The Basics of IT Change Management Policy

Information Technology Change Management Policy (CMP) also known as Change Control is a critical process for all businesses that use IT and is often over looked, and sometimes completely forgotten. Big or small, regulated or not, on premise or in the cloud, all businesses should implement and most importantly, follow a CMP policy. Surprisingly, we find that many companies feel CMP only applies to large or publically traded organizations or industries such as Life Sciences, Healthcare, Financial, etc. Of course this line of thinking makes sense because these types of organizations are heavily regulated, constantly audited and a Change Management Policy is mandatory due to the nature of their business. However, once CMP is explained it becomes easy to see the benefits for even the smallest of companies.

The goal of developing a change management policy is to mitigate the risk that any change to a business’ Information Technology environment will have an adverse effect. Some of the more common risks to focus on are internal communications to the business units (i.e. no surprises), application and infrastructure functionality, system availability and security. It also provides an audit trail of all changes which can be very useful for troubleshooting purposes and internal or external auditing.

At a very high level here are the basic steps in developing and following a CMP:

  1. Developing a Request for Change (RFC) – Typically a change request is initiated due to an issue within the information system environment. This could be anything from an application error to degraded system performance. The business units can also drive change that can require modifications to the functionality of an application or initiating a new business program or just to stay current with new regulations.
  1. Change Review Deny / Acceptance – This is first approve / deny process as the request for change is reviewed by the different business units and the IT team. They identify risks associated to the change such as feasibility, cost, timing, and impact.
  1. Development and Testing – Typically driven by the IT department and tested by the user community. During this phase adjustments may be made to reduce risk or optimize the effects of the change.   If significant modifications are required due to test results they should be reported to the team (step 2) and re-approved.
  1. Final Approval – Larger companies create a Change Advisory Board (CAB) for final review of a requested change. This group is typically made up of different department managers within the company. This group provides the final review of the change to ensure all risks have been identified and reasonably mitigated. This typically is not feasible for smaller companies and the CAB might be the same group mention in step 2.

If the change is denied by during this step reasons will be listed and the source of the original request may be able to address the issues listed for denial and resubmit and start the entire process over again.

  1. Implement the change into production – Once approved, the change will be scheduled, and implemented and documented according to plan.
  1. Document and report the results – The implementation process will be documented and the results reported back to the CAB or for smaller companies back to the group defined in step 2. All documentation and results should be stored for easy reference and future audits.

I know this sounds complicated and can be depending on the complexity of the change. However most changes are not that dramatic and the CMP makes it easy to follow. Regardless of complexity, the benefits are worth the effort. Here are just a few benefits of implementing and following a CMP:

Mitigating Risk to Business Productivity, Ensuring Internal Company Communication, Improved End User / Customer satisfaction, Fundamental IT Controls Compliance, and Reduced Outages.

If you have not implemented a change management policy yet, give it try. It’s easier than you think.

By |August 18th, 2016|Managed Services|Comments Off on The Basics of IT Change Management Policy

Contact Us

Outer Edge Technology
485 Devon Park Drive, Suite 102
Wayne PA 19087
Phone: (866) 979-9605
Email: info@outeredge.biz

Speak With a Business IT Expert Today

Call us at (866) 979-9605 or simply fill out the form below and we'll contact you shortly!

Your choice regarding cookies on this site

This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.