Ideas on Categorizing Changes and Problems…

Categorization

Everybody categorizes changes and problems. But what I find is that the categories are typically too narrow and don’t allow for broader understanding of  what is driving your IT shop.

Usually data will show that you do a lot of work in a certain application or service. Or that your changes are only planned 8 days in advance or your emergency changes are 15% of all changes. Or maybe you had 13 problems in Email last year.

But this doesn’t help explain what is driving these numbers

Change Categories

I am a big fan of not just capturing if your Change effort was an Emergency or not but what the real driver for the change was.

In particular, I believe you can “categorize” your change efforts into just a few buckets:

Break/fix – something is broken and you have to fix it.

Planned Maintenance – Maybe this is a planned patch or reboot or even upgrade of your application. This is just to keep things going, maybe to maintain support with a vendor or close a security hole. There is no “additional benefit” to the client  that is driving this effort there might be some, but it isn’t the driver. How do you know if it is the driver? Well, how are you selling the effort? Are you selling it the change effort as something that will change the way the client works (additional features) or will they even notice? Is it more for your IT support staff or for the client? If it is for your IT staff – it is PM (unless it has already broken, then it is B/F).

Enhancement – This one is tricky. Most people in IT will want their work to go here but in reality, it is probably PM. Enhancement is for change efforts that will ‘enhance’ the way the client does work today. It will cause some Business change as a result. If your change doesn’t do this, or doesn’t intend to do this, it isn’t an Enhancement. Some examples:

I have a plain old telephone system. I am switching it all out for IP telephony at some considerable expense. This requires a lot of IT engineering and transition planning. When it is done, the business will be able to make phone calls just like they do today.

So, what kind of change is that?

If you answered Enhancement – you would be wrong. Nothing about how the business functions will be changed because of this effort. They will still make phone calls like they used to. The underlying technology has changed but that did not “enhance” the business did it? No, it did not.

Another example: I am using Exchange 2003 and I’m upgrading to Exchange 2010. There are a lot of new features that we may take advantage of in the future. This change though is just getting us to the new infrastructure. There is a lot riding on this because our company lives and dies with email.

What kind of change is this?

Planned Maintenance. Again, it does not change the way the business works. It is a background change for IT. That doesn’t take away from the hard work, the long hours, or the importance of the work. It just categorizes it for what it is.

One more example: When a new person is hired, the hiring manager (or office manager) can now click a single link from the Companies Home page and fill out a small form. This will kick off all the tickets that need to be created for laptop provisioning, phone provisioning, and account provisioning. The master ticket will then be emailed to you. You no longer have to call the Service Desk and track multiple tickets.

Finally, an Enhancement!  This is taking current service provided and making them better. Crucially, this is going to change the way your client works – not a drastic change, but a change nevertheless.

Transformative – This change is fairly rare. This is really transforming the way the client does business. This isn’t a fairly small step (Enhancement) this is a large step requiring extensive training and probably new/changed business processes.

Example: We are integrating Email, Voice Mail, Instant messaging and creating “soft phones” on your laptops. We are also introducing camera’s for all laptops/desktops so we can do video conferencing. We are calling this Unified Communications.

This can be a fairly dramatic change to an organization requiring a lot of training to your customer base. There are also a lot of new features (voice mail accessible in email, ability to “see” each other) that need to be discussed and explained so we can make the best use of them. One of the biggest might be the “soft phone” on the laptop. Now your work phone travels…so we expect you to pick it up. : – )

Perhaps though, this isn’t a big enough change for you to qualify as “transformative” so you may only call it a “enhancement” – that is fine. The point here is that you have to think about it and you can’t call everything you do “transformative” or an “enhancement” because of the impact it has on IT – the impact has to be on the customer!

