How Change Management Mitigates Risk in Technology Support

Effective change management is critical to the success of an organization and its technology support function, including the Network Operations Center (NOC). Whether you're planning for technological change or facing an unexpected challenge, having a dedicated change management program can help you solve problems and minimize any undesired impact on the business.

Here, we summarize the basics of change management, explain its importance in the service availability and performance of your IT infrastructure, and look at how to implement best practices for change management throughout your technology support operations.

Definition and Purpose of Change Management

Change management is a systematic approach to dealing with the transition or transformation of an organization’s goals, processes, or technologies. It provides strategies for implementing, controlling, and helping people adapt to change.

Processes like NOC incident management and problem management inevitably demand change. Change management is a service support and delivery process aimed at minimizing the impact of changes on the business. The change management process is used to balance the benefits and costs of a change and implement it in a way that minimizes disruption.

A successful change management process relies heavily on proper workflows and managerial buy-in. It requires top-down acceptance throughout the entire organization and effective communication to ensure everyone is kept up to date and nothing is left to chance. Our discussion of tiered organization and workflow in our white paper “Top 11 Challenges to Running a Successful NOC” can help you put these ideas to use within your NOC.

Managing change in your technology support operation can be daunting. But the better you understand and implement best practices for change management, the more you can mitigate the risks of change to your business.

Change Management Framework

The Information Technology Infrastructure Library (ITIL^*) service framework defines a change as “the addition, modification or removal of anything that could have an effect on IT services,” including “infrastructure, processes, documents, supplier interfaces, etc.”

ITIL presents change management as a process for minimizing the risk associated with changes that could affect your IT services.

ITIL defines three types of changes supported by change management:

• Standard Changes: These relatively common, low-risk changes are planned, authorized, and carried out through specified procedures or repeatable work instructions. Examples of standard changes in a NOC include carrier-initiated scheduled maintenance, procedural changes, or routine hardware changes.
• Normal Changes: Normal changes are planned in advance and are more involved than standard changes. Normal change requests require a full range of assessments and authorizations — such as peer or technical approval and the authorization of a Change Advisory Board — to ensure completeness, accuracy, and minimal service disruption. Examples of normal changes include device firmware upgrades, software deployments, or the addition of new services.
• Emergency Changes: These changes must be introduced as soon as possible; for example, to resolve a major incident or implement a security patch. Emergency changes are a high priority, so they should go directly for authorization. Examples of emergency changes include replacement of failed equipment, firmware upgrades, or database rebuilds.

When appropriately implemented, ITIL's change management framework enables you to minimize the risks posed by an incoming IT service change and maximize your engineers’ ability to focus on revenue-generating work rather than spending time and attention putting out fires caused by poorly managed changes.

Benefits of Change Management

Within a NOC operation, the benefits of effective change management include:

• Greater transparency and more efficient communication among stakeholders regarding scheduled changes and expected impacts;
• Documentation of successful and unsuccessful changes via a post-implementation review;
• The ability to track, analyze, and report on trends in change data;
• The ability to document the known impact of standard changes for use in day-to-day operations;
• Lower risk of serious outages;
• Clearer expectations and guidelines for implementers; and
• Higher customer satisfaction.

Change Management Lifecycle

If effective change management sounds daunting, here's the good news: You don't have to start from scratch. The ITIL change management framework provides steps for processing change requests from beginning to end:

1. Identify and request a change

The change management lifecycle begins when an authorized entity identifies an asset or service that requires a change. This change could be a new software deployment, a process change, a hardware replacement or upgrade, a server upgrade, or anything else that meets the criteria. Once identified, the requester submits the change request to a Change Manager for review, categorization, and prioritization.

2. Categorize the change

The Change Manager receives the change request, reviews a Forward Schedule of Change for any conflicting work, and evaluates the change request to make sure it’s complete. The Change Manager then categorizes the change request based on ITIL best practices and established internal procedures before it moves into the review phase.

3. Review the change

The Change Manager, relevant subject matter experts, and the requester jointly review the change. This critical review enables the Change Manager to ask informed questions and ensure everyone is following proper impact assessment practices. The Change Manager compiles all data relevant to the request into a concise, digestible format for the Change Advisory Board.

