Professional Documents
Culture Documents
IBM Global Change Management Process 15-OCT-2018 v3.2
IBM Global Change Management Process 15-OCT-2018 v3.2
Global
Change Management
Process
Table of Contents
1 Document Control ............................................................................................................................... 4
1.1 Summary of Changes ............................................................................................................... 4
1.2 Document Approvers ................................................................................................................ 5
1.3 Document Review Plans .......................................................................................................... 5
1.4 How to Find the Latest Revision of this Document................................................................... 6
1.5 Document Distribution and Notification .................................................................................... 6
2 Description & Client Value ................................................................................................................. 7
2.1 Summary .................................................................................................................................. 7
2.1.1 Overview ................................................................................................................................... 7
2.1.2 Objectives ................................................................................................................................. 7
2.2 Client Value .............................................................................................................................. 8
2.2.1 Performance / Quality ............................................................................................................... 8
2.2.2 Expertise and Innovation .......................................................................................................... 8
2.2.3 Adaptability & Flexibility ............................................................................................................ 8
2.2.4 Risk Management ..................................................................................................................... 8
2.2.5 Financial ................................................................................................................................... 8
3 Scope .................................................................................................................................................... 9
3.1 Inclusions .................................................................................................................................. 9
3.2 Exclusions ................................................................................................................................. 9
3.3 Multi-Provider Integration ....................................................................................................... 10
3.4 Environment and Audience .................................................................................................... 10
4 Roles and Responsibilities .............................................................................................................. 11
4.1 Customer Liaison .................................................................................................................... 11
4.2 Change Analyst ...................................................................................................................... 11
4.3 Change Manager .................................................................................................................... 13
4.4 Integrated Service Manager ................................................................................................... 14
4.5 Change Assessor ................................................................................................................... 15
4.6 Change Advisory Board Member ........................................................................................... 15
4.7 Emergency Change Advisory Board Member ........................................................................ 16
4.8 Change Authority .................................................................................................................... 16
4.9 Separation of Duties Aggregate Matrix .................................................................................. 16
5 Workflow Diagram Notation ............................................................................................................. 17
6 Activity Workflow .............................................................................................................................. 18
6.1 Activity Workflow Diagram ...................................................................................................... 18
6.2 Activity Workflow Narrative ..................................................................................................... 18
7 Task Workflow for Review Request For Change (RFC) ................................................................ 20
7.1 Task Workflow Diagram ......................................................................................................... 20
7.2 Task Workflow Narrative ........................................................................................................ 20
8 Task Workflow for Document and Assess Change ....................................................................... 27
8.1 Task Workflow Diagram ......................................................................................................... 27
8.2 Task Workflow Narrative ........................................................................................................ 27
9 Task Workflow for Coordinate Change Build & Test..................................................................... 37
9.1 Task Workflow Diagram ......................................................................................................... 37
9.2 Task Workflow Narrative ........................................................................................................ 37
10 Task Workflow for Authorize Change .......................................................................................... 41
10.1 Task Workflow Diagram ......................................................................................................... 41
10.2 Task Workflow Narrative ........................................................................................................ 41
11 Task Workflow for Coordinate Change Deployment .................................................................. 51
11.1 Task Workflow Diagram ......................................................................................................... 51
11.2 Task Workflow Narrative ........................................................................................................ 51
12 Task Workflow for Review and Close Change ............................................................................ 54
1 Document Control
2.0 2015-Aug-17 Jabe Hickey Initial pRAM Release Prior versions were stored in
ITUP
2.01 2016-Mar-04 Brett Singletary Updated with recommendations from BCR
Revision
Number Revision Date Author or Editor Nature of Change
3.2 2018-Oct-10 Sebastian Blanco Man- Updated 16.1 Control Points to include man-
ley datory metrics.
Updated verbiage on 16.2 to clarify distinction
between mandatory and recommended met-
rics
Added a new section under Scope, 3.3 Multi-
Service Provider Integration and 15 Service
Provider Integration Data flow
Removed the Integrated Service Manager role
from activities:
o 1.5 Reject RFC
o 2.2 Request Change Implementation
Window
o 2.4 Schedule Change
Included GTS Service Provider Integration
Policy on missing activities
Updated text on section 3.3 Multi-Provider In-
tegration
Updated table on 15.3 Integration Narrative to
show Criteria instead of When/Why
Added section 15.1 Integration Roles and Re-
sponsibilities. Added Service Provider Process
Focal role
2.1 Summary
2.1.1 Overview
The purpose of the Change Management process is to achieve the controlled and successful introduction
of changes to an IT system or environment. Success is measured in function of the completeness of
change implementation, the adherence to the plan (in terms of time, effort, result), and the avoidance of
unplanned disruptions to the target system or environment. The process also ensures that the appropriate
details of Configuration Item changes are reflected in the Configuration Management System by the re-
sponsible process.
