Skip to main content
Sign In |
  Help (new window)

CobiT

Go Search
Home
  
CobiT > Wiki Pages > WorkDefinition - Manage Changes  

WorkDefinition - Manage Changes

View All Site Content

Recent Changes
WorkDefinition Information

Manage Changes

Description

All changes, including emergency maintenance and patches, relating to infrastructure and applications within the production environment are formally managed in a controlled manner. Changes (including those to procedures, processes, system and service parameters) are logged, assessed and authorised prior to implementation and reviewed against planned outcomes following implementation. This assures mitigation of the risks of negatively impacting the stability or integrity of the production environment.

Maturity Model

Management of the process of Manage changes that satisfies the business requirement for IT of responding to business requirements in alignment with the business strategy, whilst reducing solution and service delivery defects and rework is:

0 Non-existent when
There is no defined change management process, and changes can be made with virtually no control. There is no awareness that change can be disruptive for IT and business operations, and no awareness of the benefits of good change management.

1 Initial/Ad Hoc when
It is recognised that changes should be managed and controlled. Practices vary, and it is likely that unauthorised changes take place.There is poor or non-existent documentation of change, and configuration documentation is incomplete and unreliable. Errors are likely to occur together with interruptions to the production environment caused by poor change management.

2 Repeatable but Intuitive when
There is an informal change management process in place and most changes follow this approach; however, it is unstructured, rudimentary and prone to error. Configuration documentation accuracy is inconsistent, and only limited planning and impact assessment take place prior to a change.

3 Defined when
There is a defined formal change management process in place, including categorisation, prioritisation, emergency procedures, change authorisation and release management, and compliance is emerging. Workarounds take place, and processes are often bypassed. Errors may occur and unauthorised changes occasionally occur. The analysis of the impact of IT changes on business operations is becoming formalised, to support planned rollouts of new applications and technologies.

4 Managed and Measurable when
The change management process is well developed and consistently followed for all changes, and management is confident that there are minimal exceptions. The process is efficient and effective, but relies on considerable manual procedures and controls to ensure that quality is achieved. All changes are subject to thorough planning and impact assessment to minimise the likelihood of post-production problems. An approval process for changes is in place. Change management documentation is current and correct,with changes formally tracked. Configuration documentation is generally accurate. IT change management planning and implementation are becoming more integrated with changes in the business processes, to ensure that training, organisational changes and business continuity issues are addressed. There is increased co-ordination between IT change management and business process
redesign. There is a consistent process for monitoring the quality and performance of the change management process.

5 Optimised when
The change management process is regularly reviewed and updated to stay in line with good practices. The review process reflects the outcome of monitoring. Configuration information is computer-based and provides version control. Tracking of changes is sophisticated and includes tools to detect unauthorised and unlicensed software. IT change management is integrated with business change management to ensure that IT is an enabler in increasing productivity and creating new business opportunities for the organisation.

Manage and disseminate relevant information regarding changesDevelop and implement a process to consistently record, assess and prioritise change requestsAssess impact and prioritise changes based on business needsAssure that any emergency and critical change follows the approved processAuthorise changes

Attributes

Element CategoriesAI6.1 Change Standards and Procedures, AI6.5 Change Closure and Documentation, AI6.4 Change Status Tracking and Reporting, AI6.3 Emergency Changes, AI6 Manage Changes, AI6.2 Impact Assessment, Prioritisation and Authorisation
IT ResourcesApplication, Information, Infrastructure, People
Primary Business RequirementsCompliance, Effectiveness
Secondary Business RequirementsEfficiency
Primary IT Governance Focus AreasValue delivery
Secondary IT Governance Focus AreasResource management
Goals and Metrics

IT Goals
-Respond to business requirements in alignment with the business strategy
-Reduce solution and service delivery defects and rework
-Ensure minimum business impact in the event of an IT service disruption or change
-Define how business functional and control requirements are translated into effective and efficient automated solutions
-Maintain the integrity of information and processing infrastructure

IT Metrics
-Number of disruptions or data errors caused by inaccurate specifications or incomplete impact assessment


Process Goals
-Make authorised changes to the IT infrastructure and applications
-Assess the impact of changes to the IT infrastructure, applications and technical solutions
-Track and report change status to key stakeholders
-Minimise errors due to incomplete request specifications

Process Metrics
-Amount of application rework caused by inadequate change specifications
-Reduced time and effort required to make changes
-Percent of total changes that are emergency fixes
-Percent of unsuccessful changes to the infrastructure due to inadequate change specifications
-Number of changes not formally tracked,reported or authorised
-Number of backlogged change requests

 

Activity Goals
-Defining and communicating change procedures, including emergency changes and patches
-Assessing, prioritising and authorising changes
-Scheduling changes
-Tracking status and reporting on changes

Activity Metrics
-Percent of changes recorded and tracked with automated tools
-Percent of changes that follow formal change control processes
-Ratio of accepted to refused change requests
-Number of different versions of each business application or infrastructure being maintained
-Number and type of emergency changes to the infrastructure components
-Number and type of patches to the infrastructure components

Inputs and Outputs

WorkProductInputOutputAllowable States
Change authorisation(none)
Change process description(none)
Change status reports(none)

Last modified at 12/10/2007 3:51 PM  by Administrator