Information Technology Change Management Process steps for Normal change

Click to enlarge

Step 1  
Customer contacts Service Desk (SD) with a Request for Change (RFC). 
  • Customer has a request for change and contacts the SD.
Step 2
Change Manager receives the RFC from SD.
  • The Change Manager reviews the RFC.
Step 3
Change Manager Initially Accepts RFP
  • If accepted, the RFC is ready for evaluation by the Change Advisory Board (CAB).
  • The Change Manager then schedules the CAB meeting inviting those who will be able to assist in the evaluation of this particular change.
  • The Change Manager sends out details regarding this RFC to all invited Change Advisory Board members.
  • The Change Manager requests all CAB members come to the meeting prepared with a completed initial assessment of the RFC based on their individual knowledge and experience.
OR Change Manager Initially Rejects a Request for Change (RFC)
  • If the RFC is rejected at this point it is based on the change being totally impractical, a repeat of a previous RFC, or an incomplete RFC submission.
  • If the RFC was an incomplete submission, the Change Manager updates the ticket with the status “Needs More Information”.
  • The Change Manager lets the SD know the RFC was rejected and why.
  • The SD informs the customer of the RFC status.
Step 4
RFC goes to Change Advisory Board    
  • Change Advisory Board members each decide whether or not they will support this change and are prepared to argue their case.
  • Assessment is done of possible risk and impact of the change to the business.
  • CAB generates metrics for risk and impact analysis to aid in assessment.
  • CAB then must make a recommendation for this change.  Will they recommend we apply this change?  
  • Based on assessment of risk and impact the Change Advisory Board in consensus determines who the authorization authority for this RFC should be.
  • Options for authorization authority are the CAB itself, the Change Manager, IT Director, a Functional manager, or if a change is high risk and affects many customers must it be approved by the Senior Leadership Team?
  • Once this is agreed upon by the CAB, authorization for the particular change is requested of the determined authority.
Step 5
Authorization Occurs
  • The RFC is given to the proper person for authorization.  
  • The decision is then made by this authority to go ahead with a change or not.
  • The determined authorization authority makes this decision.  If the determined authorization authority happens to be the Change Advisory Board itself the CAB decides yes or no for this change.
  • If authorized, the RFC goes to Build and Test.
  • The Service Desk informs the customer of the RFC status
Step 6
Change Management Oversees Testing during the Build and Test
  • Change Management’s role in the build and test is to oversee testing to ensure it is done thoroughly.
  • The test plan conducted and testing results need to be supplied to Change Manager and Change Advisory Board.
  • In addition, a plan for backing out the change is required by the CAB.  This is needed so that the change can be removed and original software can be restored, if the implementation of a change is unsuccessful.
Step 7
Change Advisory Board meets and plans/schedules RFC updates if testing plan successful
  • A Change Schedule is created and communicated to SD who in turn communicates it to customer.
  • A Projected Service Outage document is created and communicated to affected users. 
Step 8
Change is implemented in production
  • The SD informs the customer of the RFC status.
Step 9
The Configuration Management System is updated for all the Configuration Items within the RFC

Step 10
Post implementation review is conducted at the next scheduled CAB meeting