A Change is defined as the addition, modification or removal of any Configuration Item (CI). This typically
includes hardware, network devices, and virtual assets such as virtual servers or storage, system and
application software, environmental facilities and associated documentation.
This includes also logical changes to CI status, for example changing the CI status of a CI that already
has been physically installed (i.e. service activation).
A Request for Change (RFC), for which Change Request is an established synonym, is the means for
documenting a proposed change. RFC’s can be triggered for a wide variety of reasons, from a wide varie-
ty of sources. Reasons could be, but are not limited to:
Addition of a new function (e.g. install application)
Updating an existing function (e.g. new application version)
Capacity increase (e.g. add disk space)
Security update (e.g. implement security patch)
Incident resolution (e.g. replace malfunctioning part)
Problem resolution (e.g. change communication settings)
Scheduled reboot of a server to resolve an incident
Service activation and deactivation (decommissioning)
The actual change activity is documented by means of a Change Record. The Change Record refer-
ences the Configuration Items that are being modified by the change and is created once the RFC has
been reviewed and accepted by Change Management.
Depending on the situation, a reboot of a server requires change management control. If a change is re-
quired it must be determined when the incident resolution approach is made (Incident Management).
Global processes provide the primary requirements for execution teams. However, Client Management
must also source any customer specific contractual requirements that may require a process variation
(typically additional actions or requirements) or a process exception (if a global process control point can-
not be deployed) to be created.
2.1.2 Objectives
This section lists the Process Objectives, which are specific targets to be hit by the process. The objec-
tives of this process are listed below:
Ensure Changes are introduced in a timely and controlled manner
Ensure proposed Changes are not approved nor introduced without an accurate assess-
ment of their costs, availability of service, risk, and other effects
Minimize Incidents resulting from the introduction of Changes
Improve Service quality
Ensure appropriate balance is maintained between the business need to deploy innova-
tion and the need to maintain the stability of IT service
2.2.5 Financial
None
3 Scope
The scope of the process is defined by a series of activities and tasks outline within this document. They
cover the lifecycle of the Change Management process end-to-end.The process is triggered by a RFC
(Request for Change) that may be originated from other processes.
Additionally, the scope is also defined by the following inclusions and exclusions, and applies in the speci-
fied environment and has the intended audience as specified below:
3.1 Inclusions
Planning, coordination and communications for Normal, Standard and Emergency
changes
Establishing customer-agreed recurring Change Windows and proposing one-time only
time-frames during which to deploy changes
Maintaining the Forward Schedule of Change (FSC)
Enforcement of standard methods, policies and procedures from submission of a Re-
quest for Change through Review & Close Change
Establishing regular meetings and communication schedules to evaluate proposed
changes and schedules
Coordination of the deployment of authorized changes
Maintenance of open channels of communications to promote smooth transition when
changes take place
Identifying and analyzing change failures
Visibility and communication of changes to both business and support staff
Global processes provide the primary guidance for execution teams. However, the Customer Security
Document (CSD) documents additional requirements and specific contractual obligations. It is important
that the CSD is checked to determine whether a process variation or exception is required.
Consult governing policy and/or customer requirements from Client Management for consideration of lo-
cal regulatory and customer specific requirements on privacy restrictions including, additional approval
requirements for access to sensitive personal information (SPI) and for obtaining required credentials,
such as certifications and/or security clearance, on-boarding restrictions, access restrictions, etc.
