- Standard Changes
- Normal Changes
- Emergency Changes
Standard Changes are generally low risk changes pre-authorized by Change Management, and they follow an established and repeatable procedure.
For example, when an organization hires a new employee, all of the activities that must be accomplished such as establishing various user IDs, installing equipment, and establishing the employee’s office number might be realized through a Standard Change. Standard Changes usually describe low-risk, common activities that occur regularly in an organization.
Effective use of Standard Changes is one way an organization demonstrates a mature and effective Change Management process. A mature Change Management process regularly reviews the risk of various changes using a Change Advisory Board (CAB). The purpose of a CAB is to understand the risks associated with changes and make decisions related to changes and change coordination. A mature organization has a mature Change Management process, which is evident from regular evaluations of change risks by a Change Advisory Board.
The problem with CABs is that their time is precious. CABs are often key people throughout the organization who understand the various perspectives and the potential effects of change on the business. CABs usually have a limited amount of time to evaluate the risk of what could potentially be an unlimited number of changes, and they need a way to protect their limited time and maximize the available resources. This is how Standard Changes help.
An effective CAB doesn’t repeatedly review the risk of the same changes week after week. Rather, an effective CAB recognizes the repetitive changes and attempts to formulate a standard process that can be followed when the change recurs. In effect, part of a CAB’s function is to identify potential future Standard Changes and transform what were once Normal Changes into Standard Changes when possible to improve the organization’s effectiveness.
One thing that is not in the ITIL best practices, but I believe should be, is the concept of a “time to live” for Standard Changes. It’s fine to evaluate the risk of a change and establish a repeatable process for handling that change, but this fails to take into account that organizations are dynamic. A decision made today might not be valid in 3 months time. An effective process for handling Standard Changes takes this into account by establishing a “time to live”. When a Standard Change is initially created, this “time to live” value is set to a low number. When the “time to live” value expires, the organization should reevaluate the Standard Change to see if anything is different that might affect the level of risk associated with the change. If nothing changed, the “time to live” can be increased. Ideally, organizations should review Standard Changes periodically, and some type of “time to live” value associated with Standard Changes can help to achieve this.
Standard Changes are a very useful concept. Any organization that handles a high volume of changes really won’t be able to effectively manage risk without Standard Changes. However, Standard Changes are not a “once and done” type of thing. They must be regularly reviewed to verify that assumptions made during their creation remain valid.