Skip to main content

Journey to Implementation Change Management Process (Part 5)

Continue,

In the previous article, discussion focus on CRF (Change Request Form). How it's part in change management process, what component should be included in CRF, and related person in-charge should be included. In this article will focusing on what should be used to implementing changes in production environment.

Implementation Plan

 To get approval / permission implementation changes in environment production, applicant can use CRF form to ensure related parties knowing it. Furthermore, it will need another activity to implement the changes. The changes should be executed. The executor need the implementation plan document. They will use that document as a guideline which contain step by step how to actualize the changes.

This document ought to be completed and attach with CRF then ask for approval to CAB (Changes Advisory Board). Who is the person should be completed this document? The person who is responsible to develop the changes. Its better not the one who execute the changes, because there wouldn't be dual control process and might will be occur conflict of interest.

The implementation plan should include at least:


    1. Document Header, this serve to define function of the form such as form name, form version, document owner, etc.
    2. Column Signature, this to log signature from related parties such as applicant, reviewer and Change Advisory Board (CAB).
    3. Prerequisite,  what kind of prerequisite should be fulfill in order to support implementation activity goes well.
    4. Application Diagram / Network Topology, capture existing and future application diagram / network topology.
    5. List of IT Resources, consist list of IT resources which are involved in the changes.
    6. Implementation Steps, consist detail step by step how to execute the changes.
    7. Rollback Steps, consist detail step by step how to rollback the changes in case implementation result not achieve.
    8. Contact Person, consist detail person in charge in the implementation.
    9. Production Verification Test (PVT), used to verify changes objective already achieve.
    Document Header.
    It put at top of document and consist important information such as name of form, form template version, form owner, company logo, etc.

    Column Signature.
    This section objective is to obtain signature from related parties such as applicant, line manager, IT Changes personnel, and Change Advisory Board (CAB). In particular with CAB, it suggested to fill with person who sit in top management of IT. The position to be consider to include in CAB are:
    1. Application Owner, representative the application.
    2. IT Changes Manager, as line manager of IT Change Unit.
    3. IT Operation Manager, the person who responsible to execute the changes.
    4. IT Developer Manager, the person who responsible to develop the systems.
    5. IT Security Manager, the person who responsible to securing the systems.
    6. CTO (Chief Technology Manager), the person who responsible for IT in the enterprise.
    Prerequisite.
    To ensure implementation activity properly executed, there might be a prerequisite activity should be executed first. This section divide into 2 part, there are:
    1. Data Migration, used if the changes need to perform data migration into existing application. In  this section capturing the information such as database name, database table, data criteria, and additional information.
    2. Parameter Changes, used if changes need to perform changes in application parameter. This section capturing the information such as hostname of IT resources, location file, parameter name, old value, new value, and additional information.
    Application Diagram / Network Topology.
    In this section, should be capture existing and future application diagram / network topology. Future means after changes applied. Simply, in the other word such as before (existing) and after (future) changes.

    List of IT Resources.
    This part to listing all IT resources which are involved in the changes, such as hostname, ip address, application name, etc.

    Implementation Steps.
    As mention before, step by step of execution translated in this section. To ensure it executed properly, then it should capture information such as:
    1. Task, name of task.
    2. Task Dependencies, dependency existing task to another task. If this fill, then this task couldn't executed before previous task completed. 
    3. Reference, this refer to prerequisite section.
    4. Hostname, this fill by hostname which task is executed.
    5. Duration, this fill by estimation duration / period which task is executed.
    6. Downtime Period, this fill by estimation downtime period will be needed to execute the task.
    7. PIC, this fill by person in-charge should be executed the task. 
    Rollback Steps.
    This section use as assurance system state back to previous version before changes applied in the current environment. When change objectives not achieve / something wrong happened, the executor should executed this immediately. Generally, all information capture in rollback steps identical with in implementation steps.

    Contact Person.
    The list of person in-charge should be define and acknowledge by related parties. This section should cover information such as name, email, and phone number.

    Production Verification Test (PVT)
    After the changes already implemented, there's an activity to verify the objectives already achieve which is through Production Verification Test (PVT). This activity should capture information such as:
    1. Activities, define activities should be perform to verify the changes.
    2. Expected Result, define expected result should be achieve.
    3. Actual Result, fill with actual resulting.
    As reference, this is the example of implementation plan documentation that might be useful to be used in your enterprise.

    Thank you for reading,
    - EJ

    Comments

    Post a Comment

    Popular posts from this blog

    Konfigurasi Wazuh sebagai perangkat monitoring keamanan TI

    Didalam dunia keamanan teknologi informasi, menggunakan  tools  yg powerful dan gratis merupakan satu hal yg sangat penting dalam membantu meningkatkan visibilitas keamanan. Salah satu tools  tersebut adalah Wazuh . Bagi pakar keamanan yg sudah cukup lama berkecimpung didalam dunia keamanan teknologi informasi, tools Wazuh tidaklah asing. Malah mungkin sudah menjadi salah satu tools  wajib yg harus dimiliki dalam aktifitas pengamanan aset teknologi informasi.
    Post a Comment
    Read more

    Securing Your Password To Protect Your Data

    Background Someday when I joint in an open discussion with a group of friends, I asked them the question about how often they are change their bank account PIN. I asked them in certain period start from 1 months, a quarter then in 1 year, less than 3 person raise their hands. Then I asked them again about did they already change their bank account PIN since they open their account for the first time. Parallel with previous question, less than 3 person raise their hands. Surprisingly that's the fact!
    Post a Comment
    Read more