3.2 Exclusions
Creating and recording Requests for Change (originating process)
Verifying requestor's entitlement to request changes and whether request is in scope of
contract/budget (Request Fulfillment)
Costing/Billing for new services (Request For Service process)
Requirements Management (Request For Service process)
Creation of new or revised functionality (Request For Service process)
User ID changes and administration (Logical Identity and Access Management)
Building the packaging for the delivery of new or revised functionality (Release Manage-
ment)
Technical implementation, such as preparation, installation, distribution and remedia-
tion/back out if necessary (Deployment Management)
Updating CI data (Configuration Management)
Updating asset data (Asset Management)
Performing Root-Cause-Analysis for failed changes and tracking actions against recur-
rence (Problem Management)
Responsibilities include, but are not limited to, those listed for each role
Roles are meant as logical groupings of tasks. They are not intended to match any particular
organizational structures or formal functional roles
Several roles may be performed by the same individual
A role may be split up among several individuals
The Change Analyst is accountable and has the responsibility for documenting, updating
and completing a Change from assignment to re-assignment/closure
The Change Analyst is accountable and responsible to invoke other processes (i.e. de-
ployment management) and engage other Change Analysts/support groups to perform
parallel activities, as required
The accountability for the coordination of the change activities between multiple Change
Analyst/support groups is that of the Change Analyst
Preparing list of successful and failed changes closed for review at CAB meeting
Preparing the CAB meeting, including inviting of participants, creating of agenda, creation
and circulation of Forward Schedule of Change and Projected Service Outage (PSO) - as
applicable
Chairing the Change Advisory Board (CAB) and Emergency Change Advisory Board
(ECAB) meetings
Ensuring all applicable changes on the Forward Schedule of Change are reviewed
Ensuring that authorized changes are communicated in a timely manner
Owning and maintaining the Standard Changes List
Generating process-related reports and communicating them to subscribed stakeholders
Assisting in overseeing current status of change records and tracking progress
Assisting in notifying stakeholders when action from them is needed and tracking action
completion
Assisting in applying escalation procedures when action item status requires it
6 Activity Workflow
Processes are described at two (2) levels; a) Activity, and b) Task. The Activity Workflow diagram and
associated narrative are an articulation of the overall (end-to-end) process. Each activity in the Activity
Workflow decomposes into a Task Workflow. A Task Workflow is an articulation of the overall (end-to-
end) work performed for the associated Activity. Process Activities and Tasks are focused on the “What”
is done level of description. The “How” level of description is not appropriate for processes, and is the
main focus of procedures.
Change Deployment
ID Description
ID Description
1.3 Obtain
Yes Additional
Information
No
CHG 2.0
Originating Process
Role ID Description
Outputs:
a) Process Interdependencies
Third Party Supplier
b) Operative & Informative Information
None
Policies
Policy - Change Accountability Policy
Policy – GTS Service Provider Integration
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Policies
Policy – Request for Change Details
Role ID Description
Policies
None
Role ID Description
Outputs:
a) Process Interdependencies
Release Management
b) Operative & Informative Information
Standard Change Record
Normal Change Record
Emergency Change
Policies
Policy - Change Record Logging
Policy - Change Notification
Policy - Change Type
Policy - Standard Change
Policy - Change Risk and Lead Time
Role ID Description
Policies
Policy - GTS Service Provider Integration Policy
Role ID Description
For Emergency change: process controls are not sacrificed. The process model
for this change type is optimized to be fast enough and yet ensure the appropriate
extent of activities.
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Policies
Policy – Change Type
Role ID Description
Outputs:
a) Process Interdependencies
Incident Management
Problem Management
Request Fulfillment
b) Operative & Informative Information
None
Policies
Policy - Change Record Logging
Release
Management CHG 5.0
Deploy Standard
2.1 Perform Management
Preliminary 2.4 Schedule 2.7 Engage
Change Analyst
Start Normal No
Assessment & Change Customer Liason
Create Change Plan
2.3 Which 2.5 Change 2.6 Meets
Process to CHG 3.0
Type? Customer Data?
provide Emergency Yes
Window?
Signed-Off
2.9 Assign Change 2.12 Receive &
2.10 Submit CR for
Assessor & Document
Assessment
Authority Assessment
2.13 Proceed
Based on
Assessments
Reassess
2.11 Perform
Assessor
Change
Change
Assessment(s)
CHGCP3
Customer
Liaison
2.8 Obtain
Agreement on
Schedule
Reschedule
from CHG 2.7
Reschedule
from CHG 4.10
Role ID Description
Role ID Description
Change Ana- 2.1 Perform Preliminary Assessment & Create Change Plan
lyst Based on the information provided in the RFC, confirm the urgency of the
change. Assess the impact and failure probability of the change and assign the
change risk from it. Update the priority of the change, which is comprised of im-
pact and urgency. Change type, change risk and change priority define the spe-
cific process model to be followed, which affects the route through the process
and the level of detail the process activities are performed. Therefore, each sub-
sequent assessment will review the impact, failure probability and priority.
Create and record the Change Plan. Seek collaboration from other roles as
needed. The Change Plan is key information to be reviewed by the various
Change Assessor stakeholders during assessment.
Record any target change delivery window (due date) if specified by the Reques-
tor.
Based on the Change Plan, create change implementation tasks for the change
and assign them to the appropriate support groups.