Finally, the last type of change I would categorize is:

Legal or M&A – Any type of change that is dictated by legal requirements or because of merger and acquisition activity. Typically there is little lead time for this work – so it is actually “interrupt” work. This is probably coming across as an “Emergency” change – but the reason it is an emergency change is very different than say B/F. You probably need to know that so you can explain why Emergency changes have gone up or why you can’t get them below a certain point. If your business is buying/merging or heavily regulated with lots of rule changes – there is only so much an IT department can “predict” – the rest is reactionary.

Problem Categories

Now with all that in mind, I was thinking of Problems. What are the main categories of Problems?

The list I came up with are:

Hardware – Rather simple one here. A hardware error. I suspect you won’t see many of these but still, they happen from time to time.

Engineering/Configuration – This is an error that was introduced in engineering or configuration of the system, application or service. This could be vendor caused or internal engineering caused. This type of error is typically troublesome, hard to find, and takes awhile to fix. If you are lucky it is something relatively straightforward like a setting was wrong on your Load Balancer so it wasn’t actually distributing the load properly.

Administrative/Operational – This is an error caused by the inattention of the operational staff due to a) ineptitude b) ignorance or c) understaffed (other priorities). Things like, a disk filling up is an Administrative/Operational issue. Patches not being applied in a timely manner causing a security hole to be exploited is a Administrative/Operational error. A redundant NIC failure that isn’t noticed, then when the primary fails…the server is offline – is a mixture of Hardware and Administrative/Operational error.

That is it. All errors I can think of will fall into one of those 3 categories.

So, what do these categories tell you?

Well, for changes it tells you what type of work you are doing – Break/Fix and Planned Maintenance are KTLO (keep the light on) type work. They are “operational” in nature. They don’t excite the business at all (they do however, keep it running).

Enhancements and Transformative changes are all about BITA (Business IT Alignment) – what are you doing to help the business grow?  Do think you are aligned with the business? Why then are only 10% of all your changes either Enhancements or Transformative?

Legal, M&A – is a mixture of KTLO and BITA. You have to do it keep the lights on but it isn’t IT driven, it is business driven. This data can show them that you do jump when needed.

You can even use these categories to help set urgency (or priority if you are so inclined). What is more important – KTLO or BITA? Where do you put more of your attention, more of your star players? Probably BITA, but that is for you to decide.

On the Problem data, the Hardware category might be interesting but it probably won’t be. What will be interesting to know is if most of your Problems are Engineering related or Operational related. Is it because you are not doing a good enough job in Service Design/Transition or because you are not doing enough in Operations?

They require different organizational responses so it is probably quite helpful to know the answer. Should you invest in a new Testing team, testing manager, testing software or should you spend more on hiring (or outsourcing) Operational efforts? Maybe you have poor processes, or poor operational tools (like an Event tool or alerting tool).

Categorizing your changes and problems in this manner can help you make these decisions in a way that the traditional category methods cannot.

Project Management, Change Management and Release Management

Change Management

It seems that most people view ITIL Change Management as the recording and approval of “operational” work being done in the production environment.

Typically what I’ve read, heard and discussed with people is some concept of putting in a “RFC” a few weeks, maybe a few days, before the implementation of the change. The Schedule of Change then becomes the go to resource to see what is being “released” in the environment when.

This (what I may call “traditional”) view of Change Management is entirely too limited.

First it completely crushes Release Management to the point where a lot of organizations don’t do this, don’t do it well, and really don’t understand how Release works with and/or is different from Change Management.

Second, it creates limited interaction with Project Management, Service Design functions, or even Service Strategy functions. If you are just considering the risk of a change 8 days before implementation, when the majority of the money, time, and other resources have already been spent…you are not doing much of a “risk evaluation.”

Project Management

All projects are essentially the organization/management of resources with the purpose of implementing change(s). There are of course lots of work that goes into doing that and doing that well. Scope statements, stakeholder communications, requirements gathering, budgeting, coordination across multiple “line” teams and the utilization of various IT processes.

