Want to control chaos in any IT environment? Want to stop asking why are things breaking? Put in Change Management. It’s staggering how many shops don’t practice this. You don’t need to go full ITIL on the team to get your house in order. Practicing Change Management is pretty straight forward.
Practicing Change Control is about managing RISK. Of course there are lots of benefits to practicing it, but the goal at the end of the day is to manage RISK.
Why do we need to manage Risk? When we don’t, that is how you achieve critical chaos!
- Define what changes are:
- Standard Changes
- Normal Changes
- Major Changes
- Emergency Changes
These are run of the mill changes your team makes day to day, password resets, new user accounts, etc… Our risk with these changes are LOW
These are the first tier of changes we really care about. These are minor application upgrades, basic firmware upgrades, control or policy changes. Our risk with these are Moderate
Planning on overhauling your application in a Friday night release? Deploying a new core routing protocol to the network? Congrats, you have yourself a major change. Our risk with these is High
The name gives it up, for some reason you had to perform an emergency change to a core system, process or policy. These should be rare, but sadly too often they aren’t. Why? Lack of planning or poor design. Our risk with these are CRITICAL
The higher the risk level, the more planning, communication and folks you need involved. No ifs ands or buts about it.