Posted: Tue Oct 25, 2011 2:36 am Post subject: Every change to a CI vs Change Policy
I’ve been doing change management on a fairly large network/account. I have been enforcing the general rule that any change to a CI requires change management including a formal change record in the change management system and not in a separate record in a request management system. I have been running into some resistance. There are certain changes where this approach is not practical. They argue that there are environments where user ports are constantly being changed to accommodate business user movement. For example, simply activating a user port.
I have recently been assigned to do change management on another fairly large account, which previously had no dedicated change manager and where many simple preapproved/standard changes are not recorded in the change management system. Changes like activating a user port, assigning the user port to a VLAN and even firewall rule changes are recorded only in a request management system.
Would continuing as such just be an issue of change policy, or would it be a basic violation of the intent of change management? Is there some documentation that supports either view?
Joined: Mar 04, 2008 Posts: 1893 Location: Helensburgh
Posted: Tue Oct 25, 2011 4:50 am Post subject:
to look at your example where user ports are constantly needing to be changed. There are other examples of this type of condition - some develop quite a but of heat on the fora.
My take is that you can happily take such activities away from Change Management (note the capitals) but not away from management. Something that is being done "all the time" is an operational activity, and it needs to be managed as such. Design a procedure for carrying it out and take into account, inter alia, the risks, and the importance of keeping the documented system up-to-date. Have the procedure approved/audited by Change Management, Security Management as well as the more obvious operational and customer parties, and you will have a sound system. The lightness or heaviness of the procedure you develop will be commensurate with the risks involved in the activity.
The change management process is for all the things that do not already have change management built into their procedures, But the Change Manager is responsible for seeing that all change is well managed.
It may not look ITILish, but it will meet the requirements of ISO20000 if done right. _________________ "Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum