Académique Documents
Professionnel Documents
Culture Documents
Change requests are submitted as Requests for Change (RFC), the degree of formality of
the RFC depends on the extent of the change
Change Records are to be used to capture the details of the lifecycle of the changes making
references to the configuration items affected (stored in configuration management system),
one change record for each individual change
No change should be approved without a back-out or remediation plan (to restore the initial
configuration)
[definition] Remediations are actions taken to recover after a failed change or release.
Remediation may include back-out, invocation of service continuity plans, or other actions
designed to enable the business process to continue.
Purpose: to control the lifecycle of all changes, enabling beneficial changes to be made
with minimum disruption to IT services.
uncontrolled changes might cause a surge in incidents
to consider all aspects (intended and unintended) a change may bring
Objectives
to keep abreast of and support the changes in the business environment (by reducing
incidents, disruption and rework)
to ensure that changes are recorded and evaluated, and that authorized changes are
prioritized, planned, tested, implemented, documented and reviewed in a controlled
manner as recorded in the configuration management system (CMS)
to optimize risk (balance between risk of doing and risk of not doing)
to control the assets of the infrastructure
Scope
cover everything from configuration items (servers, infrastructure, documentation,
services and configuration), management systems and tools, processes, metrics,
solution and architecture from design strategy to continual service management
excluding organization and business changes, and minor operational changes
manage all changes in a controlled manner on all levels (strategic, tactical and
operational) by making reference to the service portfolio
Change management is not responsible for the coordination of processes for the
successful implementation of projects; this will be handled through the planning and
transition support process.
Output
change schedule (CS, also an input)
projected change outage (PSO)
remediation plan
ITIL recommends the use of a change model or change process model to handle changes
in a consistent manner:
Steps for handling the change
The order in which the steps should be carried out, including any dependencies
Responsibilities throughout the process
Timescales
Escalation procedures
Types of Changes
Standard Change a change to a service or other configuration item, which has a
preauthorized approach to its execution, well understood for risks, follow a
standard procedure with a predefined trigger
e.g. installation of a new computer
RFC not required, logged as service requests
enhance the effectiveness of change management
records need to be reviewed regularly
Emergency Change a change in response to or in order to prevent a businesscritical error
need to have a clear definition of the authority levels associated with
emergency changes (e.g. emergency change advisory board (ECAB)
may not have enough time for extensive testing
documentation may need to be updated afterwards
risk of failure is high
Normal Change
Typical flow (all information stored in SKMS):
Create the request for change (RFC) -> trigger the creation of the
change record
Review the RFC sufficient information, appropriate budget, is it
practical by the change manager
Assess and evaluate the change (after approval of RFC) need
Change Proposal?
Who raised the change?
What is the reason for the change?
What is the return required from the change?
What are the risks involved in the change?
What resources are required to deliver the change?
Who is responsible for the build, test, and implementation of
the change?
What is the relationship between this change and other
changes?
Authorize the change by a change authority usually CAB, update the
change schedule and projected service outage (PSO) with a
remediation plan
Plan updates build and test
Coordinate change implementation to ensure changes are deployed
as scheduled
Review and close the change pass the acceptance criteria: success ->
close the change record; failure -> remediation plan or workaround
Change Proposal: submitted for major change that involves significant cost,
risk or organizational impact, before the new/change service is chartered,
normally created by Service Portfolio management. Change proposals include
a high-level description of the change, a detailed business case (including risk
assessment) and schedule for design and implementation. When authorized,
the service is chartered.
RFC should specify the details of the change, including the risks, benefits,
costs, and proposed schedule for implementation, depending on guidelines.
Change Advisory Board (CAB)
determine whether normal changes should be authorized
include people from business and technical sides, stakeholders to reflect a balanced
view
Change management process is an trigger for change evaluation process
Change management involve the assessment of a large number of other processes (e.g.
capacity, IT service continuity, security, etc.)
/////////
Scope
plan future transition needs
maintenance of policies and standards
provide transition guidance and plan for achieving business goals
coordinate and prioritize resources for multiple transition needs
review and improvement current process and plan for future transition needs
Not including the detailed plans for building, testing and deployment
Plan for a project, service or groups of services, e.g. network services. These plans
define the specific Configuration Management activities within the context of the
overarching Service Asset and Configuration Management strategy.
Configuration identification
Define and document criteria for selecting configuration items and the
components that compose them
Select the configuration items and the components that compose them based
on documented criteria
Assign unique identifiers to configuration items
Specify the relevant attributes of each configuration item
Specify when each configuration item is placed under Configuration
Management
Identify the owner responsible for each configuration item.
Configuration control
Configuration control ensures that there are adequate control mechanisms over CIs
while maintaining a record of changes to CIs, versions, location and
custodianship/ownership. Without control of the physical or electronic assets and
components, the configuration data and information there will be a mismatch with
the physical world. No CI should be added, modified, replaced or removed without
an appropriate controlling documentation or procedure being followed.
Status accounting and reporting
Each asset or CI will have one or more discrete states through which it can progress.
The significance of each state should be defined in terms of what use can be made of
the asset or CI in that state. There will typically be a range of states relevant to the
individual asset or CIs. A simple example of a lifecycle is: development or
draft approved withdrawn. The way CIs move from one state to another should
be defined, for example, an application release may be registered, accepted, installed
or withdrawn.
Verification and audit
The activities include a series of reviews or audits to:
Ensure there is conformity between the documented baselines (for example,
agreements, interface control documents) and the actual business environment
to which they refer
Verify the physical existence of CIs in the organization or in the DML and
spares stores, the functional and operational characteristics of CIs and to
check that the records in the CMS match the physical infrastructure
Check that release and configuration documentation is present before making
a release
Definition of Terms
Service Asset any resource or capability that could contribute to the delivery of a
service
down to update PCs and Servers when it best suits the customer, however at times of
extreme virus risk this may be.
Automation versus Manual
Whether by automation or other means, the mechanisms to release and deploy the
service components should be established in the release design phase and tested in
the build and test stages of the new or changed service. Automation will help to
ensure repeatability and consistency. The time required to provide a well designed
and efficient automated mechanism may not always be available or viable. If a
manual mechanism is used it is important to monitor and measure the impact of
many repeated manual activities as they are likely to be inefficient and error prone.
Too many manual activities will slow down the release team and create
resource/capacity issues that affect the service levels.