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Standard CR
Normal CR
Emergency change
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Policies
Policy - Standard Change
Policy - Change Priority
Policy - Change Risk and Lead Time
Policy - Change Window
Policy - Change Plan
Policy - Change Type
Role ID Description
Role ID Description
Policies
Policy – Change Type
Policy – Change Risk and Lead Time
Policy – Change Window
Policy – Change Schedule Conflicts/Rescheduling
Policy – Change Escalation
Policy – Change Schedule Constraints Notification
Policy – GTS Service Provider Integration
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Policies
Policy - Change Window
Policy - Change Schedule Constraints Notification
Role ID Description
Outputs:
a) Process Interdependencies
Deployment Management
Release Management
b) Operative & Informative Information
None
Policies
Policy - Change Notification
Policy - Change Escalation
Policy - Change Schedule Constraints Notification
Policies
None
Role ID Description
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Updated CR
Policies
Policy – Change Assessment
Policy Change Authorization
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Policies
Policy - Change Escalation
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Notification to Perform Assessment
Change Record
CMDB Information
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Notification of Completed Assessment
CR Updated with Assessment Results
Policies
Policy – Change Assessment
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Notification of Completed Assessments
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Updated Normal CR
Policies
Policy - Change Assessment
Policy - Change Escalation
Policy – GTS Service Provider Integration
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Policies
Policy - Change Schedule Conflicts/Rescheduling
Policy - Change Assessment
Policy - Change Authorization
No Yes
3.4 Test Successful &
on Scheduled?
No
CHG 2.2
Role ID Description
Role ID Description
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Normal CR (tested)
Emergency Change (tested)
Policies
Policy – Change Testing
Policy – Change Escalation
Role ID Description
Outputs:
a) Process Interdependencies:
Release Management
b) Operative & Informative Information
Notification of release test completion status
Change incorporated into release package(built & tested)
Policies
Policy – Change Notification
Role ID Description
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Request for Authorization to Change Authority
Notification to Change Manager or delegate if required (if Emergency
Change)
Policies
Policy - Change Risk and Lead Time
Policy - Change Authorization
Policy - Change Advisory Board Meetings
Policy - Change Notification Policy
Start No No
Change Manager
4.1 Emergency
Change? 4.4 CAB Review
Required?
Yes Yes
Yes
Change Authority
Yes No
Required?
Yes
End
4.14 Notify
Stakeholders of
Rescheduling
CHG 2.2
The Task Workflow Narrative, which accompanies the Task Workflow Diagram, is a textual articulation of
an end-to-end Activity of the process.
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Triggers
Notification from Change Analyst
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Policies
Policy - Change Advisory Board Meetings
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Policies
Policy - Change Advisory Board Meetings
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
New Scheduled Change
Change Records
Availability Plan / SLAs
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
FSC (Forward Schedule of Changes)
Policies
Policy – Change Schedule Conflicts/Rescheduling
Policy – Change Advisory Board Meetings
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
FSC (Forward Schedule of Changes)
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
CAB Agenda & Information
Notification to Invitees
Failed change list
Policies
Policy – Change Escalation
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Scheduled CABCAB Agenda & Information
FSC
Failed Change list
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Policies
Policy - Change Advisory Board Meetings
Role ID Description
Outputs:
a) Process Interdependencies
Problem Management
b) Operative & Informative Information
CAB Statement of Advice
Optional: Failed Change RCA Requests to Problem Management
Optional: Action Item Recommendations to Problem Management
Policies
Policy – Change Advisory Board Meetings
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Request for Authorization to Change Authority
Change Record
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
CR (Authorized, Rejected or Cancelled)
Notification to Change Analyst
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Policies
Policy – Change Authorization
Policy – Change Separation of Duties
Policy – GTS Service Provider Integration
Role ID Description
Policies
Policy - Change Notification
Policy – GTS Service Provider Integration
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Notification of cancelled change
Policies
Policy – Change Notification
Policy – GTS Service Provider Integration
Role ID Description
Role ID Description
Outputs:
a) Process Interdependencies
Deployment Management
b) Operative & Informative Information
Submitted deployment request
Policies
None
Policies
None
Role ID Description
Inputs:
a) Process Interdependencies
Deployment Management
b) Operative & Informative Information
Notification from Deployment Management
Updated Normal/Standard CR with completion status and validation result
Completion status and validation result for Emergency Change
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
None
Policies
Policy - Change Notification
Policy - Change Validation and Completion
Role ID Description
Role ID Description
Inputs:
a) Process Interdependencies
Deployment Management
b) Operative & Informative Information
Notification from Deployment Management
Updated Normal/Standard CR with completion status and validation result
Completion status and validation result for Emergency Change
Outputs:
a) Process Interdependencies
Incident Management
Problem Management
b) Operative & Informative Information
Change outcome information
Policies
Policy – Change Review and Closure
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Change outcome information
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
CR with outcome documentation / closure code
Policies
Policy – Change Authorization
Policy – Change Review and Closure
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Change Record with closure code
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Change Record closed
Policies
None
No
7.12 Communicate
No No
and Close Request
Service Level
7.9 Candidate for Management
Standard Report?
