Questions you need to ask about yourChange Management process

Questions you need to ask about yourChange Management process

I am often confronted with the belief that selecting a service management toolset will magically instill the discipline of service management within an organisation.  I know it has been said much time before but having a service management toolset, even a really good one, only allows you to communicate faster and more efficiently with your colleagues.  You still need to work out WHAT you want to talk about or else a tool simply does not provide the expected benefits.

I offer this simple example of 8 questions that ANY organisation needs to ask and answer with regards to a single process, Change Management.  I stress that no toolset will answer these for you, but what they will do is make sure that once you have made the decisions people can work easily and efficiently in the way you have decided.

1. What is the goal of Change Management?

 If you don’t know why the process is there how do you know if you’re doing it right? This question is critical if you expect to offer coherent reports from the process to show the value.

Suggested answer:

The objective of the Change Management process is to ensure that standardised methods and techniques are used for efficient and prompt handling of all changes in order to enable beneficial changes to be made with minimum disruption to services.

2. What is the definition of a change for IT Services?

This is utterly fundamental.  If you have not agreed what a change really is how do you expect your IT staff to know when to engage with the process?!

Suggested answer.

“Any addition / modification /removal or maintenance taking place on an in scope item or monitoring of an in scope item”.  Please be aware that a ‘Break fix’ (i.e. an incident resolution) DOES require a change if it occurs on an in scope item.

3. What is the scope of Change Management?

This is another fundamental question.  If you don’t have this clearly defined no one will know when they should engage with Change Management and when they should be using another process.

Suggested answer.

  • Any controlled environment AND supporting infrastructure is under change control..
  • Shared infrastructure / Network kit / software / falls under change control if it supports ANY controlled environment.
  • Supporting infrastructure includes management and / or monitoring tools.
  • ITSM Processes are under change control.


Don’t forget to say what is NOT under change control!

  • Please note that changes affecting less than 20 standard PCs or phones are considered out of scope.
  • Please note that at the discretion of the Change Manager any change may be brought into scope of the Change Management process.
  • Change Manager can declare an item out of the scope of Change Management with agreement from CAB.

4.How will Change Management occur between in scope and out of scope areas?

How will your change process interact with your 3rd party suppliers?

Suggested answer.

  • Out of scope (e.g. 3rd parties) may attend the CAB meeting as guests. They do not have voting rights.
  • They will receive the FSC and PSA/O as part of the normal process.
  • Where appropriate out of scope areas may be invited to attend a CAB with a vote when it is deemed that a particular change has an impact on their area.

5. What is the definition of an Emergency Change?

If you don’t define what you consider to be an emergency….then I guarantee that EVERY change will be an emergency!

Suggested answer

A change is considered Emergency when it meets ALL of the following criteria:-  

  • The change is unplanned and unforeseen
  • The change is deemed to have a ‘Business Critical Impact’ and is seen to be necessary to prevent disruption or further disruption to a controlled environment.

Please note that a ‘Business Critical Impact’ could also include the following areas:-

  • Changes required by Security where there is a demonstrable and significant current threat.
  • Changes required by a sudden change in legislation / regulatory rules, or to resolve an incident required for legal and/or compliance.
  •  The change is categorised as significant or major.
  • The change requires approval to proceed AND /OR authorisation to implement or release, prior to the next Change Advisory Board (CAB) meeting.
  • The CAB/EC has agreed that it is an emergency change.

6.What ‘special powers’ does an Emergency Change for IT Services have?

So now you have marked it as an emergency what happens next?

Suggested answer

  • A change that is identified as emergency has the following characteristics:
  • The change will be implemented as soon as it is possible.
  • The change assessment and approval to proceed AND /OR authorisation to implement or release, may happen verbally.
  • Associated change documentation (i.e. the change form) can be completed retrospectively BUT must occur within one working day of the RFC implementation.
  • The CAB/EC may choose to postpone any testing of the change until after the change has been implemented.
  • The CAB/EC may chose to waive the requirements for a back out plan for the change.
  • After completion the emergency change must be subject to a Post Implementation Review conducted by the Change Manager.  Both to assess if any issues are likely to occur in the future as a result of the change as well as if the change could have avoided being deemed an emergency.

7. How many times will you authorise a change? (i.e. to build and to implement?)

Does your change process require approval in principle early on in the changes lifecycle? Or do you just want to authorise the change prior to implementation?

Are you a speed bump prior to go live for a last minute sanity check? Or do you want to review all changes for approval in principle?  In which case how do you stop Change Management from becoming a bottleneck?

Suggested answer for 2 change categories.

  • For Minor changes only once (approve prior to release)
  • For Significant changes they must go to CAB AT LEAST once.  The CAB can choose to ask for the change to return for authorisation for release.


  • It can assign actions (tasks) to relevant teams / SMEs.  Once all have been completed the Change Manager (last authoriser) can formally authorise to release and schedule as agreed with CAB.
  • Approval to proceed – (approved in principle)
  • Authorised for release – (Final authorisation to release)

The approval of ALL voting members of CAB is required to approve AND / OR authorise a change. If you do not attend CAB and do not raise any issues in advance your approval is assumed automatically.

8. How often will your CAB meet? How will it operate?

This meeting is critical to Service Management in general and Change Management in particular. How often will you meet? Where will you meet? What Terms of Reference will you use to guide this meeting?

Suggested answer

Weekly to begin with.

Aim for an hour at the most.

Send out your CAB Agenda the day before to allow people to attend inform

Below is a suggested timeline of activities.


Activity Day & Time
Cut off for new RFCS to be considered at CAB Monday 12:00
CAB Agenda sent to all CAB Members Monday 17:00
CAB Meeting Wednesday 10:00
Minutes from CAB Meeting disseminated Wednesday 17:00
Forward Schedule of Change Published Wednesday 17:00
Projected Service Outage Published Wednesday 17:00

I have yet to find ANY toolset which is able to make these decisions for an organisation.  If you wish to get full value from your ITSM implementation then you need to ask, and answer, questions like these before you go anywhere near a toolset.

I have a full list of over 30 questions an organisation needs to agree just for Change Management.  However once those questions are agreed the toolset can be put into place to make sure it’s a simple and painless process for staff to follow.

ITIL 4 Training


"*" geeft vereiste velden aan

Dit veld is bedoeld voor validatiedoeleinden en moet niet worden gewijzigd.


Luci Allen

Head of Operations +44 (0)7595 205888