Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Data Management

Change Management Handbook

advertisement 
Contents
1
Change Management ............................................................................................................................... 3
1.1
2
Change Management Policies and Standards ................................................................................... 3
1.1.1
Zero Tolerance for Unauthorized Changes .................................................................................... 4
1.1.2
Segregation of Duties in Production............................................................................................... 4
1.1.3
Change Maintenance Windows ..................................................................................................... 5
1.1.4
Peak Season Change Lock Downs................................................................................................ 5
1.1.5
Emergency Change Requests ....................................................................................................... 5
1.1.6
Authorized Access Controls to Production ..................................................................................... 6
1.1.7
Change Accountability and Responsibility ..................................................................................... 6
1.1.8
Change Schedule Prioritization Standard ...................................................................................... 6
1.1.9
Change Advisory Board Standards ................................................................................................ 7
Change Management Process ................................................................................................................ 8
2.1
Change Management Workflow ......................................................................................................... 8
2.2
Standard Change Request Submission ............................................................................................. 9
2.3
Normal Change Request Submission ................................................................................................ 9
2.4
Emergency Change Request Submission ....................................................................................... 10
2.5
Change Approval by the CAB .......................................................................................................... 10
2.6
Change Added to Change Calendar ................................................................................................ 11
2.7
Change Implemented ....................................................................................................................... 11
2.8
Post-implementation Review............................................................................................................ 11
Change Management
1
3
Change Management Resources ......................................................................................................... 12
3.1
The Change Calendar ...................................................................................................................... 12
3.2
The CAB Dashboard ........................................................................................................................ 12
3.3
Terminology...................................................................................................................................... 13
Change Management
2
1 Change Management
Change Management is an approval process that allows a change request to move through a series of
approval stages. Change Management is based on policies and standards that must be adhered to.
1.1 Change Management Policies and Standards
The following policies and standards have been developed in order to protect revenue and ensure the
business value of change is actualized without undue risk to the business. The following is the list of policies
and standards.
Change Management
•
Zero Tolerance for Unauthorized Changes
•
Segregation of Duties in Production
•
Change Maintenance Windows
•
Peak Season Change Lock Downs
•
Emergency Change Requests
•
Authorized Access Controls to Production
•
Change Accountability and Responsibility
•
Change Schedule Prioritization Standard
•
Change Advisory Board Standards
3
1.1.1
Zero Tolerance for Unauthorized Changes
In order to foster a culture of change management, the following policy establishes zero tolerance for
unauthorized changes in the production environment.
•
All changes to the production environment (App/Dev, DBA, Server, Storage, Network, DC
and Security) must be recorded in the change management system prior to production
release.
•
All changes must be reviewed and approved by the Change Advisory Board prior to
implementation.
•
Approval from Business/Product leaders must be completed before submitting a change
request.
•
Failure to meet these requirements will result in immediate discipline, up to and including
termination.
•
All changes to Development, Quality Assurance, and Staging Environments are out of scope
unless it is a shared technology with production. This includes network, storage, and other
shared services.
•
Any Disaster Recovery Environment is considered production and is in scope for change
management.
•
1.1.2
Any unauthorized changes to production must be reported to the Change Advisory Board
Segregation of Duties in Production
The implementation of changes to production may only be completed by operations staff members approved
to implement change. This policy explicitly excludes development, QA, or business teams from
implementing change to the production environment. Approved teams to implement change include:
Change Management
•
Application Systems Administration
•
Storage
•
Database Administration
•
Technical Support
4
1.1.3
Change Maintenance Windows
The following change maintenance windows have been pre-approved by the business for implementing
changes that require application downtime for clients.
•
Application and Network Infrastructure: Saturdays, between 8:00 pm and Midnight,
Standard time
1.1.4
Peak Season Change Lock Downs
During critical peak seasons all Normal Changes will be limited and require approval from the Emergency
Change Advisory Board. The following peak seasons have been pre-approved by the business and
represent sensitive times where change must be limited to protect revenue. This policy may be implemented
at unplanned times with business and IT approval.
