Change Enablement Procedures

Summary

This article describes the Change Enablement procedures and give descriptions of roles and types of changes.

Body

PURPOSE

The purpose of this practice is to limit and mitigate the negative impact of changes. Normal service operation is maintained by following standardized methods and procedures for the efficient and prompt handling of all changes. This ensures that the best possible levels of service quality and availability are maintained.

SCOPE

The scope of this document is to provide a framework for the processes and practices of Change Enablement as it pertains to the University of Arkansas IT Services environment, including team members and stakeholders.

OBJECTIVES

A change is the addition, modification, or removal of anything that could have a direct or indirect effect on services. Successful service and product changes are maximized by assessing risk, obtaining authorization, and scheduling changes.  The level of associated risk is used to categorize a change as standard, normal, or emergency. Changes are authorized by the Change Advisory Board (CAB), a group charged with guiding the implementation of technical changes to support the mission, goals, and priorities of the university. Once authorized, the Change Manager schedules the change.

  • Evaluate and approve change requests based on resource constraints, risk, the effect on the quality of services delivered, and alignment with university mission and operations.

  • Ensure efficient communication of changes among stakeholders.

  • Ensure alignment with best practice and industry standards for technology-related changes.

ROLES AND RESPONSIBILITIES

Change Manager

  • Manage the Change Control process.

  • Ensure that change requests are sufficiently vetted before submission to the CAB.

  • Facilitate CAB meetings and communicate CAB decisions.

  • Manage the change calendar.

  • Monitor and review the testing and change activities.

  • Communicate with Change Managers from other UA System entities (Workday, Project One, etc.).

  • Conduct regular review of the practice and procedures.

  • Change Advisory Board (CAB)

  • Review and approve normal change requests on a regular basis.

  • Review and approve emergency change requests as needed.

  • Nominate and approve changes for standard change classification.

  • Review standard change requests on a regular basis.

Standing membership of the CAB includes:

  • Change Manager

  • Associate CIO, Infrastructure and Enterprise Systems

  • Associate CIO, Enterprise Applications and Data Services

  • Associate CIO, Research and Academic Technologies

  • Chief Information Security Officer

  • Associate CIO, Enterprise Services [vacant]

  • CAB members may delegate responsibilities to others as needed.

Subject matter experts (SME) and business representatives affected by the change may be engaged as needed.

The CIO approves CAB membership and names a chair. Nominations can be made by any employee in IT Services. Self-nominations are permitted with the approval of the supervisor.

Change Process Owner

  • Own the process end-to-end, including the RACI, process & procedural steps, role & definitions.

  • Review monthly/quarterly/yearly review of process KPIs to support maturity of the process.

  • Adjust the process to address performance or changing business needs.

PROCEDURES

Change Enablement procedures include:

  • planning individual change process activities, authorizations, and controls;

  • facilitating the progress of changes from receiving requests to assessing change success;

  • communicating change status to stakeholders; and

  • coordinating scheduling of all approved changes.

    Uploaded Image (Thumbnail)

Change Approval

The Change Advisory Board (CAB) will meet weekly [meeting time] to review upcoming changes, past changes, and the change process. Standard changes are presented for information only and authorization decisions will be made. If all members of the CAB do not agree, the chair of the CAB will make a final decision.

Normal Change

Step 1: Plan

[Change Requester]

Select Request A Change on the Change Enablement site. Enter as much information as possible in each field. Select Save. The requester and the Change Manager will receive an automated email upon submission of a change request.

Change requests require the following information:

  • Title

  • Requester

  • Description of the change

  • Reason for change

  • Change in business requirements (new or changed legislation)

  • Contract/Vendor update

  • Customer or user dissatisfaction (Continuous improvement)

  • Incident/Problem resolution

  • Introduction or removal of a CI

  • Location change

  • New or changed legislation

  • Upgrade to CI

  • Proposed Start Time

  • Proposed End Time

  • Systems directly affected

  • Upstream and downstream systems and services impacted

  • Customers impacted

  • Impact assessment Please provide more details on the impact to systems and services, and customers. You may attach additional information.

  • Testing results Please give a description of the testing process and results of testing. You may attach additional information.

  • Implementation plan Please provide a detailed description of the steps to implement the change, including the teams and roles involved. You may attach additional information.

  • Risk assessment Please describe the risks associated with the change. You may attach additional information.

  • Necessity What risks or threats are associated with the current situation that necessitate this change? You may attach additional information.

  • Backout plan What is the backout plan if the change does not succeed or has issues? (specify the backout override approver if different from direct supervisor). You may attach additional information.

  • Communication plan How will the change be communicated to stakeholders, including a timeline for communication activities. You may attach additional information.

Note: The Change Manager will contact the requester with any questions or if additional information is required.

Step 2: Assess

[Change Manager]

  • Review the New Change Requests. Select the title to review all details and any comments. Determine the appropriate level of change authority.

  • Standard

  • Normal

  • Emergency

  • Information only – Changes that are outside the control of IT Services are added to the change calendar and reflected on the configuration item in ITSM tool.

  • Ensure that the information provided is sufficient to evaluate the business justification, impact, cost, benefits, risks, and predicted performance of change. Edit the change and assign a Risk level.

[Insert risk level matrix]

  • Request formal evaluation of the change by the CAB. Edit the change and assign a Status.

  • New

  • Current Meeting

  • Next Meeting

  • Deferred

  • Final Approval

  • Obtain authorization/rejection.

  • Communicate the decision with all stakeholders, in particular the initiator of the RFC.

  • Plan updates.

Step 3: Implement

  • Coordinate

Step 4: Review

  • Review and close the change after it is completed, or if the change fails, re-assess the change.

Emergency Change

  • Step 1: Classify

  • Step 2: Assess

  • Step 3: Implement

  • Manually update change

  • Step 4: Review

Standard Change

Standard changes are pre-approved because risk is low and the procedures are automated and/or documented. Examples of a standard change routine testing or software updates, preventative maintenance, service requests, standard incident responses, and standard disaster recovery actions.

  • Step 1: Classify

  • Step 2: Assess

  • Step 3: Implement

Continual Improvement

Metrics to evaluate success

  • Average time of change realization

  • Change request submitted date – Change implementation complete date

  • Change initiator’s satisfaction with outcomes

  • Change initiator’s satisfaction with change time lines

  • Change success/acceptance rate

  • Business impact of change-related incidents

  • Impact of changes identified as sources of problems/errors

  • Number and duration of change-related incidents

  • Was there a change-related incident?

  • Duration of incident

  • Stakeholder satisfaction with the procedures and communications

  • Stakeholder satisfaction with realization of individual changes

  • Compliance with formally stated requirements

DEFINITIONS

Term

Definition

Change
The addition, modification, or removal of anything that could have a direct or indirect effect on services.

Change Advisory Board (CAB)
A group that convenes to authorize changes.

Change record
Contains the details of the change. Each change record documents the life cycle of a single change. A change record is created for every request for change that is received, even those that are rejected. Change records should reference the configuration items affected by the change. Change records may be stored in the configuration management system or elsewhere in the service knowledge management system.

Emergency change
A change that must be completed as soon as possible. This does not necessarily mean unpredictable or unknown.

Standard change
A pre-approved change that is low risk and has a documented procedure.

REFERENCES

ATTACHMENTS/APPENDICES

 

Details

Details

Article ID: 54
Created
Wed 12/13/23 12:41 PM
Modified
Wed 12/13/23 5:06 PM