Professional Documents
Culture Documents
IT Services
Change Management Process Guide
Version 4.0
Frank Pettinicchio
January 7, 2015
January 7, 2015
Version 4.0
Page 1
January 7, 2015
Version 4.0
Page 2
January 7, 2015
Version 4.0
Page 3
January 7, 2015
Version 4.0
Page 4
January 7, 2015
Version 4.0
Page 5
January 7, 2015
Version 4.0
Page 6
Hardware
Communications equipment and software
System software
All documentation and procedures associated with the running, support and maintenance of IT
services.
Change Triggers
Strategic changes originating from Service Strategy and Business Relationship Management are
proactive. Changes to a service come from Service Design, Continual Service Improvement and the
Service Level Management process. These are mainly proactive changes. Corrective changes are
reactive and are needed to resolve defects and errors detected in services. These primarily emerge
from Service Operations.
January 7, 2015
Version 4.0
Page 7
Pre-approved low
impact and low risk
Minor changes
(Delegated changes)
Communication flows in both directions. Decisions taken at higher levels are communicated to lower
levels. When levels of impact, cost and risk are detected and deemed more appropriate for a higher
level of decision making, the decision will be escalated to the higher level.
January 7, 2015
Version 4.0
Page 8
January 7, 2015
Version 4.0
Page 9
RFCs
1. RFCs and their content are the responsibility of the line manager. The requestor and his or her
manager (the Change Owner is accountable and extends to the Unit Director) are responsible
for the accuracy of the facts contained and any provided analysis derived from those facts (e.g.,
risk). This includes the following:
o A valid case for implementation
o A well planned and documented method for implementation
o Valid test results (where applicable) of the proposed change
o A risk analysis that includes what how many users, and how users and services are
affected by the change
o A well-documented and tested back out plan should the change fail at any point of
implementation
January 7, 2015
Version 4.0
Page 10
Appropriate communication plan ready for delivery to ICS, Operations and affected
stakeholders. ICS will be responsible for ensuring communications standards for
portions directed at users or other segments of the McGill community. ICS is also
responsible for executing such public announcements.
o A post verification plan
2. All RFCs that contain planned service outages must be accompanied by an SSA (System Status
Announcement). This will serve to disseminate among IT staff the time and purpose of the
outage and allow for a reaction to the planned outage either to support the work, plan around
the work or respond to incidents caused by the change.
3. The CM and the CAB will use the content of the RFC to make decisions.
4. When the information appears incomplete or inaccurate, the CM or the CAB can ask for
clarifications, further preparatory work (testing, risk appraisal, communication plans, etc.) or a
rescheduling of the change. These changes must be updated in the RFC before the approval
process can resume.
CAB Meetings
1. The CAB meetings are chaired by the Change Manager.
2. Given the importance of the CAB activities:
o Meetings are relatively formal. A well planned and executed meeting saves time and
effort attendance is not compulsory and we want members to keep coming back.
o It is highly recommended that no competing meetings are scheduled by other standing
or ad hoc committees during the weekly CAB meeting day and hour (Wednesday at
10:00 AM). This ensures that the CAB will be attended by the core members and by
invitees to provide subject matter expertise.
3. Meetings that do not have RFCs for consideration are usually cancelled within 24 hours. If
procedural issues or other important matters dictate, the meeting will include these on the
agenda.
4. The standard CAB agenda will contain the following items:
o Approval of the agenda
o Approval of the minutes of the previous meeting
o Business arising from the previous meeting (includes reviewing the status of RFCs
presented in the previous meeting
o Update on up-coming events or special issues that affect change management
o Candidate RFCs for that days deliberation
o Other business (discussion items)
5. Attendance is recorded for each meeting.
6. The Chair sends out the proposed agenda one or two days before the meeting. CAB members
may suggest additional items for discussion prior to the meeting or during the approval of the
agenda. The CM will ensure that the agenda can be executed within the scheduled hour. The
CAB can set priorities for agenda items to ensure that the most important items are completed
during that meeting. However, RFC have priority and will be processed before any other new
business.
7. The minutes of the previous meeting are sent out with the new agenda.
8. The agendas and minutes are published on the McGill IT internal file sharing facility (see below).
9. The Change Manager will invite the Change Requester to attend the CAB meeting and present a
summary of the RFC. However, the presentation can be led by any of the roles associated with
January 7, 2015
Version 4.0
Page 11
January 7, 2015
Version 4.0
Page 12
January 7, 2015
Version 4.0
Page 13
Emergency Change
Normal Change
ITIL version 3 has introduced the concept 'Normal' change. It follows the full-blown ITIL Change
Management process- assessment, authorization, CAB approval, scheduling before implementation. Based on
the scope, complexity and impact, a normal change can be further categorized as Minor, Significant or
Major.
