ITIL Change Management And The Smaller Business
September 22, 2008
The first post on ITIL Change Management is located here.
The official ITIL definition of the Change Management process is;
“..the addition, modification, or removal of approved, supported or baselined hardware, network, software application, environment ….”
At its simplest; Change Management is the balance between the need for a change & the impact, or possible impact on your organization.
For a smaller business, you do not need complex software, a Change Log template in something like Microsoft Word will do.
The important point is that it must be managed, and it must be updated.
Managed – The Warning!
By managed, I mean that You; the small business owner or manager must be part of the IT conversation with your IT provider.
In a smaller organization you may not need a formalized change board, but without you being part of the IT conversation, it will fail.
Ideally all changes should be discussed in advance (you do meet with your IT provider weekly right?) In this discussion the following questions should be asked;
– What Changes are coming?
– Why is the change required?
– Has the existing configuration been reviewed?
– What is the risk & impact, low, medium, high?
– what is the plan B?
This is also the opportunity to verify times and possible schedule conflicts with the change.
Trust, But Verify
For your next meeting, initially you may want the change log brought to you. Later on, random audit checks may suffice. But it is critical that the changes are documented. At a minimum, it will be your change log, and if there was a modification to an existing CI, (Configuration Item, my first post on ITIL is here) the CMDB or configuration management database (or in a small business,configuration document) must be updated.
Lets tie this up with the example I used previously where IT technician number two reversed some device changes that were necessary to allow email to work with your mobile devices.
– With technician number 1, The change, impact and urgency is discussed
– existing configuration is reviewed
– change to device(s) is made
– change logs and device configuration documents are updated
Lets assume that technician number 2, that reversed it, made an unauthorized change.
Your documentation allows the mistake to be rectified quickly. But this is where your management comes in; unauthorized changes are not to be permitted.
If technician umber 2 was following the process, when the existing configuration document was reviewed, the change and its purpose would be clear.
UPDATE: Change Management for the alrger SME is here.
You can subscribe to this blog by clicking the RSS icon onthe Home Page!