In today’s technological world, success is either built upon, or a direct result of Information Technology in one of it’s many forms. And if we know anything about the “electronic age” it’s that change is a constant. From implementing new solutions to responding to new regulations to addressing the latest vulnerability, change is an everyday part of corporate life in the IT department. With so much change taking place, and the potential impact one bad change can have, it is vital that you have a well-defined Change Control process in place, and that you ensure it is strictly enforced. Surely you hire highly skilled programmers and administrators to handle your IT, but consider what is at stake if a change goes bad.
Application Changes: Nothing sends customers to your competitor faster than a splash page saying you are closed for business temporarily due to “planned maintenance” or other terminology you might put up. And don’t think for a second if you are an online retailer for example, that people believe you have “planned maintenance” at 2:00 p.m. on a Tuesday! But a poorly tested change in application code can shut you down.
Network Problems: The internet is full of news stories of companies being “offline” for a period of time due to problems encountered with network changes. This is an area that is particularly troublesome since many companies outsource some or all of their network management, yet are inextricably connected and dependent on seamless changes in the network space.
Maintenance Updates: Installing Operating System upgrades and security patches is not optional. Yet without a thoughtful, systematic approach, your Admins will remind you of a street brawl wherein nobody is sure exactly what is going on, or if anything is being missed in the confusion.
Regulatory Requirements: Systems, procedures and applications are all subject to various regulatory requirements, and if you have been in business more than six months, you know these change! These external drivers will force changes in your business to remain compliant.
Keep in mind that the goal of a Change Control program is not to inconvenience people that need to implement changes, nor is it to delay the timeliness of updates. These are often cited as roadblocks for why people do not want to deal with Change Control, but if that is what your system is producing, you need to examine and fix it.
At a fundamental level, Change Control should have the following core objectives;
- ensuring accuracy in the implementation,
- avoiding conflict in the schedule,
- protecting availability, and
- demonstrating control.
In order to achieve this, the program must engage all the applicable stakeholders for review and approval. This will allow the various Lines of Business to be informed and aware, and give them all a forum to raise concerns if needed. For example, a programmer may be ready to implement some awesome new feature on your web site, expecting to draw 20% more traffic and sales. And the Network team may be planning to implement updates to handle this traffic. But if nobody remembered to tell the Sys Admins or the DBA’s, the system may not be capable of performing with the new traffic! Not to mention, ensuring the network piece is done prior to the application update would be important, even if both changes are being scheduled for the change window. As you can see, there is some overlap with Project Management, but Change Control will take into account various events from multiple project teams and ensure that they all play nicely together, keeping your business running smoothly!