Anything refers to Configuration Items or CIs. A CI is (ITILv2011): [Service Transition] any Component
that needs to be managed in order to deliver an IT Service. Information about each CI is recorded in a
Configuration Record within the Configuration Management System (known generically as the CMS and
IT Services Motion at McGill) The Configuration records collectively known as the Change Management
Database or CMDB) are maintained throughout the Lifecycle of all CIs by Configuration Management.
CIs are under the control of Change Management. CIs typically include IT Services, hardware, software,
buildings, people and formal documentation such as Process documentation and SLAs.
January 7, 2015
Version 4.0
Page 14
steps to be taken (activities, actions e.g. testing, assessing a change, approving a change),
the order in which the steps are to be followed
roles and responsibilities (who is going to do what, who is responsible and accountable for the
work),
timelines (time needed to deal with a change at its various stages),
thresholds (e.g. cant approve a change before next CAB then the change becomes an Expedited
change) and
escalation (who to inform, from whom do we get additional authorization)
On the following page is a diagram illustrating the broad flow of RFCs through their lifecycles. For full
detail of each change category please consult the discussion above.
January 7, 2015
Version 4.0
Page 15
January 7, 2015
Version 4.0
Page 16
Service Owner
RFC Build
RFC implementation
RFC Close
Identify, assess
need; response to
incident or problem
Change Owner
Emergency
Change
Change
Model?
Normal Change
Delegated Change
Analysis,
Stakeholder
agreement, sign to
staff
Maintenance
Change Requestor
Needs revision
Normal
Change
Change
Model?
Testing,
scheduling,
OK?
Validated
Submit RFC
Normal Change: CM
Intervention required
Delegated Change
Change
Manager
Change
Implementer
Failed: Withdraw/Cancel
Approved
Apply conditions &
required edits by CAB
Errors detected by CM
or other stakeholder
Provide support,
consultation and
advice throughout
the lifecycle of the
change
Accept RFC:
Analysis of RFC
for compliance
Implement and
validate change:
Minor
Change
CAB/ECAB
Formal
Review?
Assess and
evaluate
Rejected
January 7, 2015
Implementer's
Close:
Yes
PostImplementation
Review
CM close
No
Significant or
Major Change
CM Consults CAB
Process RFC
Version 4.0
Page 17
January 7, 2015
Version 4.0
Page 18
Change Categories
Change Authority
Normal Changes
Change Manager
Change Advisory Board
Emergency Changes
Must test
Must have back-out plan
Assessed at regular intervals
(CAB meetings etc)
Should test
Should have back-out plan
Assessed when they occur
Fast-tracked once approved
Emergency CAB
Standard Changes
Repetitive
Low-risk
Well-tested
Defined outcomes
Pre-approved
Examples of changes
Emergency
Standard
Normal
Proposed upgrade of a
software module
Workstation relocation
Password change
January 7, 2015
Version 4.0
Page 19
Change
Authority
Category
Standard
Selfapproved
Minor
Change
Manager
Description
Examples
Password reset
Keyboard replacement
Installation of a network Jack
Adding removing a telephone
feature
Delegated
Significant
Selfapproved
(approval is
delegated to
the technical
team by the
CAB)
Change
Advisory
Board (CAB)
CAB
Major
January 7, 2015
Version 4.0
Page 20
Aggravation to risk/impact
Mitigation to risk/impact
Procedure applied to
the CI (Configuration
Item)
Impact on other
systems or
applications
(interdependencies)
Factor
Major upgrade
Major configuration changes
Reboot
Minor configuration change
Degree of visibility to
clients
Time scheduled
No testing done
Testing not done on comparable
hardware/software
Incomplete testing
Testing
Change experience
(familiarity with task)
Back-out effort
duration
Back-out is
Difficult, impossible or
undesirable
Possible but not easily executed
(complex and lengthy)
Back-out is
Well defined and easily executed
minimal
Scope of change
(# of CIs changed)
Business process
change
(effect on usage)
Stakeholder approval
Verification plan
(checklist)
January 7, 2015
Version 4.0
Page 21
For emergency conditions 2, 4, 5 and 6: Create an RFC that outlines the change along with why and
how it will be made. Time permitting; include an analysis of the cause and long-term solutions as
applicable. Best effort is expected within the constraints of the situation. If the service in question
has an applicable predefined emergency change plan, you should follow it. If an RFC is submitted
for an emergency change prior to implementation, you must contact the Change Manger to brief
him on the emergency Operations has the contact information. He may approve the change
directly or arrange for an ECAB consultation. He will inform you of the decision at the earliest
moment.
Brief your supervisor on the situation.
Escalate to the appropriate level for the incident.
January 7, 2015
Version 4.0
Page 22
Inform your stakeholders use the method best suited to the circumstances (telephone, pager,
email, distribution lists) and should include an SSA.
Make the change.
Inform the appropriate stakeholders when completed close the SSA.
For emergency conditions 1 and 3: Create an RFC that outlines the change along with why and how
it was made. Include an analysis of the cause and long-term solutions as applicable.