•
1.1.5
Holiday Season: The week prior to Thanksgiving to the week following New Year’s Day
Emergency Change Requests
Approval may be given by Senior Management verbally or via email in cases where access is limited.
The following characteristics are typical of an Emergency Change and requests must meet these
characteristics to be considered for approval.
Change Management
•
Tied to an Active Incident
•
Represent a critical risk to revenue if it is not resolved immediately
•
Must be implemented before next CAB Meeting
5
1.1.6
Authorized Access Controls to Production
Access to production systems must be limited to employees, vendors, and contractors who have been
authorized to make changes to the production environment. IT Owners and change owners are responsible
for ensuring all production systems have been secured to authorized personnel only. Remediation plans
must be established to remove access within a reasonable amount of time.
1.1.7
Change Accountability and Responsibility
All participants in the Change Management process have established roles and responsibilities. Each
participant will be held accountable for the execution of these duties according to the established
methodology.
1.1.8
Change Schedule Prioritization Standard
Priority
Characteristics
Immediate
Treat as Emergency Change
High
Highest priority for scheduling and resources
Severely affecting some key users
Impacting high number of users
Medium
No severe impact
Maintains business viability
Supports Planned Business Initiatives
Cannot wait until next schedule release or maintenance window
Low
Justified and necessary
Can wait until next scheduled release or maintenance window
Add new functionality
Improvements to service
Change Management
6
1.1.9
Change Advisory Board Standards
The Change Advisory Board is the central point of management for the change management process. The
following requirements and standards are expected of the Change Advisory Board:
•
Attendance is required either by CAB member or a delegate who can authorize decisions on
their behalf
•
IT Owner is required to attend to have their changes approved with no exception
•
Purpose of the CAB is for final approval, not for technical discussion about the change
•
Changes must be approved by the Business/Product owners before submitting to the CAB
•
After changes are implemented, the request must be updated with implementation results for
review
Change Management
7
2 Change Management Process
The Change Management process follows a workflow, which is identified in this section.
2.1 Change Management Workflow
•
Standard or Normal Change Request Submission
•
Emergency Change Request Submission
•
Standard or Normal Change approval from CAB Members (In the case of an Emergency
Change, approval from Senior Management is required)
•
Change scheduled on the Change Calendar
•
Change is implemented (In the case of an Emergency Change, it likely will not occur on the
established dates for change implementation, but ASAP)
•
Post-implementation review
Change Management Process Illustration
Change Management
8
2.2 Standard Change Request Submission
A Standard Change Request is a pre-approved change that is well-known, low-risk, follows established
procedures and is an accepted response to particular requirements or events. These are changes that get
pre-approved as they are low risk, proven, and well-documented. Standard Changes follow the same
process when getting approved for the first time; however each individual implementation of a Standard
Change is automatically approved. This ensures visibility is maintained, yet establishes controls up front to
ensure standard changes move quickly through the process.
Standard Change examples may include:
•
Hardware failure fixed by vendor
•
Download and installation of virus DAT files
•
Installation of approved software
•
Replacement of a desktop computer based on approved replacement cycle
•
Application of tested operating system patches.
2.3 Normal Change Request Submission
Normal Changes represent the majority of all changes. They follow the full change management process
and require assessment and approval for every change implementation. Submitting requests as Normal
require them to be reviewed and approved by the CAB before the change can be applied by the owner. The
owning team’s time and resource constraints still apply.
Examples of types of Normal Change Requests are:
Change Management
•
Adding columns or indexes to existing tables
•
Removing columns, indexes or any objects
•
DML requests
•
Deleting data, etc.
9
2.4 Emergency Change Request Submission
An Emergency Change Request is a change that requires immediate unscheduled implementation to correct
an existing or prevent an imminent service outage or disruption that cannot be communicated at a CAB
meeting before implementation. There are no exceptions to this approval process.
2.5 Change Approval by the CAB
A Change Request is evaluated and approved, and then a release is planned and scheduled by the CAB.
The CAB meets each weekday morning. Unless it is an emergency, Standard and Normal Change
Requests need to be submitted and approved two days prior to a release or deployment. Releases occur
during the Weekend Maintenance Window, so Change Requests need to be submitted to the CAB by or
before 8:00 am each Wednesday.
The CAB meets each business day at 10:00 am on the 18th Floor and is generally made up of Tech Support,
Engineering and Product Management representatives that include: the Leader (Change Manager). Account
Managers attend as required. Off-site members can attend via teleconference and/or WebEx.
Change Management
10
2.6 Change Added to Change Calendar
Once approved, a change is scheduled for implementation and placed on the Change Calendar. The CAB
also serves as a governance body for the change management process leading to implementation and
review.
2.7 Change Implemented
When the scheduled change is to be implemented, the CAB watches over the process. If it is successful, the
implementation is complete. If there is an unforeseen issue created by the change, then the Change
Rollback Plan written on the Change Request submission is implemented and the change is removed via
rollback.
2.8 Post-implementation Review
Whether the change is successful and does not create an unforeseen issue or creates a rollback situation,
the change needs to be reviewed by the CAB at a CAB meeting soon after the implementation step.
Change Management
11
3 Change Management Resources
The following Change Management Resources are available for employees.
3.1 The Change Calendar
The Change Calendar lists and details all scheduled changes on an actual calendar format.
3.2 The CAB Dashboard
The CAB Dashboard is kept up to date, and includes lists of Standard Changes (if any) as well as Normal
Changes up for assessment and approval. It also displays the Change Calendar.
Change Management
12
3.3 Terminology
Change: Any implementation of new functionality, any interruption of service, any repair of existing
functionality or any removal of existing functionality.
Change Approver: The individual or individuals responsible for approving a change. It is recommended
that all but the least complicated and lowest risk changes be approved by the Change Approval Board.
Change Calendar: A calendar containing the change requests and change dates planned for
implementation. These changes are scheduled and published. The Change Calendar keeps all parties
informed of when a particular application will be down for maintenance and when it will be restored.
Change Requester: The individual or team submitting the Request for Change.
Change Approval Board: A cross-functional team comprised of individuals with relevant business process
and technical expertise that act in the role of Change Approver.
Emergency Change Request: A change that requires immediate or near-immediate unscheduled
implementation to correct an existing, or prevent an imminent, service outage or disruption.
Impact: How the level of service is affected in the event of potential negative consequences resulting from
both implementation of the change or failure to implement the change.
Normal Change Request: The majority of all changes, these change requests follow the full change
management process and require assessment and approval for every change implementation. Submitting
requests as Normal require them to be reviewed and approved by the CAB before the change can be
applied by the owner.
Request for Change: Also called a RFC or a Change Request, it is a form outlining details of the change
that is submitted to the Change Approver or Change Approval Board for approval as part of the Change
Review Process.
Risk Assessment: The identification and analysis of risks, their impact and mitigating measures.
Change Management
13
Rollback Plan: A plan for rolling back the change in the event of negative consequences.
Standard Change Request: A pre-approved change that is well known, low-risk, follows established
procedures and is an accepted response to particular requirements or events.
Urgency: The needed time frame in which the change should be implemented.
Change Management
14
Related documents
View now - ManageEngine
View now - ManageEngine
Alcohol Poisoning (PowerPoint)
Alcohol Poisoning (PowerPoint)
here. - Cambridge Citizens Advice Bureau
here. - Cambridge Citizens Advice Bureau
Graduate-Intern-for-CAB-2012-2013
Graduate-Intern-for-CAB-2012-2013
Machgiel Bakker - Long Live Art
Machgiel Bakker - Long Live Art
Rajesh.1 - FirstSalary
Rajesh.1 - FirstSalary
Lesson study FAQ
Lesson study FAQ
a preliminary sequence and event stratigraphic
a preliminary sequence and event stratigraphic
Download
advertisement