Some things to consider when thinking about Project Management and the (real) role of Change Management…

  • How do we ‘prioritize’ this project vs other organizational efforts?
    • Not just priority vs other proposed work but priority vs current efforts?
  • How do we assess the risk of the project from multiple facets (before work is actually started)
    • Such as “Capacity”, “Availability”, Business Continuity”, “Portfolio/Catalog”,  or “Security”
  • How are we determining, documenting, and then managing what “gateways” this effort must pass through in order to progress from Design to Operations?
    • Not every “change” needs a detailed design review or a new pricing model – how do you determine which does and how do you ensure they go through those checkpoints?
  • How do we document and manage any changes to scope or to risk to the ‘change’ when it is in Design or Transition?

If you are not doing a RFC until a week or so you are moving to Production – you can’t possibly be capturing and managing this type of information using Change Management – so then how are you doing it….or are you doing it at all?

Release Management

The often forgotten and neglected process. Sad and lonely. Do you have a Release Management Board? How does it work with the CAB? Who actually sets the schedule for ‘release’?

In most places it seems that the Schedule of Change (to include date/time) is set by the Change Advisory Board. In doing so, I believe, you force Release to march to that tune and so curtail some of the power/authority a Release Management Process can (should) have.

The Release Management process should dictate the actual schedule of the implementation. The CAB should only state the change is “authorized” – the actual date/time, type of release, resources used in the release, artifacts required are determined by Release not by Change. Change is the ‘macro’ and Release is the ‘micro’.

How they can work together…

A need or idea for a change starts the Change Management process. Some of these will also be Projects, some will not.

Change Management can start months, maybe a year, prior to the actual implementation date. Change Management may review an RFC multiple times.

Consider the following:

  1. Need/Idea
    1. These are: Customer/Business Requirement, Customer/Business Request, Service Improvement, Service Correction
    2. Our new idea is “New Service Desk” tool.  Since it is coming from IT, it is most likely a “Service Improvement” effort.
  2. A high level business case should be put together and then you have your first CAB review
    1. Define problem, define scope/urgency, define benefits/risks, define estimate of resources needed
  3. CAB provides approval to move towards RFP and proof of concept
  4. The ‘project team’ then develops RFP and/or POC, meets with vendors, obtains testing equipment/software, performs POC, reviews POC…
  5. Team updates RFC with POC/RFP information – updates Business Case as needed. Goes back to the CAB. The CAB can then approve/deny continuation of the effort.
  6. At this stage the ‘project team’ must create Design plan, what artifacts (Capacity Plan, Security Plan…etc) will be required/updated , schedule of significant milestones (such as: requirements signoff by stakeholders, beginning of testing) and resource allocation.
  7. The ‘project’ goes back to the CAB – the Design plan is reviewed and denied (maybe they didn’t include the Business Continuity Plan, or maybe the planning seems to include things beyond initial scope) or approved
  8. The ‘project’ moves to development/design – any deviation of dates to significant milestones require an update to the RFC – which requires review by the CAB.
    1. Why was testing pushed back 1 month?
    2. What other efforts will that impact? Are resources still available? How does that impact future ‘change’ requests?
    3. Normal progression through milestones just has updates to RFC (change in sub-status could be helpful here for reporting purposes)
  9. During Design/Development – Release Management starts to become involved. They are the gate keeper to some significant milestones (such as Acceptance of Testing, Implementation Plan Acceptance) – they approve the RFC to migrate through these ‘sub-status’
  10. As the effort moves through testing but prior to implementation – the CAB reviews the change again and then provides “approval” for implementation. The schedule is set by Release Management.
  11. Release Management provides approval for the Implementation Plan and sets the date/time for the release.
  12. After implementation Release Management reviews the “release” and provides input to Change Management to assess overall success/failure of Change.
    1. The ‘release’ component can be successful while the overall change effort can be viewed as less than successful due to schedule/resource overruns, or failure to adequately address customer/business needs. This separates the assessment of the Change from the assessment of the Release.

But let’s just say that you are not doing something that large. You are just doing a  a upgrade to an existing application or maybe you are just adding capacity to a service by putting in more “servers” – Do you have to go through ALL of this stuff?