Action to be
taken
1. Service Down
Correct fault
and/or
reboot
Post
Technical Team
Manager
Implement
plan per RFC
Pre
Change
Manager,
ECAB*
Correct fault
and/or
reboot
Post
Technical Team
Manager
Implement
plan per RFC
Pre
Change
Manager,
ECAB*
5. Business Requirement
Implement
plan per RFC
Pre
Change
Manager,
ECAB*
As specified in
the procedure
As specified in
the procedure
As specified in
the procedure
RFC
Approval
Authority
Notes:
The reboot must not cause impact or degradation, even if only for the duration of the reboot, to any
user not already affected. If it is expected to impact previously unaffected users, the approval authority
escalates to the Change Manager.
* For known problems and recurring incidents the approval may be delegated to the technical team
manager. The conditions for such approval are that the incident is recurring, the root cause is not
known, the fix/reboot is predictable in its scope and duration and finally that there be a predefined
maintenance window for the fix/reboot.
January 7, 2015
Version 4.0
Page 23
January 7, 2015
Version 4.0
Page 24
Change Owner
RFC Build
Analysis, and
determine the
Emergency model
Business
Requirement?
No
Predefined
Procedure?
RFC implementation
RFC Close
Issue SSA
No
Service/
Node Down?
P1:P2
Yes EM5
Yes EM6
RFC Build:
Analysis and plan;
Stakeholder buy-in
Best effort to
provide testing
CM/ECAB
Change Implementer
Change Requestor
Validated
Submit RFC
Predefined
Procedure?
Change
Model?
Yes
Implement and
validate change
No
YES
Back out if
necessary
No
Provide support,
consultation and
advice throughout
the lifecycle of the
change
January 7, 2015
Assess and
evaluate RFC
Make changes as
required by CM/ECAB
Revision
required?
No
Approved?
Yes
RFC
exists?
No
Yes
Analysis
Normal Change
Rejected
Version 4.0
Working?
Implementer's
Close:
update status &
results
Requires
formal
review?
Yes
PostImplementation
Review
CM Close
No
Page 25
For example, some items that could be sensitive and therefore omitted from the RFC are:
Passwords
License keys
Special files (i.e. Keys, certificates,)
January 7, 2015
Version 4.0
Page 26
Emergency: Changes that are required to restore service due to an incident or required to
be implemented in order to avoid one that is imminently unfolding.
Expedited: Changes that are required quickly due to a pressing need such as a legal
requirement, or business need, but are not related to restoring service.
Normal changes (Major, Significant and Minor) may qualify to be processed as Expedited changes, that
is, processed outside the normal lead times (see Lead times for RFC Processing for more details.) The
ECAB or the CAB (at the discretion of the Change Manger) will be consulted via email or when
scheduling permits at the CAB meeting. Approval or rejection will be decided at the conclusion of the
consultation. Expedited changes should be avoided; changes introduced without the full deliberate
change process risks introducing errors into the production environment.
January 7, 2015
Version 4.0
Page 27
5.
6.
7.
8.
commitment for which we have a legal, binding contractual obligation to perform. The
execution of legally mandated changes may not fit with the CAB approval cycle.
Preventative maintenance (security issues, detected faults or impending failures in
infrastructure).
a. When alerts indicate a fault or issue that has the potential for disrupting services and is
poised to do so, appropriate changes should be made to prevent it. The required
changes may not fit into the CAB approval cycle.
Fitting changes into predefined and announced maintenance windows.
a. Various services have regularly scheduled preannounced maintenance windows. These
windows allow for a measure of mitigation against unplanned service disruptions. In
many cases related and supporting services are also part of the maintenance window.
When such a support service needs maintenance, it can be beneficial to schedule the
work during the maintenance window of the service which it supports or has a strong
collaborative affinity. For example, McGill Portal work can be done during the monthly
Banner maintenance window. To meet the scheduled maintenance windows, RFCs may
not be able honor the time delays or the CAB approval schedule.
Requests from the business that are urgent and would have significant impact if made to
adhere to the normal delays.
a. The business may request changes to IT services to meet specific urgent needs. These
include the activation, deactivation or modification of a service to address specific
university business requirements.
Exception permitted by the change manager or CAB to facilitate timely work that is not
specifically addressed above.
a. Upon the discretion of the Change Manager, and where applicable, the CAB, shorter
lead times than the stated minimums may be approved when there are extenuating
circumstances and the shorter lead times do not jeopardize the safe implementation of
the change. This is greatly mitigated by a negotiated agreement between the requestor
and the appropriate stakeholders.
b. Criteria:
i. Presumed to be transparent to users
ii. Low risk of service interruption (failovers, redundancies or clustered nodes)
iii. Implementation date and time set to optimal low usage patterns, yet allowing
time for a response in a timely fashion to mitigate implementation issues
iv. Agreement by stakeholders has been obtained, Service Manager, service desk
and any technical staff needed to assist in the change.
January 7, 2015
Version 4.0
Page 28
ITIL
Change
Types
Emergency
ECAB/ IT Directors
(best effort)
McGill Adaptation
Emergency
Emergency
or Urgent
or Urgent
Changes
Changes
Expedited
CAB/ IT Directors
Fast track processing
Major
CAB/ IT Directors
Tasks
Tasksmay
may be
be
reappraised and
reappraised
and
re-categorized.
re-categorized.
Normal
Normal
Changes
Changes
Active promotion/
demotion
between these
two types.
Significant
Change Advisory
Board (CAB)
Minor
Change Manager
Delegated
Upon appraisal by
the CAB, Delegated
tasks can be
categorized as
standard (SOP).
Self-approved
Standard
Standard
Standard
Operating
Operating
Procedures
Procedures
Outside Change
Process
FRANK PETTINICCHIO
January 7, 2015
Version 4.0
Page 29
Charting definitions
Responsible (The Doer)
The doer is the individual who actually does the task. The degree of responsibility is determined
by the individual with the A.
January 7, 2015
Version 4.0
Page 30
Legend
Responsible,
Accountable
Consult before doing
Inform after decision taken
Process Roles
Acronym
Change Requestor
Change Implementer (may be same as CR)
Change Owner (CRs supervisor)
Service Manager (Sponsor)
Change Manager
Change Process Owner
Change Advisory Board
CR
CI
CO
SM
CM
CPO
CAB
Procedure
1. Identify, assess need; response to incident or
problem
2. Build RFC
a. Impact and risk assessment
b. Testing
c. Communications and stakeholder
engagement
d. Post implementation verification checklist
e. Back out plan
a. Documentation
CR
CI
CO
SM
A,R
CM
CAB
7. Cancel RFC
8. Post implementation verification and acceptance
C
C
R
R
A,C
A
C
R
I
I
A,C
R,A
January 7, 2015
Version 4.0
I,C
Page 31
January 7, 2015
Process Roles
I
I
R
Version 4.0
Acronym
R,A
C
I
Page 32
January 7, 2015
Version 4.0
Page 33
Activities
Analyze and distribute reports
Review proposed changes to the Process and Governance structure
Initiate improvements in the tool, process, steering mechanisms, and people
Review integration issues between the various processes
Communicate changes to the Process and Governance Structure
Promote the Service Management vision to board level / Senior Management Function as a point of
escalation when required
Approve and initiate training when required
Recruit and coach staff to support the Process where needed
Schedule and attend meetings according to the Process and Governance Structure
Authority
Has the authority to approve proposed changes to the Process and Governance Structure
Cannot enforce the use of the Process, but can escalate any breaches to board level management
Can organize training for IT employees and can nominate staff, he/she cannot oblige any staff to
follow training, but can escalate to line management should training be required
Will negotiate with the relevant Process Owner if there is a conflict between processes
Has the authority over Process staff where process activities are concerned
Can initiate research into changing tooling, however, the tool owner is responsible for the tool and
will have the final say
Will negotiate with the relevant Process Owner if there is a conflict between processes
January 7, 2015
Version 4.0
Page 34
January 7, 2015
Version 4.0
Page 35
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
Unit
Team
NCS
NCS
NCS
NCS
ICS
ICS
ICS
CCS
ISR
ISR
ISR
CIO
ITSM
ITSM
InfoSec
Network
Core Server Infrastructure
Core Infrastructure Applications
Service Desk
Service Desk
Network and Desktop Services
CMS/Web/EdTech portfolio
Application Services
Production Support
CAM, RES, STU, FIN portfolio
Enterprise Architect
Incident Management
Problem Management
15. ITSM
16. PMO
January 7, 2015
Notes
Manager or Communications
Team Lead (rotation)
SLA Management
PMO
Version 4.0
Page 36
Attend regular CAB meetings. In their absence a suitable representative of their respective unit
should attend.
Reflect the views of the unit or group they represent. Members must keep their respective unit
or group informed on change management issues.
Prepare for the CAB meeting by reading meeting materials in advance of the meeting.
Participate in the discussion so as to provide subject matter expertise, relevant observations of
caution and to arrive at a decision on the RFCs under review.
Reply to email or other electronic forms of consultation on Expedited change requests with
observations, criticisms, and suggestions for improvement of the RFC build, approval or
rejection of the RFC under consideration.
January 7, 2015
Version 4.0
Page 37
Accountable to the Change Manager for carry out changes as defined in the McGill IT Change
Management Procedures Guide.
Ensures the Change Management process is followed for building, testing and implementing the
change.
Responsible for all issues and inquiries for the changes under his management.
Accountable for the successful implementation of the change.
Ensures active involvement of appropriate technical groups and other stakeholders during
planning.
Manages the resources used to build, test and implement changes, working with other technical
teams when required.
Provides additional information regarding the change when requested by the Change Manager.
Participates in the Post Implementation Review process.
Performs the initial impact and risk assessment of the change, to assist the applicable change
authority in accepting and classifying the change.
