

1.2    CHANGE STATE

Whether deciding to improve the existing process or to implement a new process, the designated Change Manager needs to be aware of the psychological change states that will be faced by the organization, which are

• the present state,

• the transition state, and

• the desired state.

To provide additional clarity, each state has a brief description.

Figure 1: Change State Phases

The Present State. The present state is how things are done today. It is the combination of processes, behaviors, technologies, and organizational structures that defines how work gets done. The present state may not be working great, but it is familiar and comfortable because the staff knows what to expect. The present state is where the staff is successful and they know how they are being measured and evaluated.

The Transition State. The transition state is disorganized. It is unpredictable and constantly changing. The transition state is a period where there is an emotional charge—a sense of loss and anxiety to anger and fear. During the transition state, productivity almost always declines. The transition state requires each one to accept new procedural ways and learn new ways of behaving while performing their defined day-to-day functions.

The Desired State. The desired state is where we need to get to. It is hardly defined and can actually shift while working through the transition state. The desired state is supposed to be better than the present state in terms of processes, behaviors, technologies, and organizational structures. The desired state can worry the staff as the new state may not match the staff’s personal and professional goals, and there is a chance that it may not be what we envisioned.

These states provide a way to articulate how changes actually occur. Whether the change is a new application, a new performance review process, a new piece of machinery, a new business process, there is always a present state (how things are done today), a desired state (how things will be required to be done), and a transition state (the activities required to move from the present state to the desired state).

Note: Most organizations address these states as part of their communication plan, which informs the change-affected audience of what, when, why, how, and by whom the change will be managed. The communication plan’s objective is to ensure the audience is fully aware and there are no surprises while articulating to the staff the value to be received.

Based on past experience, the implementation result usually falls into three ranges. The numeric value may vary by plus or minus 5 percent company by company. Most of the consultants in the Change Management field will attest that on an average, the following have been shown:

• Twenty percent will make the leap of faith and they become the champions; they will communicate and provide positive feedback to other staff in support of the process.

• Seventy percent will require education and training for them to understand and to support the new process. Education and training will be required regularly for both existing and new staff to introduce or reinforce the process.

• Ten percent of the staff are set in their ways and may not support or adhere to the process; they will provide negative feedback and will try to derail the process in