Page 1 of 1

Delimitation of change

Posted: Tue Dec 04, 2018 4:03 am
by tez
How do you define when an action is a change, when not?
For example: The installation of a new software version is a change, there are probably all agreed.
But what about a database modification? Is the execution of a few SQL commands (to correct an incident) a change?
How do you distinguish it?

Re: Delimitation of change

Posted: Wed Dec 05, 2018 1:07 am
by UKVIKING
Actually, everything you showed is a change as you are changing something in the IT resource - be it a server, database or application.

In fact data entry can be considered to be a change - as you are changing the content of the fields.

But the issue is whether it should be managed thru a formal or informal change management process.

IT Resources require administrative & maintenance actions - system or database - in order to keep running

Lets take databases for example

The commission, decommission of a new database instance or the installation or remove of a database applications software product is a change. However, these are normally handled via a defined process without a formal change management process. There is usually a project process and on board or off board processdo deal with this type of activity with the appropriate controls -and authority.

As the risks and impacts are known and the impact to existing services are well defined, this sort of activity is not within the scope of the change management process.

Same goes for getting a new laptop etc

The CM Process needs to define scope of what is in scope and what is out of scope.

Re: Delimitation of change

Posted: Wed Dec 05, 2018 1:43 am
by tez
So if I understand your reasoning correctly: Do you make the decision dependent on how high the risk is, and whether there is some (other) process for steering? That is understandable.
I care for the formal aspect too: the ISO/IEC 20000, which is used for auditing us. But this is not very concrete in the definition of what a change is and what it is not.

My db example: It seems to be similar (in an exaggerated way) to changing text within Microsoft Word , as the db is part of the service, which allows to insert and change attributes and field data. This is why I´m uncertain about it. But according to your definition, there is some risk for sure.

Re: Delimitation of change

Posted: Wed Dec 05, 2018 4:20 pm
by UKVIKING
Ok

ISO 20000 does not really define things.
ITIL does in a way
as does CoBIT
First an ugly truth about Change Management.
It is bureacracy and time consuming.
Second, it should be used where it does the most good and merely be a check box endeavour. Therefore, Change Management should be used where there is a service - operational service - that is delivered to the customer - whether internal or external.

So the development of a new software product or a new custom version would not fall under the scope of Change & Release Management until such time as the solution is ready for Deployment to Production. Release and Deployment Management feeds into Change Management by stipulating the authorised ways to get the soluton out of the development world and into the test world. Success criteria of testing would assist in determining when the solution is to be deployed to Production. The formal change management process would be used to manage risk, inform stakeholders, determine appropriate deployment window - depending on service impact - actual and potential.

The delivery of a laptop to a new staff would NOT necessarily follow the same paths eeven though it is a change.. The designated change authority may be the Sevice Desk as part of their Staff OnBoard process. The work is tracked, managed through sometime - a standard change for example that the Change Manager really does not need to worry about

Then there are system activities - clearing logs, rebooting systems, conducts maintenance activities. These would be work scheduled during the appropriate times - maintenance windows or approved periods as part of the service defintiion to the customer and based on the service being delivered

Application Data that is mass updated may be treated as software releases. It just depends on what existing controls and testing.

For example. a clerk can enter the details for an invoice in a currency. But, the currency exchange rate may be done sysmetically or by some one other than just a clerk. This firt time that this is done I would expect CM invovlement and hard criteria for testing etc and impact identification.. but once it is routine, then it is just a restricted maintenance activity

You need to read the ITIL Books on change management, the ISO 20000 SHOULDs and SHALLs -:1 & :2 and lok at CoBIT

In addition, you define your change mgmt process based on what you are doin IT Wise - normally

Re: Delimitation of change

Posted: Thu Dec 06, 2018 8:22 am
by Sandys
John, you should write a book on Change Management,. I'd but it! :D

Re: Delimitation of change

Posted: Fri Dec 07, 2018 2:14 am
by tez
thanks for the detailed presentation