Service Manager
The Service Manager (SM) is the de facto sponsor of the change. The SM may have initiated the change
or may have approved of the initiative. In all cases the SMs permission is required to proceed with the
submission of the RFC. The SM is consulted on the change plan and the content of the RFC before
submission. Post submission the SM is informed as required about the RFCs execution, status and
outcome.
The Service Managers Responsibilities
The Service Manager:
Provides the Change Owner clear expectations of the outcome of the change.
Provides guidance on the proposed schedule for the change.
Communicates with his customer base the effect of the change and any planned disruption to
service and the potential risk of unplanned disruptions.
When required, provides the Change Manager and the CAB with information to assist in
appraising the impact of the change and its scheduled time of implementation.
January 7, 2015
Version 4.0
Page 38
supervision of the Change Owner. The Change requestor is responsible for the accuracy of the
information and the appropriate detail to allow the Change Manager and the CAB to assess and
process the RFC. RFCs for third parties (vendors or non-McGill IT staff) will be submitted by the
McGill IT staff responsible for the service or infrastructure in question. This will ensure that
process standards and objectives are respected.
The Change Requestors Responsibilities
The Change Requester provides:
Change Implementer
The Change Implementer follows the Change management Process for submitting an RFC under
the supervision of the Change Owner. The Change implementer will follow the plan as outlined
in the RFC that was built by the Change Owner and the Change Requestor.
Change Implementer Responsibilities
The Change Implementer:
January 7, 2015
Version 4.0
Page 39
January 7, 2015
Version 4.0
Page 40
Changes that do not conform to a change task can only be implemented after the change task
has been added or with the approval of the Change Manager, the CAB or the units director as
necessary.
Change tasks are added by Change Manager upon request from the designated CAB
representatives of the units.
All hardware and software components (referred to as Configuration Items or CIs) to be
modified must be catalogued in the Change Management Database (CMDB). These can be
entered ITSM Process managers or by NCS Operations staff upon request.
Each IT unit is responsible for creating change tasks and assigning them an appropriate impact
level for their respective staff to use. This serves to establish the standards for implementing
change.
The units senior staff will do the risk analysis of the change category that is based on the
probability that the change could fail either during implementation or post implementation.
The unit will have done an impact assessment on the effect of the change in both how it
changes service if successfully implemented and the damage it may cause should it fail. The
analysis should include who is affected, how, how many users, the length and complexity of a
back out, and the costs associated. See Risk and Impact section.
The requestor must select from NCS Motion a category that best fits his or her change.
Choosing lesser categories to avoid scrutiny or effort is forbidden.
The requestor will have done the analysis for the change in question to ensure that it fits the
general criteria. When necessary, given special circumstances, the requestor will set the impact
at a level higher than the categorys predefined impact. The requestor cannot arbitrarily lower
the impact level. This is to ensure adherence to the standards set by his respective unit.
Exceptions can be made with the approval of the Change Manager, the CAB or the units
director as necessary.
January 7, 2015
Version 4.0
Page 41
Unit(s) can request changes to their own task list as they see fit. The same criteria for creating a
new change task are applicable.
Other unit(s) may ask the CAB to reassess a change task outside their purview. The CAB will
discuss the proposed change and make a decision through consensus. Should the CAB not reach
a consensus or the decision is challenged by the owner unit, the matter will be resolved at the
directors level.
January 7, 2015
Version 4.0
Page 42
Start
Found it?
NO
NO
Yes
Task
matches work
described?
Yes
NO
Task has
correct impact
level?
Yes
Continue with
RFC submission
January 7, 2015
Version 4.0
End
Page 43
Upon the discretion of the Change Manager and, where applicable, the CAB, lead times may be
extended or reduced to best reflect the impact and risk of the RFC.
Should there be a late submission for CAB, the Change manger, taking the circumstances into account,
will decide to do one of the following:
process the RFC as an Expedited change either at the CAB meeting or via email consultation
delay the RFC to the next CAB if the schedule permits
reject the RFC with explanation or alternately invite the requestor to cancel the RFC
January 7, 2015
Version 4.0
Page 44
Impact Level
Approval
Authority
Delegated
None
None
Self
Minor
None
CM
Significant
2 days4
CAB
Major
3 days5
CAB
2 days7
CAB
Emergency changes8
Best effort9
Best effort9
ECAB
Notes:
Days refers to business days. Hours, unless specifically stated otherwise, refers to business
hours i.e. 9:00 AM to 5:00 PM.
The regular CAB meeting is every Wednesday at 10:00 AM.
The CAB may withhold approval of an RFC if it does not provide appropriate lead times. It may
require more than the stated minimum.
The CAB may approve shorter lead times than the stated minimums when required by
extenuating circumstances and the shorter lead times do not jeopardize the safe
implementation of the change. This is greatly mitigated by a negotiated agreement between
the requestor and the appropriate stakeholders.
Each IT unit notifies their direct customers. Typically, IT technical units customers are not endusers but rather other IT support personnel.
The responsibility for announcing changes and service interruptions to end-users falls on ICS.
