For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone
Note: ® ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.
Joined: Nov 07, 2007 Posts: 31 Location: Jersey, C.I.
Posted: Wed Feb 20, 2008 7:58 pm Post subject: Missing Changes
Good morning,
May I ask what procedures people have put into place to identify changes that have NOT gone through the correct Change Management process? I would like, eventually, to report on this.
Joined: Sep 16, 2006 Posts: 3110 Location: London, UK
Posted: Wed Feb 20, 2008 8:08 pm Post subject:
do you mean undocumented changes
it is hard to catch those because they are undocumented
other than having policies, processes in place to deter this it is diificult
if you are talking about changes that follow the process but not entirely that is what the Post implementationr eview is for _________________ John Hardesty
ITSM Manager's Certificate (Red Badge)
Change Management is POWER & CONTROL. /....evil laughter
I would suggest that if you hear of a change not going through the correct process you get the culprit to do the documentation after the fact and pull them into the next CAB to explain why. If you've got adherance to processes in your staff's objectives then it'll work.
What do you want to capture about the change? Well it's worth getting them to the documentation in retrospect simply so you can report on all the normal stuff, but add a flag for 'unauthorised' and have a lessons learnt field to give the fundamental reason for the lapse, e.g. lack of training, discipline, third party unaware. That sort of thing so long as you can feed it back into more effective adoption of the process.
In terms of spotting 'black ops' changes well yes it's very difficult in some parts of the infrastructure but I've seen that some desktop management and 'cmdb' products let you do exception reporting. Basically creating a report of anything that's changed from yesterday to today. Personally I'd rather gouge my own eyes out than sift through that every morning...
Joined: Nov 07, 2007 Posts: 31 Location: Jersey, C.I.
Posted: Wed Feb 20, 2008 9:59 pm Post subject:
Thanks for the tips.
I guessed it was going to be a case of just "keeping my ear to the ground". As our organisation is not huge (around 1000 users), I might be interested in looking at exception reporting down the line (maybe once a month, so as to keep the eye gouging to a minimum), so if anyone has any recommendations of products that can do this, it would also be apprecaited.
Joined: Oct 07, 2007 Posts: 441 Location: Jakarta, INA
Posted: Thu Feb 21, 2008 11:21 am Post subject:
Hi Skinnera.
You are absolutely right. It is difficult to detect unauthorized changes at first place. But there should be any audit mechanism that could track documents against reality. By that you could detect any unauthorized change.
The company I work for hasn't come to audit phase in ITIL framework, but currently we have a self developed versioning mechanism that we called "versioning control"
Joined: Jan 03, 2007 Posts: 189 Location: Redmond, WA
Posted: Thu Feb 21, 2008 12:53 pm Post subject:
One of the best tools for auditing the Change Management process is an accurate CMDB. If the only updates to attributes to CI's are through approved Changes, then auditing the CMDB against the physical state of CI's will show you how well, or poorly, your Change Management process is in maintaining a Controlled state.
Posted: Tue Feb 26, 2008 12:07 pm Post subject: change audit/exception tools
Davey,
Really depends on the ITSM tool you are using, and what audit tools compliment. For example, my organisation uses Remedy, and my research has identified Tripwire as providing tools that are easily integrated with Remedy.
We currently use Tivoli (for other purposes as well), and Statseeker, but this potentially only identifies a portion and a specific class of unauthorised changes...I am ever the pessimist!
Joined: Oct 07, 2007 Posts: 441 Location: Jakarta, INA
Posted: Tue Feb 26, 2008 1:45 pm Post subject:
Wow, you really got expensive stuff, although I know tools such as Tivoli could be purchased in a modular basis.
I wonder if my company could provide such tools, we are currently developing with Jira
We're not using tripwire, not sure that we ever will, I just know that it will integrate nicely should we need something more than what we have.
We've had Tivoli for years now, for event management, software dist, backup/restores, inventory scans, and more I'm sure, so it's more than likely cost-effective.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Forum FAQ
Search
Usergroups
Profile
Log in to check your private messages
Log in