4.  Seek Change Advisory Board approval

The Change Advisory Board is tasked with assessing IT changes and advising the Change Manager. The board should consist of both technical and nontechnical individuals representing each impacted department of your organization, such as operations, engineering, security, and business management. These individuals provide valuable insight and lend transparency to the change management process.

The Change Advisory Board process includes several steps:

• The board reviews the session agenda put forth by the Change Manager.
• The Change Manager presents each change to the board, raises any notable items, and cites previous examples or lessons learned, when applicable.
• The board discusses each change thoroughly, reviewing the impact assessments and ensuring that a back-out plan is in place. The board identifies any notification requirements at this time.
• Any entities that will be impacted by the change are notified of all relevant details, especially the impact assessment, which indicates when, where, how, and in what way the change will affect the recipient of the notification.

5.  Implement the change

Once the board approves the change, the change is implemented as scheduled.

6.  Conduct Post Implementation Review

This thorough review conducted at the end of the change management lifecycle captures successes and failures to enable the Change Advisory Board to make more informed decisions in the future and coach implementers on potential issues. The metrics generated are used to benchmark the process and mark items for continual service improvement.

Change Management in an Emergency Outage

While an unplanned outage is precisely what any organization aims to avoid, sometimes things are simply outside of the organization’s control.

A major incident or security issue that requires immediate action calls for an expedited change management process handled by an Emergency Change Advisory Board. Depending on the organization, this board may include the same people as the regular Change Advisory Board or may be a smaller group. The emergency board follows steps 1 to 6 of the framework above but may do so more quickly, without an in-person meeting, for example. It’s also important to define who is authorized to make decisions if key individuals are not available. Its purpose is to mitigate and minimize the disruption by restoring services with the involvement of the incident and problem management teams and then record the necessary information after the problem has been fixed.

Even in an emergency, effective change management is important because changes implemented without full consideration can lead to further issues, compounding the problem. An emergency change management process is critical as it mitigates any negative impact to the organization’s reputation or financial stability by enabling swift, effective action.

Best Practices for NOC Change Management

Here are a few best practices to bolster your NOC’s change lifecycle efficiency and effectiveness:

• Get managerial buy-in: Acceptance from leadership has a top-down effect that can make or break your change management program. When managers understand, adopt, and accept changes, those who report to them will likely be more willing to navigate all the phases of the change lifecycle. Committed managers also provide valuable insight and support to the Change Manager and serve as a bridge between stakeholders. This hands-on approach from leadership translates into better internal communication throughout the process.
• Conduct thorough impact assessments: An accurate, fully vetted impact assessment mitigates unnecessary downtime and service disruptions by fully examining what effects a change may have throughout the business. Collaboration between technology and operational experts in this process helps ensure changes are appropriately documented and reviewed before a change is implemented.
• Conduct a Post Implementation Review: The review equips the Change Manager and the Change Advisory Board with a repository of data from successful and unsuccessful changes. While actively pursuing changes, your organization will be building a database of lessons and historical change data that you can review to better understand the full impact of proposed changes.
• Ensure transparency: Being transparent with your organization and with any external stakeholders is crucial, as disruptions resulting from unexpected changes can damage the organization’s reputation. All affected stakeholders need to be appropriately notified of a change before implementation. Clear and effective communication demonstrates that you're following best practices and prioritizing stakeholder satisfaction.

Final Thoughts and Next Steps

The change management framework and the best practices we summarize here provide a flexible foundation for managing the entire change lifecycle with elements you can incorporate into your active workflows. Aligning your organization's change management lifecycle with ITIL best practices gives your organization the proper tools to make changes effectively and consistently, no matter what the changes are or where they are made.

Need to improve your approach to change management? Contact us to discuss your infrastructure, your challenges, and the opportunities that lie ahead, and download our free white paper below.

*Originally developed by the UK government’s Office of Government Commerce (OGC) - now known as the Cabinet Office - and currently managed and developed by AXELOS, ITIL is a framework of best practices for delivering efficient and effective support services.