Continue,
In the last article, already discuss about the advantages of using Service Catalogue and CMDB in change management process. To remind, both of them are use to record all services used in the enterprise and to define which CI (Configuration Items) used to support existing services. For this article, it will be focusing to discuss process and the supporting element which required to apply change management in the enterprise.
In the last article, already discuss about the advantages of using Service Catalogue and CMDB in change management process. To remind, both of them are use to record all services used in the enterprise and to define which CI (Configuration Items) used to support existing services. For this article, it will be focusing to discuss process and the supporting element which required to apply change management in the enterprise.
The Process
For initial implementation, change management will need 4 process to be involve which is:
- Request, define for applicant to submit changes request.
- Review, define to review changes request that have been submitted.
- Approval, define to approve / reject changes request that have been submitted.
- Implementation, define to implement changes request that have been approved.
Every changes implemented because there is a request. That request came from the applicant. He use Change Request Form (CRF) as a ticket to request changes. What is the CRF? Is a legal document used to make adjustment to the system. The applicant will write down all the information needed based on CRF document.
Review Process.
After the applicant write down the CRF document, then it will be review by internal personnel to ensure that changes could be implemented and mainly wont cause negative impact to the enterprise business activity. The internal personnel will make an analysis and attach the result with CRF.
Approval Process.
This is the next process after review completely perform. The CRF and the analysis document forward to Change Advisory Board (CAB) to ask approval. Do they approve the changes / maybe reject the changes. It's all depend on the CAB decision. What is CAB? Its a group of persons who have an authority to approve change request. Usually, this group consists of the persons in top management of IT and/or related business users.
Implementation Process.
After the CAB approve the changes, next step is to implement the changes in the system. Usually, it execution conduct by personnel who in-charge in daily operations. He / she will follow the written instruction in CRF document. Next, he / she should validate the implementation whether success / failed. If failed, then person in-charge should perform rollback action to restore system into previous state. If success, then the new system state created. Put in mind, whether success / failed all the changes should be noted in CMDB and informed to all stakeholder.
The Authorization
To ensure all the changes had been validated well, it need to passed a proper authorization process. The solution is using maker, checker and approver mechanism. This also establish Segregation of Duties (SOD) between person in-charge. A person who role as checker shouldn't have a role as maker / vice versa. Or a person who role as approver shouldn't have a role as maker. This mechanism will properly running if there are minimum 3 person in-charge. But if less than 3, there should be a mitigation control to prevent / detect violation occur during the change management process. Here are the brief explanation regarding to the mechanism:
- Maker, the person(s) who responsibile to make a CRF documentation / the applicant.
- Checker, the person(s) who responsible to review and analyst CRF documentation / the reviewer.
- Approver, the group of person who responsible to approve / reject the CRF activity / the CAB.
Change Management Flowchart
That's for this article.
Thank you for reading.
- EJ