Role ID Description
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Calendar
Change Records
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Change Records of interest
Policies
Policy – Change Escalation
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Change records of interest
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Change Issues Information
Policies
Policy – Change Priority
Policy – Change Escalation
Policy – GTS Service Provider Integration
Role ID Description
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Updated CR (Action Item Detail)
Policies
Policy – Change Escalation
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Updated CR (Action Item Detail)
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Notification of Action
Policies
None
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Report Request
New Report Design
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Standard Report
Policies
None
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Calendar
Report Request
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Report Communication
Policies
None
Proceed to End
Role ID Description
Output:
a) Process Dependencies
Service Level Management
b) Operative & Informative Information
Communication to requestor
Policies
None
Role ID Description
Role ID Description
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Standard Change Update Request
Failed Standard Change
Standard Changes List
Standard Change Record
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Reviewed new or updated standard change request
Policies
Policy – Standard Change
Role ID Description
For removals update the Standard Change List to indicate the removal of the
Standard Change.
Inputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Reviewed new or updated standard change request
Outputs:
a) Process Interdependencies
None
b) Operative & Informative Information
Updated Standard Changes List
Policies
Policy – Standard Change
Policy – Change Separation of Duties
END
Responsibilities include, but are not limited to, those listed for each role
Roles are meant as logical groupings of tasks. They are not intended to match specific
organizational structures or formal job roles
Several roles may be performed by the same individual
A role may be split up among several individuals
The Integration Workflow Diagram is a visual articulation of the interfaces between the GTS
global process activities and the service provider process activities. It includes:
A reference line of the process activities subject to integration
Swim lanes representing the process roles receiving or sending process data
from or to the Service provider focal
An I/O swim lane for data input and data output associated with each pro-
cess activity in relation with the service provider process.
is impacting the
Service Provider
A Service Provider
change is impacting
GTS
2.0 Document and Output Change Analyst / SP Process focal Output
assess change - Integrated Service ▪ Scheduled
2.4 Schedule Manager / Change
Change Change Manager Criteria
▪ Once change
window has been
agreed to
Input SP Process focal Integrated Service Input
Manager /
▪ Scheduled
Change Manager
Change
Criteria
Once change win-
dow has been
agreed to
2.0 Document and Output Change Analyst / SP Process focal Output
assess change – Integrated Service
▪ Completed as-
2.12 Receive and Manager
sessments
Document
Criteria
Assessment
Results Deliver assessment
results (tech-
nical/business)
Input SP Process focal Integrated Service Input
Manager /
▪ Completed as-
Change Analyst
sessments
Criteria
Receive assess-
ment results (tech-
nical/business)
4.0 Authorize Input SP Process focal Change Analyst Input
Change - 4.9
▪ Change author-
authorize or
ization / rejection
Reject Change
Criteria
▪ A Service Pro-
vider is impacted by
the GTS change
▪ A Service Pro-
vider is an actor of
the GTS change
A service provider
has submitted an
accepted change
4.0 Authorize Output Change Analyst SP Process focal Output
Change - 4.14
▪ Email, chat
Notify and/or any other
CHG Change Rec- Risk: Need to ensure an au- Compliance Preventive CH02 - # Closed
CP1 ord Logging thorized change record is Changes
available before a change is
executed, Customer Sat,
Contractual requirement.
Description: Ensuring
Changes are accurately
Recorded as defined by the
Change Record Logging Pol-
icy
Role: Change Analyst
Evidence: Change record
CHG Change Priori- Risk: Change categorization Compliance Preventive CH02 - # Closed
CP2 tization (Im- required to meet time frame, Changes
pact and Ur- Customer Sat, wrong
gency factors) timeframes, System outage,
Financial Penalty.
Description: Ensure Change
is installed per prioritized def-
inition.
