ITIL Change Management Process: A Quick Guide For Your Organization

Posted by on August 14, 2019

ITIL change management

The Change Management process is one of the most challenging ITIL processes for IT organizations to implement, and once it's in place, it can also be one of the hardest to execute on effectively. Some organizations feel that they are effectively managing change when what they really have is a change approval process: the Change Manager simply approves change requests and then everyone hopes that nothing goes wrong. Other organizations fail to recognize the differences between Change Management and the Release and Deployment process for new services, resulting in additional confusion and process breakdowns.

To add to the confusion, the recent release of ITIL 4 has IT organizations scrambling to find out what's new and bring their processes in line with the most recent set of best practices. 

The good news about ITIL 4 is that it doesn't reinvent the wheel when it comes to IT service management (ITSM). ITIL 4 is based on the same fundamental principles as ITIL v3, but it does reorganize the information and present it in a different way (with some key additions, of course). In ITIL 4, the Change Management process has undergone a name change—it is now called Change control and is listed under "service management practices" as one of the 34 management practices of ITIL 4.

Regardless of what version of ITIL you're following, Cherwell is here to help IT organizations implement a functional and effective Change Management process. In this guide, we'll detail the most important steps that organizations should follow to ensure a successful implementation of the ITIL Change Management process.

What Is the ITIL Change Management Process?

Before we get into the details of implementation, let's start with a clear definition of the Change Management process. ITIL 4 defines a change as the addition, modification, or removal or anything that could have a direct or indirect impact on IT services. Under ITIL, the objective of the Change Management process is to enable the organization to make beneficial changes that add value to the business without creating disruptions to IT services.

With the ITIL definition forming the basis of our understanding of Change Management, it is important for organizations to deepen their understanding of Change Management. At its core, Change Management is a coordinated and collaborative process, working to ensure that the core elements of ITSM—people, technology, processes, and suppliers—are all ready for a change that is about to take place, and that changes are executed with as little interruption to service as possible.

The other important element of Change Management is the business. Changes should provide business value and be aligned with the strategic goals of the business. Change Managers need to consider and understand how a given change will impact service delivery and how users could be affected by those impacts. The users and customers of the IT organization must also receive timely information about scheduled changes to avoid disruptions.

The final element of our Change Management definition is risk. Managing change is really about managing risk to the organization by understanding the potential impact of a change on the live environment and taking the appropriate actions to prevent a business disruption. An in-depth IDC survey of DevOps and IT personnel at Fortune 1000 companies revealed that infrastructure failures can cost large enterprises $100,000 per hour, with critical application failures costing between $500,000 and $1,000,000 per hour of downtime. We also know that 80 percent of these disruptions are caused by process failures, many of which stem from unsuccessful changes.

The bottom line is that organizations can reduce their business downtime dramatically with effective Change Management, but only if the process is implemented and executed with the utmost care. Here's how your organization can get started.

Implementing the ITIL Change Management Process

Sell the Vision of an Effective Change Management Process

The implementation of a formalized process for controlling change within your organization will, itself, represent a significant change. As with all changes, organizations that wish to implement change management must obtain coordination and collaboration at all levels of management with respect to the change. This may require a different strategic approach for each category of stakeholders, for example:

  • IT operators may be opposed to the implementation of a formalized Change Management process, as they may be concerned about delays to their releases. This is especially true for DevOps teams that are practicing continuous integration, the continuous merging of source code updates from all members of the development team into a single, working, automated build of the software. IT personnel must understand the risk management imperative associated with Change Management and the need to avoid unplanned disruptions with a structured change approval process.

  • Executives may be concerned about the additional costs and administrative burden of supporting an additional IT process. The good news is that Change Management produces a positive ROI for most organizations in the form of reductions in unplanned downtime and fewer business interruptions. It should only take one major incident triggered by an uncoordinated change for executives to realize the value of Change Management.

The ideal starting point for a Change Management implementation is one where all stakeholders agree on the importance of risk mitigation and see the value that the Change Management process can provide.

Establish Clear Roles and Responsibilities

In ITIL v3, the Change Manager is responsible for controlling the life cycle of all changes within the organization. The objective of the individual in this role is precisely aligned with the objective of the Change Management process: their goal is to enable beneficial changes to take place with minimum disruption to IT services.

The IT organization must also designate members of a Change Advisory Board (CAB). The CAB should be comprised of representatives from every working group of the IT organization, the business, and even vendor partners and suppliers. The purpose of the CAB is to assist the Change Manager by offering input on the assessment, prioritization and scheduling of future changes. When each area of the business is represented on the CAB, meetings of this group can yield a comprehensive outlook of how a change should be managed to minimize the possibility of business interruptions.

The final working group mandated for the Change Management process is the Emergency Change Advisory Board, or ECAB. This group should consist of senior leadership and knowledgeable persons from the business and the IT organization. Its mandate is to make timely and critical decisions about high impact emergency changes. The IT organization should maintain a flexible membership policy for the ECAB, such that it is still possible for emergency changes to be authorized when the need is urgent and the established members of the ECAB are unavailable to meet.

Clearly Define Your Change Management Process

When we look at the changes that have taken place in the ITIL 4 update, one of the main differences from ITIL 2011 is the new approach to process management. ITIL v3 consisted of 26 functions and processes that were organized around the five-stage service life cycle, with each process detailed in terms of the sub-processes and activities needed to make it work. 

In ITIL 4, the 26 processes and functions have been replaced by a set of 34 management practices, organized into general management practices, service management practices and technical management practices (and as we mentioned earlier, Change Management has been renamed to Change Control and is listed under service management). Unlike earlier versions, which are highly prescriptive in terms of the processes they recommend, ITIL 4 actually encourages IT organizations to "define tailor-made processes that are in-line with their specific requirements.''

What we're seeing in ITIL 4 is a stronger acknowledgement of the fact that prescriptive processes don't work for every organization, and that the Change Management process is not a one-size-fits-all solution for organizations of every size and maturity level. As a result, organizations need to define their own Change Management process, using the guidance of ITIL 4 Change Management and the processes outlined in ITIL v3 as a starting point. 

A customized Change Management process should consider your organization's maturity with respect to IT, as well as the availability of resources at your organization—people, processes, infrastructure, technology, and suppliers or partners—and the needs of all stakeholders.

Read More: ITIL 2011 vs. ITIL V3: Key Differences Every IT Pro Should Know

Establish Open Communication Channels for Information and RFCs

The worst case scenario for a newly implemented change happens when the change creates an unplanned business interruption that leads to service or application downtime. Not only does poor communication between stakeholders make unsuccessful changes more common, it can actually exacerbate the effect of failed changes. Users or stakeholders that were left in the dark will begin to submit incident reports, and the resulting excess volume of support tickets can negatively impact the availability of other critical services.

As you can see, it's crucial that IT organizations establish an effective means of communicating to the entire organization about upcoming changes. This can be accomplished through:

  • Regular meetings with the CAB to discuss upcoming changes, collect feedback, and schedule changes in a way that minimizes disruptions to the business

  • Regular email and other electronic communications from the Change Manager to the user base, advising them of upcoming and scheduled changes

  • The establishment and maintenance of a documented forward change schedule that can be accessed by any users or stakeholders looking for information about upcoming changes

Plan a Structured Implementation Review and Change Closure Process

Under ITIL 4, continual improvement is now categorized as a general management practice whose goal is to ensure that the organization learns from its successes and failures. The implementation review and closure process for changes is a valuable source of data that feeds directly into the continual improvement process. A formalized post-implementation review sub-process enables Change Managers to evaluate the success of a change and determine how a similar change could be implemented more effectively in the future.

A new implementation of the change management process may succeed right away, but with the support of the Change Manager and CIS Manager, it is always possible to further refine the Change Management process until it delivers on its intended purpose and desired outcomes. 

To measure the success of Change Management and identify opportunities for improvement, organizations should track the most important Change Management KPIs and metrics, including:

  • Incidents and Major Incidents associated with a change

  • Average time to implement a change

  • Reduction in unauthorized changes

  • Reduction in overall number of service disruptions

  • Ratio of planned vs unplanned changes

  • Number of business disruptions caused by failed changes

Read More: 4 Do’s and Don’ts of ITIL Change Management

Which ITIL Processes Effectively Complement Change Management?

Change Management and Configuration Management

As IT organizations grow in size and complexity, a formalized Change Management process becomes increasingly important to enabling beneficial change while avoiding downtime. The configuration management process is an important complementary process for change management, as it enables Change Managers to look deeply at what resources the IT organization has and how its assets and services may be affected by a change.

Through the configuration management process, organizations are mandated to develop a configuration management database, or CMDB, that includes attribution data and describes the relationships between all of the configuration items that underlie each and every IT service. This makes it easier for Change Managers to understand how a change to a given service can impact the status of documented CIs and the availability of other services.

Cherwell ITSM Software makes it easy for organizations to improve their ITSM processes, including the ITIL Change Management process, by supporting a robust configuration management tool and CMDB. With Cherwell, IT organizations can exercise central management of CIs, visualize relationships between them and track their attribute data and contribution to services.

Read More: 10 Ways Your CMDB Influences ITIL Success

Change Management and Problem Management

When a change goes is unsuccessful, one of the earliest indicators is likely to be an influx of incident management tickets connected to the newly changed application or service. These incidents may be similar or different in nature, but they are all symptoms of an underlying problem caused by the failed change and they require a functioning Problem Management process to resolve. 

Through the Problem Management process, IT personnel can perform a root cause analysis to understand the underlying cause of incidents that were reported after a change, identify workarounds for known incidents, and ultimately resolve the problem.

Change Management and Deployment Management

In ITIL v3, both the Change Management and Release and Deployment Management processes were described as part of the Service Transition stage of the service life cycle. In ITIL 4, release and deployment have been separated into two distinct practices, with release management falling under service management practices and deployment management listed as a technical management practice.

It's easy to see why Change Management and Deployment Management are complementary processes. Deployment management deals with the technical aspect of implementing new releases, while Change Management deals with the governance aspect, ensuring that all of the pieces are in place to ensure success before a deployment happens and engaging in pre- and post-deployment activities to verify success.

Struggling to Implement Change Management? We Can Help!

Cherwell's ITSM software platform offers out-of-box support for the Change Management process of ITIL, making it easier than ever for organizations to implement a streamlined and efficiency process for controlling change.

For organizations struggling to implement, our professional services team leverages experience from thousands of successful implementations to help you get started. Our packaged and customized service offerings for both new and existing Cherwell customers reflect our commitment to service success and ITSM excellence for our partners across industry verticals.

Get a Demo Today 

Ivanti Acquires Cherwell to Deliver Personalized Employee Experiences in the Everywhere Workplace