It seems that most people view ITIL Change Management as the recording and approval of “operational” work being done in the production environment.
Typically what I’ve read, heard and discussed with people is some concept of putting in a “RFC” a few weeks, maybe a few days, before the implementation of the change. The Schedule of Change then becomes the go to resource to see what is being “released” in the environment when.
This (what I may call “traditional”) view of Change Management is entirely too limited.
First it completely crushes Release Management to the point where a lot of organizations don’t do this, don’t do it well, and really don’t understand how Release works with and/or is different from Change Management.
Second, it creates limited interaction with Project Management, Service Design functions, or even Service Strategy functions. If you are just considering the risk of a change 8 days before implementation, when the majority of the money, time, and other resources have already been spent…you are not doing much of a “risk evaluation.”
All projects are essentially the organization/management of resources with the purpose of implementing change(s). There are of course lots of work that goes into doing that and doing that well. Scope statements, stakeholder communications, requirements gathering, budgeting, coordination across multiple “line” teams and the utilization of various IT processes.
Some things to consider when thinking about Project Management and the (real) role of Change Management…
- How do we ‘prioritize’ this project vs other organizational efforts?
- Not just priority vs other proposed work but priority vs current efforts?
- How do we assess the risk of the project from multiple facets (before work is actually started)
- Such as “Capacity”, “Availability”, Business Continuity”, “Portfolio/Catalog”, or “Security”
- How are we determining, documenting, and then managing what “gateways” this effort must pass through in order to progress from Design to Operations?
- Not every “change” needs a detailed design review or a new pricing model – how do you determine which does and how do you ensure they go through those checkpoints?
- How do we document and manage any changes to scope or to risk to the ‘change’ when it is in Design or Transition?
If you are not doing a RFC until a week or so you are moving to Production – you can’t possibly be capturing and managing this type of information using Change Management – so then how are you doing it….or are you doing it at all?
The often forgotten and neglected process. Sad and lonely. Do you have a Release Management Board? How does it work with the CAB? Who actually sets the schedule for ‘release’?
In most places it seems that the Schedule of Change (to include date/time) is set by the Change Advisory Board. In doing so, I believe, you force Release to march to that tune and so curtail some of the power/authority a Release Management Process can (should) have.
The Release Management process should dictate the actual schedule of the implementation. The CAB should only state the change is “authorized” – the actual date/time, type of release, resources used in the release, artifacts required are determined by Release not by Change. Change is the ‘macro’ and Release is the ‘micro’.
How they can work together…
A need or idea for a change starts the Change Management process. Some of these will also be Projects, some will not.
Change Management can start months, maybe a year, prior to the actual implementation date. Change Management may review an RFC multiple times.
Consider the following:
- These are: Customer/Business Requirement, Customer/Business Request, Service Improvement, Service Correction
- Our new idea is “New Service Desk” tool. Since it is coming from IT, it is most likely a “Service Improvement” effort.
- A high level business case should be put together and then you have your first CAB review
- Define problem, define scope/urgency, define benefits/risks, define estimate of resources needed
- CAB provides approval to move towards RFP and proof of concept
- The ‘project team’ then develops RFP and/or POC, meets with vendors, obtains testing equipment/software, performs POC, reviews POC…
- Team updates RFC with POC/RFP information – updates Business Case as needed. Goes back to the CAB. The CAB can then approve/deny continuation of the effort.
- At this stage the ‘project team’ must create Design plan, what artifacts (Capacity Plan, Security Plan…etc) will be required/updated , schedule of significant milestones (such as: requirements signoff by stakeholders, beginning of testing) and resource allocation.
- The ‘project’ goes back to the CAB – the Design plan is reviewed and denied (maybe they didn’t include the Business Continuity Plan, or maybe the planning seems to include things beyond initial scope) or approved
- The ‘project’ moves to development/design – any deviation of dates to significant milestones require an update to the RFC – which requires review by the CAB.
- Why was testing pushed back 1 month?
- What other efforts will that impact? Are resources still available? How does that impact future ‘change’ requests?
- Normal progression through milestones just has updates to RFC (change in sub-status could be helpful here for reporting purposes)
- During Design/Development – Release Management starts to become involved. They are the gate keeper to some significant milestones (such as Acceptance of Testing, Implementation Plan Acceptance) – they approve the RFC to migrate through these ‘sub-status’
- As the effort moves through testing but prior to implementation – the CAB reviews the change again and then provides “approval” for implementation. The schedule is set by Release Management.
- Release Management provides approval for the Implementation Plan and sets the date/time for the release.
- After implementation Release Management reviews the “release” and provides input to Change Management to assess overall success/failure of Change.
- The ‘release’ component can be successful while the overall change effort can be viewed as less than successful due to schedule/resource overruns, or failure to adequately address customer/business needs. This separates the assessment of the Change from the assessment of the Release.
But let’s just say that you are not doing something that large. You are just doing a a upgrade to an existing application or maybe you are just adding capacity to a service by putting in more “servers” – Do you have to go through ALL of this stuff?
The answer is a bit of yes and no. You still need to put in the initial RFC. You list it as “Service Correction” or “Service Improvement” and you still need some high level business case (this is your justification or reason for doing the work). It will get approved and you don’t need a RFP or maybe even a POC so you move right to documenting your Develop/Design plan and identifying which documents you will create/update. This is then approved (let’s say your work does not impact Availability, or Security – so you just say you won’t be updating or creating those documents). It is then approved to move to the next stage – which then you will start to engage with Release Management. You have to progress through their stages and you can then get to implementation in production.
Of course you can always create “standard changes” which can speed this process up by “pre-approving” many steps but that of course means you’ve at least gone through this exercise at least once.
Project Management is to manage discreet efforts. The may be large in scope but they have a defined scope. They may even have PM Boards which discuss project management practices, or certain artifacts related to Project Management (status reports). Project Management is more about “who” and “how” is something is getting done.
Change Management is to manage ALL change efforts to the enterprise. Big or small. Project or Operational. They must all be recorded, assessed, and balanced against all other requests and business needs. We cannot allow ‘rogue’ work on change efforts without governance. Change Management is more about “why” and “what” is getting done.
Release Management is to manage the transition from the ‘test environment’ to the ‘production environment.’ It is concerned with the details of those plans. Release Management is about “how” and “when” something is getting done.
The “where” is defined in your policies. I’d recommend that this type of structure apply to production as well as applying Release Management controls over your test environment.
What are your thoughts?