Role: Change Analyst
Evidence: Change Record
CHG Change Risk Risk: Change categorization Compliance Preventive CH02 - # Closed
CP3 Categorization required to meet time frame, Changes
(impact and Customer Sat, wrong
failure proba- timeframes, System outage,
bility factors) Financial Penalty.
Description: Ensure Change
risk based on impact and
failure probability is docu-
mented.
Role: Change Analyst
Evidence: Change Record
CHG Appropriate Risk: Customer Sat, wrong Compliance Preventive CH04 - % Unau-
CP4 Change Au- timeframes, System outage, thorized Changes
thorization Financial Penalty.
CH01 - % Failed
Description: Ensure Change Changes
has the correct authorization
prior to implementation.
Role: Change Analyst
Evidence: Change Record
CHG Timely Risk: Customer Sat, possible Compliance Detective CP02 - # Closed
CP5 Change Clo- rework due to not knowing Changes
sure the issue is closed. Would
not stop the business if not
closed timely, other control.
Description: Ensure Change
record is closed with proper
closure information within
required timeframe.
Role: Change Analyst
Evidence: Change Record
16.2 Measurements
Measurement is a collection of data showing a trend (Do) toward an objective regularly updated (Plan)
and associated with a feedback loop (Check) for an action (Act).
Input metrics (examples: preventive, anticipate impact on final results)
Operational metrics (examples: preventive, operations monitoring, anticipate impacts on final results)
Output metrics (examples: final results, after the facts, usually some are selected as KPIs)
Note: Any measurements not specifically listed in 16.1 are considered to be optional, however highly rec-
ommended to track. These are designed to support efficient management of the process.
16.2.2 KPIs
A metric that is used to help manage a process, IT service or activity.
17 Process Interdependencies
This section contains the related / interdependent Processes for this process.
Processes are interdependent when a deliverable from one process is required to enable execution or to
achieve process objectives in the other process.
The table represents an aggregate by activity and task of all the interdependent process inputs (including
triggers) and outputs.
Activity / Task ID Interdependent Input Output
/ Task
Process
18.2 Policies
This section contains a summary of the policies related to this process.
Policy Name Description
Request For Describes the minimum requirements for a requestor to submit a Request for Change
Change Details (RFC) to Change Management, so that expectations for input information are consist-
Policy ently set.
Change Accounta- For each Change Record, accountability must be established, so as to effectively
bility Policy manage a Change through its lifecycle irrespective of geographical and/or organiza-
tional boundaries.
Change Notification The objective of notification is to ensure the responsible role within the process is noti-
Policy fied about further action required by them, or to communicate relevant information.
Change Record Describes when creation of a Change Record is required and what minimum infor-
Logging Policy mation is required.
Change Type Poli- Defines the Change Types.
cy
Standard Change This policy sets rules how to identify, manage, and make use of standard changes.
Policy The purpose of the standard change is to improve efficiency and effectiveness of day-
to-day operations and reduce the burden on the change analysts, authority and CAB,
allowing them to focus on more complex and higher risk changes. Effective use of
standard changes will reduce bureaucracy and improve efficiency.
Change Priority Guidance for change prioritization and its relevance for treatment and scheduling of
Policy changes.
Change Risk and Determine the risk for change severity and the lead time required to safely execute the
Lead Time Policy change.
Change Window Defines governance of Change Windows and defines related terminology and key
Policy time-frames.
Change Schedule The purpose of this policy is to enable IBM to use received information in order to
Constraints Notifi- identify constraints on the schedule for IBM managed changes that may arise from
cation Policy customer specific change schedule constraints. IBM makes such change schedule
constraint information available to its relevant personnel.
Change Plan Policy The change plan contains details about implementation, validation and remediation of
the change. The minimum level of detail of this plan depends on the change risk and
is described in this document
Change Schedule This policy is used to identify and resolve change scheduling conflicts, prevent delays
Con- in the change management process and enhance change management results and
Unique Mandatory Output from: Artifact Responsible Every request for change must be
Change documented with a unique change
Review Request For Change
Record record number. Information in-
Document and Assess cluded within the change record
Change must meet the criteria listed on the
Change Record Logging Policy.
Coordinate Change Build &
Test
Authorize Change
Review and Close Change
Forward Mandatory Input to: Deliv- Modified By A document that lists all upcoming
Schedule of erable changes and their planned imple-
2.2 Request Change Imple-
Change mentation dates, as well as the
mentation Window
estimated implementation dates of
4.7 Chair Change Advisory longer-term changes.
Board Meeting
20 Glossary
This section is a glossary that defines any uncommon terms used in this document.