The answer is a bit of yes and no. You still need to put in the initial RFC. You list it as “Service Correction” or “Service Improvement” and you still need some high level business case (this is your justification or reason for doing the work). It will get approved and you don’t need a RFP or maybe even a POC so you move right to documenting your Develop/Design plan and identifying which documents you will create/update. This is then approved (let’s say your work does not impact Availability, or Security – so you just say you won’t be updating or creating those documents). It is then approved to move to the next stage – which then you will start to engage with Release Management. You have to progress through their stages and you can then get to implementation in production.

Of course you can always create “standard changes” which can speed this process up by “pre-approving” many steps but that of course means you’ve at least gone through this exercise at least once.

Recap…

Project Management is to manage discreet efforts. The may be large in scope but they have a defined scope. They may even have PM Boards which discuss project management practices, or certain artifacts related to Project Management (status reports). Project Management is more about “who” and “how” is something is getting done.

Change Management is to manage ALL change efforts to the enterprise. Big or small. Project or Operational. They must all be recorded, assessed, and balanced against all other requests and business needs. We cannot allow ‘rogue’ work on change efforts without governance. Change Management is more about “why” and “what” is getting done.

Release Management is to manage the transition from the ‘test environment’ to the ‘production environment.’ It is concerned with the details of those plans. Release Management is about “how” and “when” something is getting done.

The “where” is defined in your policies. I’d recommend that this type of structure apply to production as well as applying Release Management controls over your test environment.

What are your thoughts?

Ideas how Release and Change Management work together and versioning…

How far in advance are you putting in a Change Request?

Most of my personal experience with Change Management has seen that Change Requests come to the Change Advisory Board about 14 days to a few hours before the requested date for production. This seems to be the “norm” per discussions on LinkedIn and with other practitioners.

So, where and how then would you engage with Release Management? Certainly it is not possible to work on designs, unit testing, functional testing, user acceptance testing, load testing, deployment planning, and all of that work in just 10 days or so for any project of significance?!?

Also, I can’t see how a CAB could approve a “schedule” for changes to production for a project that will run months, perhaps even over a year. What happens when the date slips? Do you go through the CAB again? A project that is 8 or 9 months long will probably move the exact deployment date more than few times. It doesn’t seem practical to clog up the CAB with these requests.

Demand Management Board? Release Management Board?

So, let’s say you have an idea (or request) for a project. We already know it is much too early to open a Change Request to have it reviewed by the CAB. So, in what vehicle do you open a “request” up and when?

Perhaps having a Demand Management Board would make sense. This is where the idea can be vetted, perhaps some high level (or initial) budget can be allocated, a tentative schedule, and maybe the “green light” to do conduct a “Proof of Concept”

But what happens after the POC? Now you start getting firmer requirements, clearer designs, and maybe even a tighter budget and schedule. What “release vehicle” should you use and who will have oversight of all the “release” work (resource scheduling and so on)?

A Release Management Board seems like it would be beneficial here. Here you will determine what steps will be required for this “project” (will it require a full design document (such as for a new service) or only an update to an existing one, what level(s) of testing, what checkpoints for quality will be required, how involved will operations need to be, etc), the overall schedule for the effort, balance resources for release management, and perhaps look to consolidate efforts or avoid conflict/collision of releases.

Could these two boards be combined? I think so. But that would be for each organization to determine.

Could these boards be the same as the CAB? I don’t think so. The CAB seems to be more focused on the upcoming “operational” impact of changes – not necessarily the approval of concepts, the development model chosen, project scheduling/resource allocation, and transition planning (in detail anyway). Again, the CAB is more about – what is happening to Production next week and are we ready?

Change Management linking to Release Management

Instead of having just a Change ticket then, I think you should have a Release ticket.

The Change ticket will be to approve the release product (as defined/detailed in the release ticket). Perhaps the CAB will feel the need to move the release date (so an update to the transition plan will have to be made) or perhaps the CAB will feel that Operations is not ready at all and have the effort go back through all/parts of  Release Management.

Once the CAB approves the request – Release Management will have the defined plans of what/how the transition will happen – Change Management will confirm the when (start/finish) and results.

Release Management tickets will be opened for weeks (patches? Other small efforts) to months, perhaps over a year. A Change Management ticket will be opened for maybe 1 month – probably just 2 weeks or sometimes even less.

Thoughts on Versioning

In my past, projects I’ve worked on, had versioning levels for applications that included any functionality provided by that application.

For instance, Remedy 7.2 and then Remedy 7.3 – included in that was Incident, Change, Catalog, Asset Tracking and so on. We may update Incident with new workflow and that might be – internally Remedy 7.3.1 or something like that.

A concept I just heard about was actually to separate the “tool” or “technology” or “application” from the “functionality” or “service” being consumed. This would mean you would have Remedy 7.3 but if you did something to Incident it would become Incident 1.0 or 1.1.

Incident 1.1 would then “sit” on or be provided from Remedy 7.3 but not necessarily linked.

In a way, it is like separating Remedy 7.3 from your Windows Server Image. And then separating your Windows Server Image from your Hardware Configuration. So, you actually start “stacking” these “releases” on top of each other.

Example:

  • Incident 1.3 – Details the requirements – features/functions of Incident
  • Remedy  App 7.5 – Essentially the COTS product from the vendor – Vendor patches are applied here…
  • Remedy Application Server Configuration 1.2 — Specific configurations that need to be done to the Server so the Remedy App can work
  • Windows Server Image 3.4 — the Company’s base Windows Server Image
  • Hardware Configuration 6.5 — The Company’s base HW configuration

So, what if you wanted to add more memory? You would update the Remedy Application Server Configuration.

What if you replaced the server? That would be an update to Hardware Configuration.

Now for the really fun part – what if you replaced Remedy with CA Service Desk?

Then that would be this:

  • Incident 1.3 – Details the requirements – features/functions of Incident
  • CA Service Desk 12.5 – Essentially the COTS product from the vendor – Vendor patches are applied here…
  • CA SD Application Server Configuration 1.0 — Specific configurations that need to be done to the Server so the CASD App can work
  • Windows Server Image 3.4 — the Company’s base Windows Server Image
  • Hardware Configuration 6.5 — The Company’s base HW configuration

If you did, as part of this “technology” change update anything to do with Incident – then its version would change accordingly.

I believe this allows for clarity on requirements documents, testing, and release planning. You work on whatever release component you want but the requirements are very specific to that release component.

Instead of having a single project cover each of these release items – you essentially have 5 projects (interrelated) with very specific release models/focus that could be managed under a larger project (or program?).

The Change would really then be a collection of Releases – and not just CA Service Desk with all these specific releases sort of lost in the shuffle.

Some technical notes…

I recently wanted (needed?) to find out the delta between ‘actual’ start times and ‘requested’ or ‘scheduled’ start times of Change orders.

We use CA Service Desk 12.5 where I am right now. The output of the data looked liked such:

Scheduled Start Date

12/2/2011  6:15:00 PM

Actual Start date

12/2/2011  6:21:58 PM

Let’s say that was cell A2 and cell B2.

The first thing I did was: =(B2-A2*86400). This produces the raw number of seconds. In this case 418 seconds.

I called this “Total Seconds”

In the next cell I did this: =ROUNDDOWN(C2/60,0)

This will produce the number “6” which is the “Total Minutes”

In the next cell I used this: =ABS(D2)

This will produce the number “6” which is the “Absolute Minutes” – this is important if/when we deal with negative numbers which can happen when people start changes before their scheduled start time.

The next cell I used was this: =ROUNDDOWN(D2/60,0)

This produced the number “0” in this case. This captures “Total Hours” – this will produce a number if the delta is greater than 60 minutes or 3600 seconds.

