RFC must reference the associated CIs?

[Flasheart]

During our Configuration Management requirements workshop, one of the requirements we’ve gathered (which is more in Change Management’s area) is that “All RFCs must reference the associated CIs”

The thought behind this is anything having an RFC should have already gone thru Asset Management or Release and be approved for use on the network. If its approved for use, then it’s a controlled item and should be in the CMS, at least for our implementation.

I have 2 questions. First, despite some effort I am having difficulty to tracing this requirement to an ITIL good practice... although I swear I’ve read and have previously implemented something to this effect before. Can anyone tell me if I’ve lost my mind or what ITIL volume / section covers this?

2nd question, can anyone think of exceptions to this policy requirement?

Not trying to have others do my requirements traceability for me, but today feels an awful lot like a Monday.

Edit: After a bit more thought I can answer passwords resets (at least for our CMS implementation). I know w/o knowing the full scope of our CMDB that question 2 can be a bit vague.

[Diarmid]

At some change in the development of a change request it becomes important to identify the CIs that will be affected. However, if you require this information in the initial request for change then you are giving people who do not have an easy way of establishing this information a hard time. For example customer staff would not really have much clue about your CIs (nor should they).

For this reason it would be wrong of ITIL to declare it good practice and thus it does not do so. It makes no assumptions about the detailed nature of the RFC (nor of anything else) since it does not know how they will be used in different contexts.

My own opinion is that a request for change should be couched in terms familiar to the person making the request, clear and explicit, but not necessarily containing technical detail. In this way your system will always be recording the genuine original source of the request and this is very useful when considering such factors as authority and sign off.

Do password resets change a configuration item? Are they changes to the service or its infrastructure, or are they simply changes to a data item within a system?
_________________
"Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718

[Flasheart]

I found the text while re-reading "Implementing ITIL Change and Release Management" by Larry Klosterboer, under the section Documenting the Request for Change it states:

"The best practices contained in ITIL indicate that each change should reference one or more configuration items. These are entries from your configuration management database (CMDB), and each change should record exactly how the configuration of your environment will be modified by the change being proposed."

So, I didn’t lose my mind, I did read this somewhere.

Ultimately I understand it’s up to what the organization needs are, balancing process, efficiency, and risk.

[Diarmid]

That quotation is wholly consistent with what I said. It does not say "change request", it says "change".
_________________
"Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718

[Flasheart]

...taken from the section Documenting the Request for Change...

At anyrate my brain is hurting and I think I have what I need.