Footnotes:
[1] Minor changes for same day or overnight: These must be submitted before 2:00 PM to be
considered for same day, that evening or overnight (before 9:00 AM). When submitted after 2:00
PM, these Minor RFCs can only be implemented three business hours after the start of the next
business day (no earlier than12:00 PM). Minor changes that do not honour this lead time may be
rejected and will be flagged as expedited changes.
January 7, 2015
Version 4.0
Page 45
January 7, 2015
Version 4.0
Page 46
Saturday
November 21
Sunday
22
Monday
23
Submit Major or
Significant RFC on
Friday before
5:00 PM
Wednesday
25
Pre-CAB
Pre-CAB
Revision Period
Revision Period
Thursday
26
CAB meeting
______________
POST-CAB
29
30
December 1
Significant:
Major: Earliest
OK Significant changes
OK Significant changes
27
Post-CAB
Revision Period
Note: for Major
extends into Friday
Revision period
begins
28
OK Significant changes
Tuesday
24
Figure 4
January 7, 2015
Version 4.0
Page 47
KPI Disposition
Disposition Metrics
The disposition refers to the various states and characteristics of the RFC. This set of KPIs describes the
outcome of the implementation of the change plan. It will help to identify areas improvement in how
RFCs are planned as executed.
Description
% Approved
% Rejected
Though rare, some RFCs will be rejected because they either fail
to meet process guidelines or conflict with other work.
% Canceled
% Implemented with no
Problems
January 7, 2015
Version 4.0
Page 48
Description
Backed out
The change was backed out. May have had to restore software
and data.
The RFC plan was not followed- e.g. steps omitted, added or
taken out of order.
The intended purpose for the change was not met did not have
the expected results.
c) Partially implemented
d) Exceeded
Implementation
Window
The change took place outside the requested time window. The
change Started early or late or the plan exceeded the
implementation window requested.
e) Exceeded expected
Service Disruption
Window
January 7, 2015
Version 4.0
Page 49
Metrics for
Lifecycle
Description
CSI Opportunity
January 7, 2015
Version 4.0
Page 50
January 7, 2015
Version 4.0
Page 51
The SSA should be issued at least three hours before the scheduled service interruption no
later than 2:00 PM for same day, same night or before the next business day.
The title and the description of the SSA item should be identifiably similar if not identical to
the RFC or incident ticket that corresponds to the item.
The SSA must reference the RFC or incident ticket for which it is issued.
The start/end times must be reconciled when closing the SSA with other sources that may have
recorded these values. These include but are not limited to, the Heat ticket, the operations log,
admin logs and staff memories of events. The reconciled, and thus definitive, start/end values
of a service disruption will be entered in to the respective SSA.
January 7, 2015
Version 4.0
Page 52
Once you have selected Create RFC, you will be ready to select the change task appropriate for your
RFC. IT Services Motion will remember the unit and team that you belong to and will display the task
list for your team. Should the list displayed not be your teams list you may change it by using the pull
down list that appears at the right top corner of the task list menu.
Once the correct team name appears in the window the change task menu for your team will be
displayed on the page.
Select the category chosen must match the change you intend. If it does not appear on the list or you
have questions about which to choose, you should consult with your manager and colleagues or the
Change Manager. New categories or subcategories can be added as required. Below is sample menu of
the main categories from which you choose. The RFC submission is a multi-step process from start to
finish.
January 7, 2015
Version 4.0
Page 53
January 7, 2015
Version 4.0
Page 54
January 7, 2015
Version 4.0
Page 55
RFC Title:
The RFC title should describe the change meaningfully. Include the name of the item to be changed and
any version numbers that are relevant. For example patch a wireless controller is totally inadequate.
An appropriate title is the following: Patch update v3.3.1.29 for wireless-local31-wmc (M3
wireless controller).
January 7, 2015
Version 4.0
Page 56
Risk:
Select from the pull-down the appropriate risk for this RFC. The risk level selected should be the result
of an analysis appraising the risk of executing the change (what could go wrong as a direct result) and
the risk that follows once the change interacts with other systems and users. See Appendix C for more
details.
Impact:
Impact refers to the harm that would result should the change fail. The impact for most categories has
been predetermined. You may raise it, but not lower it. The impact takes into account the number of
users affected, the duration of interruptions and the potential for data loss or corruption.
Approved by manager:
Every RFC must be approved by the line manager. No RFC will be approved if this field is not set as
approved.
Approved by owner:
Every RFC must be approved directly by the owner of the change Item. This is the manager of the team
that manages the Service referenced in the RFC. This role is also referred to as the Service Manager. No
RFC will be approved if this field is not set as approved.
Implementation duration:
This must be set to the expected duration of the RFC from start to finish. Any special conditions must be
clearly described in the Description of Change below. For example, the RFC may be done in two phases
of one hour.
Service Disruption:
This field must be set to the expected duration of service disruption from start to finish of the
implementation of the change. Any special conditions must be clearly described in the Description of
Change below. For example, the RFC may be done in several steps or phases. This may require multiple
service interruptions of various durations.
January 7, 2015
Version 4.0
Page 57
January 7, 2015
Version 4.0
Page 58
The list of who is affected is an important element in appraising the impact. You should list users by
category (e.g., students, staff, etc.) or geography (e.g., McLennan library users, etc). It is also helpful to
list the affected hardware. For example listing the wireless controllers affected by a change allows us to
estimate the number of users affected by the change.
Change is made to fix or improve services, but change can also introduce new flaws. Any change can
have a negative effect in two ways: 1) any disruptions required to make the change, and 2) problems the
actual change once in production may cause. It is not sufficient to state only the effect on usage by the
downtime incurred during the change. For example, to say no one is affected by a change because the
change is occurring during a scheduled downtime is neglecting to appraise the risk and impact of post
implementation failure.
January 7, 2015
Version 4.0
Page 59
Changes have a purpose; they are to correct, prevent a fault or enhance service. Describe here the
consequences should the change not be made, what conditions (current and future) will prevail and how
they negatively impact usage.
January 7, 2015
Version 4.0
Page 60
Appendix C details the need for testing and provides guidelines for how extensive the testing plan
should be. A Delegated change that has a well-established and documented procedure does not need
testing. All other impact levels of RFCs must have an adequate test plan. The test plan should be well
documented and appropriate to the change at hand. The results of the tests should be clearly stated.
Failure to provide this basic information will prevent approval of the RFC. You should report here the
equipment used, the test methodology, why this methodology was used, the expected results, the
actual results, and finally why the results justify proceeding with the change.
January 7, 2015
Version 4.0
Page 61
Appendix C describes risk and impact and how they interplay. The risk has two components: 1) the
actual act of making the change, and 2) the effect of the change post implementation the full effect of
a change or flaws it introduced only become apparent after the change interacts with specific usage,
data, or other elements of the ecosystem. Risk analysis is the linchpin for appraising and approving an
RFC.
January 7, 2015
Version 4.0
Page 62
List here any other strategy that was considered other than the proposed plan. This will assist the CM,
the CAB and, when appropriate, forensics, in understanding the change and making judgments in the
future for similar changes. The CAB may feel that an alternate solution is less risky, less costly, or a
better long-term solution.
January 7, 2015
Version 4.0
Page 63
State here clearly how the state of the item to be changed can be restored to its previous working state.
The back out plan requires the same diligence in preparation as the proposed change. A detailed stepby-step plan should be outlined. Any documentation should be referenced and hyperlinked.
In the event that an outright back out is not possible or not desired you should state clearly as to why.
Provide an alternate plan to remediate the failure in lieu of a clean back out.
January 7, 2015
Version 4.0
Page 64
As a general rule, it is better to be liberal, than conservative as to who is notified and consulted on a
proposed change. The principles of project management apply to RFCs when it comes to stakeholders.
Whenever users are affected the ICS Service Desk must be consulted prior to the submission of the RFC.
The help desk should have input in how and when the change will take place this will help mitigate
disruptions and provide for Service Desk preparedness for supporting users. Without proper
communication, other departments would not be able to shape the RFC to meet their needs. For
example, we would not risk a network failure during registration. The rule of thumb is at least two days
notice for the Service Desk staff high impact changes require early and extensive involvement. For
further guidance see the Lead Times for Stakeholder Communication section.
The communication plan should provide for pre-implementation alerts (SSA) to stakeholders
(colleagues, service administrators, ICS Service Desk) and post-implementation alerts to signal either a
successful completion of the post-implementation checklist or the fallback to the back out plan.
Another major consideration is to ensure that any personnel required to monitor, verify or react to the
change have been notified and made available at the appropriate time(s) during the change.
When the RFC is a multi-step, multi-group effort, special care must be given to precision communication
among the individuals and groups performing the change. Each steps start and completion should be
signaled to the other partners so that the work can proceed in the correct order and on the agreed
schedule.
January 7, 2015
Version 4.0
Page 65
In some cases a change may have a known cost. For example, switching from tier 1 to tier 3 storage for
a service will save a certain dollar amount for the next 3 years. When these considerations are known
and available they must be included in the RFC.
January 7, 2015
Version 4.0
Page 66
January 7, 2015
Version 4.0
Page 67
RFC was
Implemented?
(attempted)
Start
No
Yes
Backed out?
Yes
Why?_______________________
___________________________
Ticket #: _________
Brief Description:______________
____________________________
____________________________
No
Caused an
incident?
No
Close
Yes
Partially implemented
Exceeded implementation
window
Note:
If any is selected
then the
Implemented with
Exception = true
Add implementation
Notes
January 7, 2015
Version 4.0
Page 68
Cancelled
Reason for the cancellation must be provided. Possible reasons for cancelling are that:
Backed out
The change was backed out. Implementer may have had to restore data and or software/hardware
configurations.
January 7, 2015
Version 4.0
Page 69
Description
The RFC plan was not followed- e.g. steps omitted, added or taken out
of order.
The intended purpose for the change was not met did not have the
expected results.
One or more aspects of the change were not implemented may or
may not have resulted in executing the backout plan.
The change took place outside the requested time window. The
change Started early or late or the plan exceeded the implementation
window requested.
Cancelled
Rejected
Implemented OK
Caused Incident may have been backed out and may have had exceptions during the
implementation
5. Backed out -- may have had exceptions during the implementation
6. Implemented with exception
7. Implemented with problem (old RFCs closed` before January 2013)
Items 4, 5 and 6 are not mutually exclusive, but do have a priority protocol for how the RFC is finally
reported. The priority facilitates the analysis for determining whether a formal Post Implementation
Review is necessary. The metric recorded retains all information and KPIs can be created to report
accurately on all statuses and combinations of statuses.
6. Exception
Occurred
5. Backed
out
possible
Backed out
No
Occurred
Possible
No
No
Occurred
Final status
Caused Incident
January 7, 2015
4. Incident
Version 4.0
Possible
Page 70
January 7, 2015
Version 4.0
Page 71
Next: Scroll to the bottom of the page and respond to the screen instructions as they are presented.
January 7, 2015
Version 4.0
Page 72
Low risk
There is a low probability of a negative event occurring and a low impact on the quality of
services should such an event occur i.e., very short or minor disruptions and no data loss. The
change is easily backed out.
Notify the appropriate stakeholders if the change is not transparent. In most cases, you
should notify the ICS Service Desk and the owners of the service.
Make sure that the change has been validated by previous implementations of the
change.
No risk
The change is operationally simple to do and has no disruptive effect on service.
January 7, 2015
Version 4.0
Page 73
Impact
Definition
Major
High risk
level.
Significant
Moderate
to high
risk level.
Minor
Low to
moderate
risk level.
January 7, 2015
Version 4.0
Page 74
Probability or P is the chance of failure and usually expressed as a percentage or a value from
0.0 to 1.0 where 1.0 is 100%. There are two components:
P is the probability of an event (error or failure) during the actual execution of the
change.
Probability that at least one of the events (errors) will occur for a change: PC
Probability that both types of errors will occur for the same change is:
= P + P
PT = P x P
Often, the chance of error while making the actual change is very slim. However the chance of
failure due to some interaction with other systems, databases, or other recent changes is as
high as one out of ten. The only way to understand this risk factor is to do a thorough what-if
analysis. We are often lulled into a sense of security because we have high confidence in the
actual change procedure.
Impact or I is the scope of the failure (see table on previous page). The appraised impact
serves to magnify or reduce the RQ. For example, let us consider a simple task: solve the
arithmetic expression 2+2. If the stakes for getting it wrong is that you get laughed at, extra
effort such as could be applied is wasted. What if the consequence of not answering four is
that you will be fined $5,000? You would pause, clear your mind and concentrate on the
solution. Now consider the changes we undertake. Some changes affect only a handful of
people (e.g., replacing a 24-port router with a 48-port router), while others can affect the entire
enterprise for prolonged periods of time (e.g. changes to electrical infrastructures in the
datacentre). The test plan must be appropriate to the risk and impact appraised.
The impact can be:
1. Direct (e.g., no email for a day)
2. Indirect (e.g., prospective students unable to get information about McGill)
and can have consequences of varying impact (cost):
1. Cost to remediate the failure
2. Lost opportunities (actions not taken)
3. Loss of productivity (lost time multiplied by thousands of employees and students)
January 7, 2015
Version 4.0
Page 75
Major Consequences
(open ended)
Major
Degree
of
Damage
Significant
Minor
Delegated
Standard
Request
Fulfillment
January 7, 2015
Version 4.0
Page 76
Change Advisory
Board (CAB)
Change Authority
Change Control
Change Document
Change History
change log
Change Record
Configuration
Baseline
Configuration
Control
January 7, 2015
Version 4.0
Page 77
Configuration
Identification
Configuration Item
(CI)
Configuration
Management
Configuration
Management
Database (CMDB)
Configuration
Management Plan
Configuration
Management Tool
(CM Tool)
Configuration
Structure
Contingency
Planning
January 7, 2015
Version 4.0
Page 78
Customer
Forward Schedule
of Changes (FSC)
Impact
Impact Analysis
January 7, 2015
Version 4.0
Page 79
NCS
InfoSec
2.
NCS
Network
3.
NCS
4.
NCS
5.
ICS
Service Desk
6.
ICS
7.
CCS
CMS/Web/EdTech portfolio
8.
ISR
Portfolio Management
9.
ISR
10.
ISR
11.
CIO
Enterprise Architecture
12.
ITSM
Incident Manager
13.
ITSM
Change Manager
14.
ITSM
Problem Manager
15.
ITSM
SLA Manager
16.
PMO
PMO
ECAB
Notes
Member
Note: Roles with the ECAB Member checked are part of the ECAB.
January 7, 2015
Version 4.0
Page 80
January 7, 2015
Version 4.0
Page 81