Term Definition
Term Definition
Change Freeze A period of time for which no changes are to be scheduled in order to promote a stable
Period IT environment.
Change Imple- A task that performs actual change deployment, validation, remediation or back-out.
mentation Task
Change Model A repeatable way of dealing with a particular kind of change. A change model defines
the specific steps that will be followed for a change of this kind. The change model in-
cludes all relevant Change Plan details.
Change Plan The set of Implementation Plan, Validation Plan and Remediation Plan for a change.
Change Record A Record containing the details of a Change. Each Change Record documents the
lifecycle of a single Change. A Change Record is created for every Request for Change
that is received, even those that are subsequently rejected. Change Records reference
the Configuration Items that are affected by the Change. Change Records may be
stored in the Configuration Management System or elsewhere in the Service Knowledge
Management System. (ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Change Request A formal proposal for a Change to be made. An RFC may include details of the pro-
posed Change and may be recorded on paper or electronically. The term RFC is often
misused to mean a Change Record, or the Change itself.
Note: "Change Request" and "Request for Change" are synonymous.
(ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Change Risk A value that indicates the magnitude of risk assessed for a proposed change. Changes
are often categorized by their Change Risk for reporting purposes.
Note: “Change Risk” and “Change Risk Level” are synonymous.
Change Sched- A period of time reserved by another party during which the IT service provider is not
ule Constraint permitted to schedule changes. E.g. a Change Freeze Period or any activity already
planned by the customer that will make changes by the IT service provider impossible.
Change Type There are three types of changes: Normal, Emergency Standard. Refer to the Change
Type policy.
Change Window A regular, agreed time when changes or releases may be implemented with minimal
impact on services. Change windows are usually documented in service level agree-
ments.
Note: “Change Window” and “Maintenance Window” are synonymous.
Configuration A component that needs to be managed in order to deliver an IT Service. Information
Item (CI) about each CI is recorded in a configuration record within the Configuration Manage-
ment System and is maintained throughout its lifecycle by Configuration Management.
CIs are defined by Configuration Management and under the control of Change Man-
agement.
Control Point Control Points are points identified by the Process Owner within an application, system,
or business process to manage risks in support of delivering business value-add and
meeting compliance objectives.
Deliverable An output from a process that has a value, material or otherwise, to a customer or other
stakeholder.
Term Definition
Emergency A subgroup of the change advisory board that makes decisions about emergency
Change Advisory changes. Membership may be decided at the time a meeting is called, and depends on
Board (ECAB) the nature of the emergency change.
Failure Loss of ability to operate to specification, or to deliver the required output. The term fail-
ure may be used when referring to IT services, processes, activities, configuration items
and so forth. A failure often causes an Incident. (ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Forward Sched- A document that lists all upcoming changes and their planned implementation dates, as
ule of Change well as the estimated implementation dates of longer-term changes.
Impact A measure of the effect of an Incident, Problem, or Change on business processes. Im-
pact is often based on how service levels are affected. Impact and urgency are used to
assign priority. (ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Impact Assess- Various analyses made by stakeholders concerning the impact of a proposed Change
ment Request. Typically, an impact assessment may include the views of Availability Man-
agement, Capacity Management, Security Management and other teams.
Incident An unplanned interruption to an IT service or a reduction in the quality of an IT service.
Failure of a Configuration Item that has not yet impacted service is also an Incident, for
example, failure of one disk from a mirror set. (ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Incident Record A record containing the details of an Incident. Each Incident record documents the
Lifecycle of a single Incident. (ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Input Metric Input metrics are measurements prior to execution of the first process activity.
Interdependent Processes are interdependent when a deliverable from one process is required to ena-
Processes ble execution or to achieve process objectives in the other process.
KPI Acronym: Key Performance Indicator, A metric that is used to help manage a process,
IT service or activity. Many metrics may be measured, but only the most important of
these are defined as KPIs and used to actively manage and report on the process, IT
service or activity. KPIs should be selected to ensure that efficiency, effectiveness, and
cost effectiveness are all managed. (ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Maintenance See Change Window definition.
Window
Note: “Change Window” and “Maintenance Window” are synonymous.
Measurements Measurement is a collection of data showing a trend (Do) toward an objective regularly
updated (Plan) and associated with a feedback loop (Check) for an action (Act).
Normal Change A change that follows the normal change process and complies with the lead times.
Operational Met- Operational metrics (example: Operations Monitoring) measure process behavior during
ric process execution.
Output Metric Output metrics are the measuring of a process performance characteristic towards an
objective.
