Body
PURPOSE
The purpose of this practice is to limit and mitigate the negative impact of changes. Normal service operation is maintained by following standardized methods and procedures for the efficient and prompt handling of all changes. This ensures that the best possible levels of service quality and availability are maintained.
SCOPE
The scope of this document is to provide a framework for the processes and practices of Change Enablement as it pertains to the University of Arkansas IT Services environment, including team members and stakeholders.
OBJECTIVES
A change is the addition, modification, or removal of anything that could have a direct or indirect effect on services. Successful service and product changes are maximized by assessing risk, obtaining authorization, and scheduling changes. The level of associated risk is used to categorize a change as standard, normal, or emergency. Changes are authorized by the Change Advisory Board (CAB), a group charged with guiding the implementation of technical changes to support the mission, goals, and priorities of the university. Once authorized, the Change Manager schedules the change.
-
Evaluate and approve change requests based on resource constraints, risk, the effect on the quality of services delivered, and alignment with university mission and operations.
-
Ensure efficient communication of changes among stakeholders.
-
Ensure alignment with best practice and industry standards for technology-related changes.
ROLES AND RESPONSIBILITIES
Change Manager
-
Manage the Change Control process.
-
Ensure that change requests are sufficiently vetted before submission to the CAB.
-
Facilitate CAB meetings and communicate CAB decisions.
-
Manage the change calendar.
-
Monitor and review the testing and change activities.
-
Communicate with Change Managers from other UA System entities (Workday, Project One, etc.).
-
Conduct regular review of the practice and procedures.
-
Change Advisory Board (CAB)
-
Review and approve normal change requests on a regular basis.
-
Review and approve emergency change requests as needed.
-
Nominate and approve changes for standard change classification.
-
Review standard change requests on a regular basis.
Standing membership of the CAB includes:
-
Change Manager
-
Associate CIO, Infrastructure and Enterprise Systems
-
Associate CIO, Enterprise Applications and Data Services
-
Associate CIO, Research and Academic Technologies
-
Chief Information Security Officer
-
Associate CIO, Enterprise Services [vacant]
-
CAB members may delegate responsibilities to others as needed.
Subject matter experts (SME) and business representatives affected by the change may be engaged as needed.
The CIO approves CAB membership and names a chair. Nominations can be made by any employee in IT Services. Self-nominations are permitted with the approval of the supervisor.
Change Process Owner
-
Own the process end-to-end, including the RACI, process & procedural steps, role & definitions.
-
Review monthly/quarterly/yearly review of process KPIs to support maturity of the process.
-
Adjust the process to address performance or changing business needs.
PROCEDURES
Change Enablement procedures include:
-
planning individual change process activities, authorizations, and controls;
-
facilitating the progress of changes from receiving requests to assessing change success;
-
communicating change status to stakeholders; and
-
coordinating scheduling of all approved changes.
Change Approval
The Change Advisory Board (CAB) will meet weekly [meeting time] to review upcoming changes, past changes, and the change process. Standard changes are presented for information only and authorization decisions will be made. If all members of the CAB do not agree, the chair of the CAB will make a final decision.
Normal Change
Step 1: Plan
[Change Requester]
Select Request A Change on the Change Enablement site. Enter as much information as possible in each field. Select Save. The requester and the Change Manager will receive an automated email upon submission of a change request.
Change requests require the following information:
-
Title
-
Requester
-
Description of the change
-
Reason for change
-
Change in business requirements (new or changed legislation)
-
Contract/Vendor update
-
Customer or user dissatisfaction (Continuous improvement)
-
Incident/Problem resolution
-
Introduction or removal of a CI
-
Location change
-
New or changed legislation
-
Upgrade to CI
-
Proposed Start Time
-
Proposed End Time
-
Systems directly affected
-
Upstream and downstream systems and services impacted
-
Customers impacted
-
Impact assessment Please provide more details on the impact to systems and services, and customers. You may attach additional information.
-
Testing results Please give a description of the testing process and results of testing. You may attach additional information.
-
Implementation plan Please provide a detailed description of the steps to implement the change, including the teams and roles involved. You may attach additional information.
-
Risk assessment Please describe the risks associated with the change. You may attach additional information.
-
Necessity What risks or threats are associated with the current situation that necessitate this change? You may attach additional information.
-
Backout plan What is the backout plan if the change does not succeed or has issues? (specify the backout override approver if different from direct supervisor). You may attach additional information.
-
Communication plan How will the change be communicated to stakeholders, including a timeline for communication activities. You may attach additional information.
Note: The Change Manager will contact the requester with any questions or if additional information is required.
Step 2: Assess
[Change Manager]
-
Ensure that the information provided is sufficient to evaluate the business justification, impact, cost, benefits, risks, and predicted performance of change. Edit the change and assign a Risk level.
[Insert risk level matrix]
-
New
-
Current Meeting
-
Next Meeting
-
Deferred
-
Final Approval
Step 3: Implement
Step 4: Review
Emergency Change
-
Step 1: Classify
-
Step 2: Assess
-
Step 3: Implement
-
Manually update change
-
Step 4: Review
Standard Change
Standard changes are pre-approved because risk is low and the procedures are automated and/or documented. Examples of a standard change routine testing or software updates, preventative maintenance, service requests, standard incident responses, and standard disaster recovery actions.
-
Step 1: Classify
-
Step 2: Assess
-
Step 3: Implement
Continual Improvement
Metrics to evaluate success
-
Average time of change realization
-
Change request submitted date – Change implementation complete date
-
Change initiator’s satisfaction with outcomes
-
Change initiator’s satisfaction with change time lines
-
Change success/acceptance rate
-
Business impact of change-related incidents
-
Impact of changes identified as sources of problems/errors
-
Number and duration of change-related incidents
-
Was there a change-related incident?
-
Duration of incident
-
Stakeholder satisfaction with the procedures and communications
-
Stakeholder satisfaction with realization of individual changes
-
Compliance with formally stated requirements
DEFINITIONS
Term
Definition
Change
The addition, modification, or removal of anything that could have a direct or indirect effect on services.
Change Advisory Board (CAB)
A group that convenes to authorize changes.
Change record
Contains the details of the change. Each change record documents the life cycle of a single change. A change record is created for every request for change that is received, even those that are rejected. Change records should reference the configuration items affected by the change. Change records may be stored in the configuration management system or elsewhere in the service knowledge management system.
Emergency change
A change that must be completed as soon as possible. This does not necessarily mean unpredictable or unknown.
Standard change
A pre-approved change that is low risk and has a documented procedure.
REFERENCES
ATTACHMENTS/APPENDICES