Greg Sanker, CIO, Author, speaker and practitioner with over 30 years of global IT experience
Every organization makes changes on a daily basis, and every change has the potential to go wrong and potentially do great harm to the business. How do you balance the need to manage risk, without slowing everything to a grinding halt to go to CAB?
Thankfully, ITIL 4 has some great news, and this webinar will get you up to speed on Change Control.
What’s in it for you?
Join if you:
Want to know what’s new in ITIL4 Change Control
Have an unpopular CAB
Need help doing change management in a DevOps world
Far more than a new name for the same old thing, Change Control helps you manage changes at the speed of business.
2. 1. Support timely and effective implementation of business-
required changes
2. Appropriately manage risk to the business
3. Minimize negative impact of changes to/for the business
4. Ensure changes achieve desired business outcomes
5. Ensure governance and compliance expectations are
met
Organizational Capability that seeks to:
What Is Change Control?
@gtsanker
3. Change Control vs Management
■ Confusion with OCM
■ Subtle focus on managing individual
changes
■ Over emphasis on process of managing
changes
@gtsanker
Change Management
4. Change Control vs Management
■ Confusion with OCM
■ Subtle focus on managing individual
changes
■ Over emphasis on process of managing
changes
■ Control the circumstances producing
changes
■ Ensures all changes are within ’control
limits’
■ Adaptive, learning, optimizing
■ Business Value focused
@gtsanker
Change Management Change Control
Enablement
20. Here’s the problem
■ Bureaucratic
■ Reactive
■ Is another queue where work stops
■ Doesn’t mesh with modern development
– DevOps
– Agile
– CI/CD
@gtsanker
21. A blast from the past
■ Cease reliance on mass
inspection
■ Engineer Quality in
■ Quality is everybody’s
responsibility
■ A bad system will beat a good
person every time W. Edwards Deming
@gtsanker
34. Value Stream Outcome performance
■ Failed changes
■ Business impact
– Incidents/Problems
– Major Incidents
■ Failure isolation
– ”Blast Radius”
■ Recoverability
@gtsanker
35. Impact Radius
■ How big is ‘big’?
■ What’s the worst that
could happen?
■ What’s at risk?
Entire
Organization
Multiple Business
System
Single Business
System
Section of
Business System
RiskLevel
@gtsanker
36. Recoverability
■ “Undue”?
– TTR
– Complexity
– Ops maturity
■ How much business impact is
there from a failed change?
– Business processes supported
– Business Value
@gtsanker
40. ■ Change Authority
■ Standard Changes
■ Change Models
Tools of Change Control
@gtsanker
41. Change Authority
■ Who can approve what level of risk
■ Hierarchy of approval authority
■ Clear and unambiguous
accountability
@gtsanker
42. Change Authority
■ Business Risk & Impact
■ Business cycles
■ Benefit vs Risk
■ Blast Radius
■ Recoverability
■ Track record
@gtsanker
43. Change Authority
■ Authority rises as risk level rises
■ Factors like
– Number of critical systems
impacted
– Type and number of business
processes supported
– Number of employees
@gtsanker
44. Standard Changes
■ Changes that are documented and preapproved
■ Have a demonstratable track record for:
– Timely and effective implementation
– Risk management
– Negative impact
– Outcome achievement
– Governance and compliance
■ Are within authority of local delegated authority
■ Documented in normal change tracking tools
@gtsanker
45. Change Models
■ Standardized approach to given change type
■ Parameters are different, approach is consistent
@gtsanker
47. 1. Support timely and effective implementation of business-
required changes
2. Appropriately manage risk to the business
3. Minimize negative impact of changes to/for the business
4. Ensure changes achieve desired business outcomes
5. Ensure governance and compliance expectations are
met
Change Capabilities
@gtsanker
48. 1 | Outcomes over Process
2 | Focus on core capabilities
3 | Think in value streams
Lessons Learned