Posted: Wed Jan 16, 2008 5:37 am Post subject: How do you handle sign off?
At the company I am currently working we handle the RFCs through a system, but we are puzzled on how to handle the CIO's, CEO's, etc. sign offs to approve the changes and to approve the Planning, Testing, Design, etc. Right now we are doing it with physical documents printed on paper, so we have the RFC in the system and then the proper sign offs on paper.
How do you guys handle sign offs at your companies?
Are you talk about some type of specific, highly critical business effecting changes that they need to give approval on? Or are you in a smaller organisation where the CIO and CEO also have to take operation responsibilities in IT?
If not then you don't need that kind of bureaucracy slowing you down. After all, they're always on the golf course so how are you going to get them to sign off?
Joined: Feb 28, 2006 Posts: 411 Location: Coventry, England
Posted: Thu Jan 17, 2008 1:41 am Post subject:
The only time I would want to see the CEO signing of on a Change, would be if it were a Major Change involving, for example, moving the whole operating system from a Cobol Mainframe environment to an AIX Linux Server environment.
In practice, as John so rightly says, these things are discussed at a Board meeting and the IT Director gets to sign it off.
Joined: Oct 26, 2007 Posts: 295 Location: Calgary, Canada
Posted: Thu Jan 17, 2008 2:45 am Post subject:
Agreed with other posters regarding CIOs etc...
For changes that do not require such high level of approval, which I suspect most of your changes are, any decsent ticketing tool will enable you to set policies and forward RFC's to the required individuals who would be authorized to approve or reject the requests by clicking "Approve" or "Reject" buttons and providing some sort of a justification.
Most of the major service management (aka ticketing) applications I know of provide that kind of functionality.
I agree with what you guys say, however, I forgot to give a key fact, it's a small company (220 employees). However, standard (regular updates, etc.) and minor changes are still being signed off by the CEO and CIO, which I think it's absurd.
In my organization, we specifically wrote that if you have an emergency change that needs to be implemented ASAP And does not even have any time for a E/CAB, you can contact and get explicit approval from the CTO/CIO. (This prevents people from abusing the Emergency Change process because of poor planning.) In that case, we usually get "verbal approvals" from the CIO and have the Change Manager note it in the ticketing system.
While we recognize that might not be the best way of handling approvals, we are also implementing a mobile interface to our ticketing system so they can approve from handhelds.
In the various Change Management Systems that I have been involved in, it really varies on how the auditors view sign-off. Some will take verbal approvals, others require electronic. If it really does require electronic, usually getting a quick and easy method to approve changes, like wireless web, really helps out.
Joined: Jan 03, 2007 Posts: 189 Location: Redmond, WA
Posted: Fri Jan 18, 2008 10:06 am Post subject:
According to ITIL, at some point Standard Changes (changes that have been performed before, for which the risk is understood, and for which there are documented procedures) shouldn't require any sign-off. They are in essence pre-approved. Minor Changes should be authorized by the Change Manager. If others need to look at them, then they should be classified as Significant or Major Changes.
Tend to agree with the feedback above. Standard/pre-approved changes are in this bucket so as not to require approval each and every time, to streamline things.
You don't want upper management approving individual changes - if part of a bigger project, you would expect that occur before the change is even built, say, at the feasibility/business case stage.
Taking this from a slightly different angle; should you have an urgent/emergency change where the approval is required, and the required approval (and 2IC) are unavailable, what happens? I personally insist on everything in writing. Verbal approval is merely hearsay. Where I am unable to obtain electronic approval within the ITSM tool, I need to receive an email which I then file, and also copy into the work log of the change record (a field that can't be edited once saved). If I can't obtain an email, I tend to insist on a SMS to my mobile/cell phone - I can then using the phone synching software to transfer the message into the change record's worklog. Better this way for auditing purposes, and in the event where the change fails, and the verbal approver says "I never approved that" to save their own incompetent arse. (Has happened before, hence my insistance on approval in writing).
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum