Understanding the Change Management Lifecycle Model

Posted by on December 27, 2018

In the ITIL 2011 framework, Change Management is part of the Service Transition phase of the service lifecycle. Service Transition bridges the gap between Service Design and Service Operation—its job is to transition something that has been newly developed into an operational service that generates value for the organization. These new developments, known as changes, may be small and narrow in scope, or they might affect every single user in the organization. 

The Change Management process allows the IT organization to oversee the lifecycle of changes that are implemented as part of the Service Transition phase, as well as obtain the appropriate authorizations for each change as it moves through its lifecycle (more on the lifecycle of changes later on). 

When we review the sub-processes of Change Management, you'll notice a built-in system for categorizing changes based on their capacity to impact users at the organization. This helps to ensure that newly implemented changes are given the proper oversight that is proportionate and in accordance with their magnitude of effect and potential to cause service outages. Under ITIL, many minor changes can be pre-approved and automated with little oversight, while major changes would need to be authorized and supervised in real time.

In addition to managing the lifecycle of changes, the ITIL Change Management process helps to ensure that IT organizations complete all relevant change activities successfully and in the proper order.

What Is the Change Management Process?

The main goal of the Change Management process is to enable beneficial changes to the IT infrastructure with the minimum disruption to IT services. Mechanistically, this is accomplished in several ways: the assessment and categorization of changes, and the requirement for authorization of changes being two of the main ones. The Change Management process is comprised of 10 sub-processes that work together to satisfy the objectives of effective Change Management.

RELATED: What Is Change Management Process?

Change Management Support

The Change Management Support sub-process serves to provide templates and guidance for the authorization of changes, ensuring that the authorization process is appropriately followed when applicable. This sub-process also functions by supplying other ITSM processes with updates regarding planned or ongoing changes. This can help to mitigate the potential negative effects of change implementations on productivity, as other ITSM processes may schedule their activities to avoid coinciding with a planned change.

Assessment of Change Proposals

When a change proposal is received, it must be assessed and reviewed to determine whether and how it should be implemented. Change proposals are often submitted to this process from Service Strategy, but this is not the only source of change proposals. Sometimes, a change proposal is brought about as a resolution to a recently discovered problem or to resolve a newly reported incident. Knowledge management, request fulfillment, and Incident and Problem Management can all lead to change proposals and implementations.

RFC Logging and Review

The RFC logging and review sub-process is essentially a filtration step for incoming change proposals that have yet to be assessed for their viability. This sub-process filters out change requests that do not contain the requisite information for a complete and accurate assessment, or which can be immediately deemed nonviable. 

RELATED: The Essential Guide to ITIL Change Management 

Assessment and Implementation of Emergency Changes

 If an emergency occurs, such as a large unplanned service outage, it is often the case that a change must be implemented to resolve the situation as quickly as possible. The sub-process for emergency change assessment and implementation allows IT organizations to rapidly implement a change by circumventing some of the usually required authorization protocols in cases where an emergency requires immediate action. When a normal Change Management process would take longer than is acceptable for the required change, the emergency change process is the fastest route to implementing a solution.

Change Assessment by the Change Manager

Change assessments are conducted by the change manager with the objective of determining whether the Change Manager has the authority to act alone in authorizing the change (appropriate for minor changes only), or whether the Change should be approved by the Change Advisory Board (CAB). Under ITIL, major changes are reviewed by the CAB, whereas the Change Manager would be likely to immediately assess and authorize most minor changes.

Change Assessment by the CAB

Significant or major changes cannot and should not be authorized by the Change Manager alone. Under ITIL, major change requests are escalated for review by the CAB. The CAB will assess the proposed change and authorize the Change planning phase if it determines that the proposed change is necessary and beneficial. For changes of greater magnitude, higher levels of authority from within the IT organization may be involved.

Change Scheduling and Build Authorization

Once a change request has been approved, it enters the change planning phase. The IT operator creates a plan and schedule for implementing the change that must be approved by the CAB before the build phase can commence. The CAB will review the Change plan and schedule to ensure that it does not conflict with or interrupt other planned IT activities before issuing an approval to build the change on the specified schedule.

Change Deployment Authorization

Once a change has been built, the CAB conducts a review of the change to verify that all components have been built and tested adequately. When it is confirmed, the CAB will authorize the deployment of the change into the live environment.

Minor Change Deployment

While major changes with significant scope will undergo the full authorization process under an ITIL-compliant Change Management system, minor changes that are well-understood and low-risk can be implemented with minimal oversight or even automated. Changes that are sufficiently small that they do not involve Release Management can be accelerated through the minor change deployment process following their direct authorization by the Change Manager.

Post Implementation Review and Change Closure

As with many ITIL processes, Change Management contains a sub-process for performance assessment of the process itself. Once a change has been implemented, the Change Manager may assess the implementation and results to ensure that a complete record of the Change was created and to analyze and document any mistakes so the organization can learn from them.

Some Change Management sub-processes, such as Change Management support, are ongoing processes that require continuous attention and input from the Change Manager. Others, such as Minor Change Deployment, only apply to certain types of changes and not others. Not every change will be subject to every sub-process, but the overall process flow of Change Management is designed to address every type of change request with the highest efficiency possible.

Understanding the Process Flow of Change Management

In practice, the process flow of Change Management depends on the type of change request and its potential to impact users or customers.  When a change request or proposal is received, it will first be exposed to RFC logging and review to ensure that it contains information necessary for assessment. This process can even be automated using an ITSM software solution with Change Management functionality.

From there, the Change Manager conducts an initial assessment and determines how the Change should be processed. Normal changes will go through the normal multi-step approval process, with the CAB first authorizing the planning phase, then the building phase and finally the deployment of the new change. Standard changes can be approved immediately by the change manager without any input from the CAB—these changes are seen as low-risk and can even be automated to save time. 

When a change request is identified as an emergency, the Change Manager invokes the Assessment and Implementation of Emergency Changes sub-process to get the change implemented as quickly as possible. The change request will be assessed and authorized by the Emergency Change Advisory Board (ECAB) prior to implementation. Emergency changes must often be deployed as quickly as possible to restore business functionality.

RELATED: The Difference Between ITSM and ITIL

Roles and Responsibilities in the Change Management Process

The roles and responsibilities associated with the Change Management process are outlined clearly in ITIL 2011. In addition to the IT operators that are responsible for planning, building, and deploying changes, there are three defined roles that are unique to the Change Management process:

Change Manager

The Change Manager is the absolute owner of the Change Management process and controls the lifecycle of all changes that are planned or ongoing within the IT organization. Change Managers bear a huge amount of responsibility within the Change Management process because of their role in both categorizing and authorizing changes. They review and assess every change proposal or request that IT receives, determines whether and how they will be implemented and makes a decision as to what level of authorization will be required to implement the change.

Change Advisory Board (CAB)

The CAB is made up of representatives from all areas within the IT organization, the business and even third-party organizations that provide products or services to the business. Essentially, anyone whose department might be affected by a major change gets a seat at the table. The CAB assists the Change Manager by providing input on the assessment, prioritization, authorization and scheduling of changes.

Emergency Change Advisory Board (ECAB)

Unlike the CAB, the ECAB is not necessarily a board with static membership. An ECAB could be pulled together with varying composition depending on the nature of the emergency. Ultimately, the goal of the ECAB is to make quick decisions about high impact emergency changes that need to be implemented as quickly as possible. The ECAB could include representatives from departments that are affected by the emergency as well as experienced IT managers that can quickly assess the viability of emergency changes.

Choose an ITIL Compliant Software Solution for Change Management

The implementation of new changes is a high ranking cause of service outages across IT organizations, especially those who struggle to implement the Change Management and authorization processes that should help to mitigate the risk of service interruptions. When major changes are implemented without the proper authorization, assessments and oversight, the increased likelihood of service outages can have major negative implications for the organization, including financial consequences. At the same time, IT organizations that fail to leverage automation for routine tasks may find themselves bogged down with minor change deployments and lacking the resources to manage proactively.

Cherwell's Change Management software offers a comprehensive solution for Change Management that is compliant out-of-the-box with the latest PinkVerify ITIL 2011 requirements. A robust feature set enables IT organizations to more easily manage and automate standard changes without any coding or scripting, initiate changes directly from problem records and other sources, and track configuration items in the Cherwell Configuration Management Database (CMDB).

IT organizations can execute changes more efficiently, ensure that authorization procedures are properly followed and accelerate time-to-value for all types of changes with Cherwell Change Management.


Change management is part of the Service Transition phase of the service lifecycle. The objective of Change Management is to oversee the lifecycle of changes within the IT organization, ensuring that beneficial changes can be enacted while minimizing business disruptions and service outages that result from implementations. Each change begins as a change request that is checked for completeness and assessed by a change manager. 

The change manager bears ultimate responsibility for the Change Management process, and determines who will play a role in authorizing a given change request. The CAB is responsible for authorizing each part of the change management lifecycle, beginning the with change planning phase, followed by the change building and scheduling phase and finally the change deployment phase. Minor changes can be approved directly by the Change Manager. Emergency changes are assessed and authorized by the ECAB. 

IT Organizations who wish to ensure adequate oversight of the Change Management process, improve service delivery and accelerate time-to-value within the Change Management process should adopt an ITIL-compliant ITSM software solution.

Get started today by requesting a product demo and see what Cherwell can do for your organization.

Request a Demo