Risk and Impact assessment of all change request

Discuss and debate ITIL Change Management issues
Post Reply
User avatar
Posts: 2
Joined: Sun Jan 05, 2014 7:00 pm

Tue Nov 11, 2014 3:49 am

I am trying to promote better risk and impact assessment of all change Does anybody have;
1. A clear definition of risk and impact allowing the reader to understand and differentiate between the two terms?
2. Easy to understand examples of above?
3. Any freebie tools, spreadsheets you may have, know of that ask questions of a change initiator that give an automatic risk and impact rating for including in their RFC/CR?

User avatar
Posts: 2
Joined: Mon Nov 17, 2014 7:00 pm

Thu Nov 20, 2014 7:58 am

I also wish for If we could hv concrete answer for it.. Its very Subjective for every change to identify Risk, There are various condition depends on Risk can be varies for a change....
However we can en force few question to identify Risk for a change. Like.... U can have there sub question which help you to calculate risk for u...
1. Is there any Business Service down time required as part of the install of this change?
2. Is there any production Infrastructure and/or Application down time required as part of the install of this change?
3. Complexity of the change - How will the change be installed?
4. Testing completed for this Change?
5. Define your Back-out Plan
6. Define your User Verification Test (UVT) Plan
7. Similar change activity has occurred on this service within the last 6 months.
8. Is this change to a system with feeds or connectivity to other systems?
User avatar
Posts: 10
Joined: Mon Nov 28, 2016 7:00 pm

Thu Dec 01, 2016 10:38 am

Define it as Probability x Impact = Risk

Rate probability from 1 -4 (4 being high)

Rate Impact from 1 - 4 (4 being high)

Have a calculation times each other, this could then categorise is either Minor (1-3), Significant (4-6) and Major (8 -16).

Lead times assigned for each Risk level.
Post Reply