The next cell I used was this: =ABS(F2)

Which will show the “Absolute Hours”

The next cell I use was: =ABS(C2)

Which will show the “Absolute Seconds”

Now we basically have all the raw numbers and converted absolute numbers we need to produce values that will show negative or positive time deltas with only 1 negative sign showing up in the final number.

Now the more ‘complicated’ calculations begin.

In the next cell I use this formula: =IF((H2>3600),(H2-(3600*G2)), IF((H2<3600),H2, H2))

This will produce the total number of ‘seconds’ that are left over after all ‘hours’ have been accounted for. In this case it is just 418 seconds. However, if our initial times were say..8001 seconds apart, then we would have over 2 hours of delta and this formula will have produced “801” seconds.

In the next cell I use this formula: =IF((E2>60),(E2-(60*G2)), IF((D2<60),D2, D2))

Similar to the previous cell, this one calculates all minutes left over after all hours have been accounted for. This will also place the negative sign at the minute mark if appropriate.

In the next cell I use this formula: =IF((I2>60),(MOD(I2,60)), IF((C2<0),C2,I2))

Again, this determines the total left over seconds after all the minutes have been accounted for. It will also put the negative sign at the second mark if appropriate.

Next I use this formula: =F2&”:”&J2&”:”&INT(K2)

Which will produce the “Math Time” or “Raw Time” and in our case it should look like this:

0:6:58

Finally, I use this formula: =TEXT(L2, “h:mm:ss”)

Which will display the “Display Time” and that will look like this:

0:06:58

If we had -418 instead of 418 the final two sets of numbers would look like this:

0:-6:58

0:-6:58

So, not ‘perfect’, but it will put the negative sign at the appropriate level.

I have run many tests against this and it seems to work for any reasonable number I can think of or have seen in the reports.

There may be a more straightforward way of doing this. I must admit I became tired at some point and may have overlooked an easier path. I tried many different approaches but this is the only one I have found that deals well with negative as well as positive numbers and both large and small numbers.

Gamification of Change Management?

I never heard of “gamification” until a few weeks ago. Maybe I shouldn’t admit to not knowing about something that has been going on in the IT space for sometime now but…I really never heard of it.

I don’t really play games like Farmville or WoW or Mafia Wars. I have played Angry Birds and a few other like games but not for hours and hours and I’ve never “beaten” any of them. So, I guess I was a little out of touch with the roots of “gamification” and I’ve only come to know it from a news article link on LinkedIn.

Since then I see it everywhere. It is like I took the red pill or something. Today, Harvard Business Review asked “What if all work were gamified?” Interesting question…

I work as a Change Manager at a fairly large company. The history of Change Management here hasn’t been a very rich or successful one. I do believe we are making strides in the right direction but could we go further with “gamification” of the Change Management process?

I thought about a point system that could work something like this:

Change Request/Approval points

  • 1 pt for each change request
  • 2 pts for approving a “Standard” change
  • 3 pts for having a “Standard” change request approved
  • 5 pts for a “Standard” change request approved 10 days before the implementation date (this gets around “requesting a change” 10 days early – I can already see people putting in skeleton changes just to get some points!)
  • 5 pts for having a “Normal” change approved
  • 10 pts for having a “Normal” change approved 10 days before the implementation date
  • -15 pts for implementing a change without approval
  • -1 pt for each cancelled change
Then we can have Change Impact Points
  • 20 points for a successful “Normal” change
  • 100 points for a successful “Standard” change
  • -10 points for an Emergency Change
  • -30 points for a failed “Normal” change
  • -150 points for a failed “Standard” change
  • -10 points for a backed out “Normal” change
  • -75 points for a backed out “Standard” change
Then maybe some rewards based on point totals. Maybe a free lunch for anyone over 50 change request/approval points and 250 change impact points? A $100 gift reward for achieving the most points over a quarter?
Would this work? I don’t know but I’d love to give it a try.
What are your thoughts?