I would suggest that if you hear of a change not going through the correct process you get the culprit to do the documentation after the fact and pull them into the next CAB to explain why. If you've got adherance to processes in your staff's objectives then it'll work.
What do you want to capture about the change? Well it's worth getting them to the documentation in retrospect simply so you can report on all the normal stuff, but add a flag for 'unauthorised' and have a lessons learnt field to give the fundamental reason for the lapse, e.g. lack of training, discipline, third party unaware. That sort of thing so long as you can feed it back into more effective adoption of the process.
In terms of spotting 'black ops' changes well yes it's very difficult in some parts of the infrastructure but I've seen that some desktop management and 'cmdb' products let you do exception reporting. Basically creating a report of anything that's changed from yesterday to today. Personally I'd rather gouge my own eyes out than sift through that every morning...
Joined: Nov 07, 2007 Posts: 31 Location: Jersey, C.I.
Posted: Wed Feb 20, 2008 9:59 pm Post subject:
Thanks for the tips.
I guessed it was going to be a case of just "keeping my ear to the ground". As our organisation is not huge (around 1000 users), I might be interested in looking at exception reporting down the line (maybe once a month, so as to keep the eye gouging to a minimum), so if anyone has any recommendations of products that can do this, it would also be apprecaited.
Joined: Oct 07, 2007 Posts: 441 Location: Jakarta, INA
Posted: Thu Feb 21, 2008 11:21 am Post subject:
You are absolutely right. It is difficult to detect unauthorized changes at first place. But there should be any audit mechanism that could track documents against reality. By that you could detect any unauthorized change.
The company I work for hasn't come to audit phase in ITIL framework, but currently we have a self developed versioning mechanism that we called "versioning control"
Joined: Jan 03, 2007 Posts: 189 Location: Redmond, WA
Posted: Thu Feb 21, 2008 12:53 pm Post subject:
One of the best tools for auditing the Change Management process is an accurate CMDB. If the only updates to attributes to CI's are through approved Changes, then auditing the CMDB against the physical state of CI's will show you how well, or poorly, your Change Management process is in maintaining a Controlled state.
Posted: Tue Feb 26, 2008 12:07 pm Post subject: change audit/exception tools
Really depends on the ITSM tool you are using, and what audit tools compliment. For example, my organisation uses Remedy, and my research has identified Tripwire as providing tools that are easily integrated with Remedy.
We currently use Tivoli (for other purposes as well), and Statseeker, but this potentially only identifies a portion and a specific class of unauthorised changes...I am ever the pessimist!
We're not using tripwire, not sure that we ever will, I just know that it will integrate nicely should we need something more than what we have.
We've had Tivoli for years now, for event management, software dist, backup/restores, inventory scans, and more I'm sure, so it's more than likely cost-effective.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum