An individual authorized to release a new Change Request to the Change Advisory Board for review. The Authorizing Manager may be the Change Implementer’s supervisor, or the CAB representative for the Change Implementer’s Unit.
An alteration of a service that may adversely impact another team in OIT. Changes typically involve technical assets such as hardware and software, but may also include alterations to policies or processes impacting service delivery.
Change Advisory Board (CAB)
A group of people who evaluate Change Requests to ensure that proposed changes do not pose an unacceptable risk to OIT services.
- The CAB is composed of representatives of all areas within OIT.
- Standing CAB membership is determined by the OIT Leadership Team (Unit Directors).
- The Change Coordinator or any other member of the CAB may invite individuals to attend CAB meetings on a temporary basis as required to review a particular change request
- The CAB is convened weekly.
- The standing CAB meeting agenda includes the review of recently completed changes, evaluation of new Change Requests, progress reports for active changes and review of upcoming changes.
- The CAB reviews the initial Priority, Classification and Risk levels of Change Requests.
- The CAB may chose to accept Change Requests, make recommendations or postpone action pending further review.
Activities and duties should include but are not limited to the following:
- Circulate all RFCs to CAB members in advance of meetings to allow prior consideration.
- Manage the Emergency Change process
- Chair all CAB meetings.
- Produce regular and accurate management reports.
- Post notification of Change Management Schedule updates to Sysnews and the Network Administrators Group (NAG) after the first regular CAB meeting of every month.
Process of controlling Changes to the infrastructure or any aspect of services, in a controlled manner, enabling approved Changes with minimum disruption.
Change Management Schedule
A publically accessible online calendar that lists accepted Change Requests.
The scope of a change.
- Minor – Change that is narrow in scope or does not require collaboration to perform. Minor changes do not require formal CAB assessment prior to deployment, but should not be deployed until the CAB has been notified of the Request For Change.
Changes that will result in a service outage may not be classified as “Minor”.
Note: Minor changes are similar to what the ITIL framework refers to as “Standard” changes, but are not as formally defined.
- Significant – Change requiring cross collaboration or formal planning to perform.
- Major – Change requiring broad cross collaboration or extensive planning as well as executive support.
A change that cannot wait until the next scheduled CAB meeting to be reviewed. Change Requests that have a Change Start Date/Time that is prior to the next regularly scheduled CAB meeting are considered to have a Priority rating of Emergency. A Change Request with a Priority rating of Emergency and a Classification rating of Significant or Major (i.e. not Minor) must be evaluated immediately using the Emergency Change Procedure.
Forward Schedule of Change
A schedule that contains details of all approved Change Requests and their proposed implementation dates.
How soon a change needs to take place. (a.k.a Urgency)
- Emergency – Addresses an issue that is “Causing loss of service or severe usability problems to a larger number of users, a mission-critical system, or some equally serious problem.” A change that cannot wait until the next scheduled CAB meeting for review.
- High – Addresses an issue that is “Severely affecting some users, or impacting upon a large number of users.”
- Medium – Addresses an issue that has “No severe impact, but rectification cannot be deferred until the next scheduled release or upgrade.”
- Low – Addresses an issue that where “A change is justified and necessary, but can wait until the next scheduled release or upgrade.”
Request for Change (RFC)
A record containing details of a proposed Change (see above). Also known as a ‘Change Request’.
The risk posed by a change is the result of several factors – the number of potential adverse consequences of the change, the likelihood that one or more of these consequences will occur and the potential impact of those consequences. Determination of overall Risk is typically a subjective determination made by the individual(s) planning the change. What follows are guidelines for making this determination.
- Low – Experiencing an adverse consequence is unlikely, AND the potential impact of adverse consequences if they do occur is minimal.
- Medium – This is the default Risk for change requests, and describes all changes that do not meet the criteria for being either High or Low risk.
- High – Encountering an adverse consequence is likely, AND the potential impact of adverse consequences if they do occur is severe.