Skip to main content

Journey to Implementation Change Management Process (Part 4)

Continue,

 In the previous article, discussed about flow change management process and the supporting elements to properly implement change management in initial phase. Furthermore, this article will focusing on the supporting document and what kind of the information that will be used as a legal document to ask permission to implement changes in the system.


Change Request Form (CRF)

As mentioned in previous article, every changes in the system should use CRF to get approval from related parties. Through this form, all changes in the system hopefully acknowledge, logged and traceable by internal. Next questions is what kind of the information should be define that form? In general, the form consist of 5 main section, they are:

  1. Document Header, this serve to define function of the form such as form name, form version, document owner, etc.
  2. Applicant Information, filled with document and application information such as document ID,  name of applicant, etc.
  3. Changes Information, fill  with detail of the changes. This should filled by the applicant.
  4. Changes Analysis, fill with analysis result of changes by IT Changes Unit.
  5. Column Signature, this to log signature from related parties such as applicant, reviewer and Change Advisory Board (CAB).

Document Header.
It put at top of document and consist important information such as name of form, form template version, form owner, company logo, etc.

Applicant Information.
In applicant information, consist with:

  1. Document Number, the unique ID of document.
  2. Date of Document, filled with document creation date.
  3. Applicant Information, consist of name of applicant, department name, email and contact number (cellphone / extension number), etc.
Changes Information.
All the changes information detail write down in this section. It consist with:
  1. Changes Description, this explain changes description that will be implemented.
  2. Objectives Changes, contain kind of objectives will be achieve through the changes. This could consist of adding new component, enhancement, bug fix / patch, maintenance and database modification.
  3. Supporting Documents, this contain list of supporting document used as evidence that the changes already passed system development life cycle. This consist of project charter, BRD (Business Requirement Development), FSD (Functional Specification Document), Development document, SIT (System Integration Test) document, UAT (User Acceptance Document) document and others document.
  4. IT Resource Type, define IT resource type such as hardware, software, or others.
  5. IT Resource Name, name of the IT resource you want to change such as hostname, application name, etc.
  6. Changes Category, this changes are minor / major changes. 
  7. Changes Type, this classification changes type such as normal, and emergency. Normal if there's no urgency and emergency if change is urgent to implement.
  8. Implementation Date, filled with a proposed date.
  9. List of Impacted Applications, consist list of application which impacted by this changes.
  10. Downtime Period, filled with a downtime period. Options are no downtime and period of downtime if necessary.
  11. Disaster Recovery Deployment, if this changes need to be deploy at Disaster Recovery Site. This option to ensure changes are applied to all IT resources which have the same function in other site.
Changes Analysis.
Still remember in the previous article that discuss about maker, checker, and approver? This part conduct by checker. The person who in-charge to ensure all changes meet their objectives without causing negative impact to the existing system. This part consist with:
  1. User Acceptance Testing (UAT) Phase, to ensure all the changes already tested and passed UAT phase.
  2. Review and Analysis Result, in this part the reviewer write down all the result related with the changes. He could analyst supporting document, interviewing the applicant and review the existing production system configuration to ensure changes could applied properly.
  3. Recommendation, based on review and analysis result then he make an recommendation of changes such as execute the change, reject or suspend the change until certain period. This recommendation will be considered by CAB to make a decision.
Column Signature.
This section objective is to obtain signature from related parties such as applicant, line manager, IT Changes personnel, and Change Advisory Board (CAB). In particular with CAB, it suggested to fill with person who sit in top management of IT. The position to be consider to include in CAB are:
  1. IT Changes Manager, as line manager of IT Change Unit.
  2. IT Operation Manager, the person who responsible to execute the changes.
  3. IT Developer Manager, the person who responsible to develop the systems.
  4. IT Security Manager, the person who responsible to securing the systems.
  5. CTO (Chief Technology Manager), the person who responsible for IT in the enterprise.
To be used as references, this is the example of CRF document that might be useful to be adopted in your enterprise.

Thank you for reading.
- EJ

Comments

Post a Comment

Popular posts from this blog

Konfigurasi Wazuh sebagai perangkat monitoring keamanan TI

Didalam dunia keamanan teknologi informasi, menggunakan  tools  yg powerful dan gratis merupakan satu hal yg sangat penting dalam membantu meningkatkan visibilitas keamanan. Salah satu tools  tersebut adalah Wazuh . Bagi pakar keamanan yg sudah cukup lama berkecimpung didalam dunia keamanan teknologi informasi, tools Wazuh tidaklah asing. Malah mungkin sudah menjadi salah satu tools  wajib yg harus dimiliki dalam aktifitas pengamanan aset teknologi informasi.
Post a Comment
Read more

Securing Your Password To Protect Your Data

Background Someday when I joint in an open discussion with a group of friends, I asked them the question about how often they are change their bank account PIN. I asked them in certain period start from 1 months, a quarter then in 1 year, less than 3 person raise their hands. Then I asked them again about did they already change their bank account PIN since they open their account for the first time. Parallel with previous question, less than 3 person raise their hands. Surprisingly that's the fact!
Post a Comment
Read more