So much of the way modern organizations are run depends on updated, secure, and reliable IT infrastructure. Most operations require at least one system managed by IT, if not many more. As important as IT infrastructure is, it’s also ever-changing, requiring regular updates, upgrades, and rollouts. With constant change comes risk, which is why so many organizations rely on IT change management to manage any and all updates to their IT services.

What is IT change management? 

IT change management is a distinct part of an organization’s approach to IT service management (ITSM). It is comprised of the formalized processes that organizations use to update old technology or introduce new technology, within their IT infrastructure. ITIL change management is essentially the same thing, except that it aligns with ITIL, a commonly adopted framework for IT services management (ITSM) that guides the way organizations manage—broadly—their IT services (beyond just change management).

Myndbend Process Manager provides the guard rails to help you define a change management process that fits your organization and aligns with best practices.  Whether you’re managing towards compliance requirements like Sarbanes-Oxley or FedRAMP or just tightening up operations, Process Manager can help your team create and execute an effective workflow.

JIM SCHRAEPFER

CISA, CISM, CISSP, CCSP, HCISPP, PCIP

Essendis

Why IT change management is so important

As mentioned, executing any change to IT infrastructure inherently carries risk (whether organizations are aware of it and choose to mitigate it or not). That goes for seemingly minor things, too. Standardizing various procedures and processes, organizations can limit the risk of unplanned service outages, security breaches, and disruptions to employee productivity that are problematic, at best, or painful, costly, and possibly catastrophic at worst.

However, IT change management is usually only required for changes that will affect service availability or change the functionality of the service altogether. In these situations, IT change management:

    • Protects your business, personnel, customers, clients, information, and assets
    • Aligns with organizational structure, objectives, and long-term goals
    • Allows you to roll out changes to IT services across the organization, safely and securely
    • Limits the risk of incidents, outages, security breaches, and human error
    • Helps IT service teams track down the cause of a problem, make a record or it, and learn from it
    • Enables quicker updates, upgrades, and rollouts thanks to standardized procedures

 Who is involved in IT change management?

Changes to IT infrastructure often require swift, organized, and effective response—especially when reacting to an emergency. As anyone in IT services knows, emergencies do happen, and fires are constantly being put out (sometimes literally). It’s essential then that who is responsible for what, and how is clearly delineated within an organization’s IT change management practice.

That’s the purpose of the three main roles and responsibilities within the IT change management process: 

  • Requestor – What is the motivation behind, purpose, and expected outcome of an IT change management request? These are the details that the requestor must specify and communicate when making such a request.
  • Change oversight personnel – Specific staff members will be assigned to implementing the change request, ensuring that each step of the change management process is completed in a thorough and correct fashion. A change manager will usually have the final say on the approval of a change request, will review documentation, align the request with the IT calendar, and help minimize the risk of service disruption.
  • Change advisory board (CAB) – The CAB might include operations, business decision-makers, and IT security personnel. The board’s role is to advise change managers with regard to business alignment, customer impact, process review, and ongoing initiatives.

IT change management best practices

Regardless of the maturity of an organization’s ITSM, there are a few best practices that can help ensure more successful outcomes when changes become necessary.

  • Make change management a household name – Getting key stakeholders throughout the organization to understand the importance of change management is essential. It also takes considerable effort from all parties involved, especially for less mature organizations with limited IT change management processes in place.
  • Clearly define roles and responsibilities – This is essential. Between the requestor, change manager, and CAB, and depending on the scope of a change request, there can be many people involved in the change management process. Clearly identifying roles and responsibility is essential.
  • Build out and document a detailed change management process – The key here is to have a standardized and repeatable process so that organizations are well prepared to handle change requests large and small, urgent or long term, consistently and effectively.
  • Know how success will be measured – How many change requests are in the backlog? How many changes were implemented without proper authorization? How many incidents occurred? These are just a few IT change management KPIs that you can use to help measure success.
  • Systematize the process with change management software – More and more organizations are turning to IT change management software to help automate various aspects of the change management process. This can help make the process far more efficient by reducing human error, redundant work, and the time to resolution for any incidents that do arise.

 

Examples of common IT infrastructure changes

Generally speaking, IT infrastructure is comprised of an organization’s hardware, software, and network requirements. Within these three high-level areas, there are many situations that trigger changes to IT infrastructure, for example:

  • Rolling out regular updates to company-wide IT security software
  • Responding to an attempted external security breach
  • Addressing a server failure or outage
  • Making efficiency or productivity improvements to align with business initiatives

The list goes on. The fact is, even something as basic as installing new wireless printer/scanners throughout the office necessitates IT change management to be executed properly. How will you assess and address security concerns, for instance, such as connecting printers to the network and allowing direct access by employees? And who will be responsible for handling any incidents, such as network outages, low ink alerts, or even hardware failures? 

IT change management makes full account of every detail. 

The core IT change management process

Changes to IT infrastructure typically move through the change management process as follows: 

  1. Draft and create a change management request. 
  2. Assess viability, business impact, and priority. 
  3. Approve or disapprove the change request. 
  4. Plan and execute the implementation strategy. 
  5. Address changes as needed using a standardized proposal and change implementation procedure. 
  6. Review and close the change request.

Having laid the groundwork with an introduction to IT change management, we can now move on to the first step: The First Step in IT Change Management: The Drafting Phase.