Term Definition
Policy Formally documented management expectations and intentions. Policies are used to
direct decisions, and to ensure consistent and appropriate development and implemen-
tation of processes, standards, roles, activities, IT infrastructure etc. (ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
A statement of business choice that explains how a process-level decision is made.
Post- A review that takes place after a change or a project has been implemented. It deter-
Implementation- mines if the change or project was successful, and identifies opportunities for improve-
Review (PIR) ment. (ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Pre-production An IT environment that is not in productive business use by the customer but that has a
Environment configuration equivalent to the productive environment for a given reason. Possible rea-
sons for use may be to have an environment for testing releases to production, replicat-
ing incidents or testing operational/infrastructure/security systems.
Priority A category used to identify the relative importance of an Incident, Problem or Change.
Priority is based on impact and urgency and is used to identify required times for actions
to be taken. (ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Problem A cause of one or more Incidents. The cause is not usually known at the time a Problem
record is created and the Problem Management process is responsible for further inves-
tigation. (ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Problem Record A Record containing the details of a Problem. Each Problem Record documents the
Lifecycle of a single Problem. (ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Projected Service A document that identifies the effect of planned changes, maintenance activities and
Outage (PSO) test plans on agreed service levels. The PSO contains details of changes to agreed
SLAs and service availability because of the current Forward Schedule of Change, in
addition to planned downtime from other causes such as planned maintenance and data
backup. The PSO may be produced jointly with other processes, such as Service Level
Management, Availability Management and IT Service Continuity Management. (ITIL®
V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Remediation Actions taken to recover after a failed change or release. Remediation may include
back-out, invocation of service continuity plans, or other actions designed to enable the
business process to continue. (ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Remediation Plan A plan for performing remediation.
Request for A formal proposal for a Change to be made. An RFC includes details of the proposed
Change (RFC) Change and may be recorded on paper or electronically. The term RFC is often misused
to mean a Change Record, or the Change itself.
Note: "Change Request" and "Request for Change" are synonymous. (ITIL® V3 Glossa-
ry)
(ITIL® is a Registered Trade Mark of Axelos)
Term Definition
Requestor In the context of change Management, “Requestor” refers to the individual who has
submitted a Request for Change (RFC) to Change Management. This is not the end-
user. Those would need to contact the Service Desk to place requests.
Risk A possible event that could cause harm or loss, or affect the ability to achieve objec-
tives. A risk is measured by the probability of a threat, the vulnerability of the asset to
that threat and the impact it would have if it occurred. (ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Risk Assessment Analyzing the value of assets to the business, identifying threats to those assets and
evaluating how vulnerable each asset is to those threats. Risk Assessment can be
quantitative (based on numerical data) or qualitative. (ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Scheduled The time frame between the scheduled start of the first change implementation task and
Change Imple- the scheduled end of the last change implementation task of a scheduled change.
mentation Win-
dow
SLA Acronym: Service Level Agreement, An Agreement between an IT Service Provider and
a Customer. The SLA describes the IT Service, documents Service Level Targets, and
specifies the responsibilities of the IT Service Provider and the Customer. A single SLA
may cover multiple IT Services or multiple Customers. (ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Stakeholder A stakeholder is anyone who has a vested interest in the results of a task. These stake-
holders represent organizational and functional entities other than those already identi-
fied.
Responsibilities
Participation in information-gathering or requirements-gathering
Analysis results
Troubleshooting results
Plans that may impact the work done by the stakeholder
Standard Chang- The managed list of Change Requests that are considered to be of Standard change
es List type.
Task A unit of work a role may be asked to perform.
A task is the smallest unit of work within an activity flow. It is role-assignable - that is, it
can be performed by one individual acting in one defined role
Urgency A measure of how long until an Incident, Problem or Change has a significant impact on
the business. For example, a high impact Incident may have low urgency, if the impact
does not affect the business until the end of the financial year. Impact and urgency are
used to assign priority. (ITIL® V3 Glossary)
(ITIL® is a Registered Trade Mark of Axelos)
Urgent Change Urgent changes are a condition of normal changes. While not meeting the criteria of an
(expedited) Emergency Change, an urgent change cannot comply with the lead time due to a vital
business need for change. An urgent normal change will still go through the entire pro-
cess, although the speed at which it is planned, scheduled, assessed, built, tested and
authorized is much faster.
Term Definition
Validation Plan A Validation Plan contains the instructions to validate the outcome of a change to de-
termine success/non-success against predefined success criteria.
Note: Validation Plan is sometimes also called “Post-Implementation Test Plan”.
End of Document