Professional Documents
Culture Documents
Change Management Policy
Change Management Policy
PROCEDURES GUIDELINE
IT DEPARTMENT
October 2020.
CHANGE MANAGEMENT POLICIES AND PROCEDURES GUIDELINE
INTRODUCTION
The main aim of the IT change management policy is to carry out IT changes in the most efficient
manner while minimizing the business impact, costs, and risks. It is the responsibility of the IT
department to manage the Life cycle of all business applications and IT infrastructure and as such all
the processes and procedures involving change control and management will be defined in this
document.
Change is defined as anything that transforms, changes, or modifies the standard operating
procedures of a system or service and has the potential to affect the stability and reliability of our IT
application or infrastructure or disrupt the business of the company.
User request
Vendor recommendations
Changes In regulation
Hardware and software upgrades/failures
Unforeseen events etc.
The Change Management process begins with the creation of a Change Request either via an email
or within the IT support help desk system, and ends with the satisfactory implementation of the
change and the communication of the result of that change to all interested parties.
To accomplish this, the change management process includes the following primary steps:
• Post-Implementation Review.
The Change Management Process must be consistent in quality and completeness and discards
irrelevant requests.
The change request can be submitted either via an email or through the IT support help desk and will
be reviewed by the IT Department manager and IT unit manager (the manager who is responsible in
ensuring that the change request is implemented and fit all stated requirement) within the
2|Page
appropriate IT unit. The change task assignee will determine if the information provided is sufficient
to initiate the change and will contact the change initiator if additional information is required.
IMPACT LEVELS
LOW- routine changes fall within this impact level as these type of changes poses low risk to system
availability, easy implementation,
MEDIUM- the component of a medium impact level change request involves IT resources from more
than one unit of the IT department and has moderate risk to system availability i.e. system/service
downtime during business hours
HIGH- a change request is considered to have high impact on the business application when it
involves more than one unit of the IT department and external consultants, high risk to system
availability i.e. system/service downtime during business hours, complex implementation process,
may affect security of data on infrastructure.
The change request can be grouped into four priority groups which is to be defined by the change
initiator.
3|Page
Approve and Schedule the Change.
After the requirements for the change has been identified, whether a minor, major or significant
change, and has been correctly prioritized, categorized, and analyzed by the IT unit manager, the
change must be approved before implementation. The process of authorizing a change request
depends on the priority and category of the change.
Emergency priority change request are escalated to the Finance/IT director or IT Department
manager, the IT Department manager then channels the request to the IT unit manager in charge of
implementing the request.
Approval - All emergency change request should be requested for either via an email or within the
IT support help desk system and should be approved by the Finance/IT director or IT manager.
Minor changes can be approved by the IT unit Manger or the IT Department Manager or the
manager or director of the change initiator.
Major and significant changes should be approved by the Director of the change initiators
department, the Finance/IT director or the M.D
In each of the cases mentioned above, the appropriate person or body decides on whether the
change should be implemented based on the information provided in the Request for Change
document. If the Request for change is not approved, the Change Initiator is informed of the
decision, and the reasons for the rejection made known to the change initiator and documented.
Change Implementation
The IT team in charge of implementing the change should do so in accordance with the change
request requirement and strive to work within the agreed time. Significant changes within the
business applications or IT infrastructure that may need program development or change in
configurations should follow the requirement which all change implementation must follow:
4|Page
After the change has been implemented, the IT team responsible for the change and the
end users who will be using the change will carry out testing based on the agreed test
period in the implementation project plan. The end users will then need to give either of the
feedback below.
Accept the changes with no comments (change has been satisfactorily implemented)
Accept the changes with minor exceptions i.e. the exceptions will be fixed
Reject the change if it does not meet the requirement requested for.
If the change is rejected it should be thoroughly reviewed to identify the root cause of the
failure and this may probably result to the initiation of a new change request.
5|Page