Last December, ITSS instituted a new change management process which includes a Change Approval Board, or CAB for short.
The goals of CAB and change management in general are to promote careful planning, review and approval of proposed system and application changes, minimize disruptions and down time, and to improve communications with customers.
Change management is all about risk. Careful planning helps minimize risk. The ability to defer change approvals to a higher authority provides options for service owners and system administrators who are averse to accepting the risk of a proposed change.
The process starts when a required system or application change is received via customer request in our ticketing system (RT), or internally from one of our process teams.
The staff member who takes the RT ticket creates a change request (CR) in our change management system. Note that not every change ITSS performs requires a CR. Routine items, such as changes to telephones, do not require CRs. The focus is on systems, applications, and security. Major infrastructure changes such as cable plant or power systems maintenance also require CRs as they may impact large groups of users.
For a CR to be submitted for evaluation and approval, it must include the following information:
- Impacted Servers
- Impacted Applications
- Impacted Users
- Primary Owner of Service
- Announcement Audience
- The RT Ticket Number It Relates To
- Apply Date
- Apply Time
- Finish Date
- Severity Level (defined by number of servers and users impacted)
- Backout Plan
Once a CR is submitted it goes through an approval process. Service Owners (Team Leaders) can elect to approve or defer to their manager. Manager's can elect to approve or defer to CAB. Generally, any change that has a severity level that could impact the entire campus goes before CAB. Systems or applications that deal with private-highly restricted data are also highly scrutinized.
You may have noticed that recent ITSS announcements include the CR# at the bottom of the message. We encourage you to question any ITSS announcements that do not include a CR number. To date, over 400 CRs have gone through the process.
Once a CR is submitted, it appears on a change calendar. Staff working on a new CR, or working on a decision to approve, can and should review the change calendar to determine if the proposed change will have a negative impact on other CRs scheduled for that day.
Today, CAB consists of ITSS management and service owners (team leaders). We are evolving the process to incorporate non-ITSS administrators of PCI and other private - highly restricted systems and applications. If you'd like more information on the process, please contact one of our CAB managers, Chuck Bosell, firstname.lastname@example.org or Kevin Wu, email@example.com.