Change Management


What is a Change? – Change is the process of moving from one defined state to another.

Change Management is responsible to ensure that standardized methods and procedures are used for the efficient and prompt handling of all changes in order to minimize the impact of any related incident(s) on the (IT) service.

Change Management implements all the changes in an organization with minimum disruption to the IT services. It also carries out appropriate Impact Analyses before the implementation of the change and has a backout plan in place, in case the change does not work out in line with the expectations of the organization.

Change Management balances the need for the change against the risks to the IT infrastructure and will proceed only if:

  • The impact is manageable.
  • The cost is reasonable.
  • The benefits to the business are worth it.

Change Management authorizes all changes to the IT infrastructure through the Change Advisory Board (CAB). The CAB is formed by a team of experts within the organization.

It is not necessary to approach the CAB for approval of all RFCs. In some cases, this responsibility can also be given to the Problem Management team or even the Operations Team. This is discussed in more detail in the later sections.

ITIL mandates that end-users are kept informed of any changes much in advance – this is done through Forward Schedules for Change – which lists out all the details of the change, including when it would occur and all the services and components that would be affected as a result of it.

All changes are released into the organization through the Release Management process.

The Change Management process starts with a Request for Change (RFC).

Some of the important sources of RFCs are:

  • From the Service Desk.
  • From Problem Management.
  • When a new CI (Configuration Item) is introduced into the organization.
  • Whenever there is a requirement for a new or changed IT service.
  • From a customer or end-user.
  • Any new legislation or laws.

The Change Advisory Board (CAB) is made up of:

  • A Change Manager (The Change Manager chairs all CAB meetings.)
  • Representativs of the IT Service Management team.
  • Representatives of the customer.
  • Representatives of the users.
  • Representatives of developers, other consultants and other experts.

The CAB is responsible to:

  • Review all RFCs and approve them if it meets the business requirements.
  • Else the RFCs will be rejected.
  • Keep a record of all RFCs, irrespective of wether it has been accepted or not.
  • Advice on the grouping of changes into “Releases” so that there is little or no disruption to the organization.


  • Stands for Change Advisory Board Emergency Committee.
  • Consists of the Change Manager, a senior IT representative and a senior representative from the organization.
  • Usually assembles at a short notice to review and authorize any urgent RFCs.

The Change Management Process:

  • An RFC is generated to trigger the Change Management process.
  • The Change Manager receives the RFC and approves or rejects it, as appropriate.
  • Appropriate entries are made into the CMDB and the RFC is then indicated as a Change Record.
  • The Change Manager allocates a priority to the change, after assessing the Impact and Urgency.
  • The priority can either be “Standard Change” or “Urgent Change”.
  • The change is Categorized as “Standard”, “Minor”, “Significant” or “Major”.
  • “Standard” changes are usually the low-risk and frequently occurring ones and do not require authorization by the CAB. Example: upgrading a users computer or replacing a piece of hardware in a user’s computer.
  • “Minor” changes are usually authorized by the Change Manager himself who then informs the CAB later.
  • CAB authorization is needed for “Significant” and “Major” changes.
  • If the RFC is approved, it is then implemented through the Release Management process after circulating a Forward Schedule for Change.
  • If the Change is successfully implemented, it is then reviewed by the Change Manager and closed.
  • If the Change is not successful, the Change Manager initiates the back out plan to get back to the previously working state.

Metrics for measurement of the Change Management process:

  • Total number of changes in the defined period.
  • Total number of Urgent Changes.
  • Total number of changes implemented.
  • Total cost for each change as against estimated costs.
  • Number of rejected changes.

Change Management Audits should check:

  • for compliance to all Change Management procedures.
  • all Software releases to ensure they have been through the proper authorization process.
  • all Incident records selected randomly through the change records.
  • minutes of CAB meetings.
  • Forward Schedules for Change.
  • Change review records.