Change control

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 14:04, 5 March 2007 by Mdpeters (talk | contribs) (New page: '''Change Control''' is a formal process used to ensure a product, service or process is only modified in line with the identified necessary change. It is particularly related to software ...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Change Control is a formal process used to ensure a product, service or process is only modified in line with the identified necessary change. It is particularly related to software development as during the early development of this engineering process it was found that many changes were introduced to software that had no obvious requirement other than the whim of the application developer. Quite often these unnecessary changes introduced software bugs necessitating further changes.

Later it became a fundamental process in quality control. It is also formally used where the impact of a change could have severe risk and or financial consequence. Typical examples from the computer and computer network and or network environments are the upgrade of operating systems, network routing tables or the electrical power systems supporting such infrastructure.

The process

Change Control today is seen to be a set of six steps. Each step may have another process associated with it. These start with the receipt of the Change Request:

  1. Record
  2. Assess
  3. Plan
  4. Build
  5. Implement
  6. Close.


A formal request is received for something (usually in the Client's contract) to be changed, known as the "Change Initiation". Someone then RECORDS and categorises that request, and decides upon who should make an IMPACT ASSESSMENT. The IMPACT ASSESSOR or ASSESSORS then make their risk analysis and make a judgement on who should carry out the Change, typically known as an SDU team (Service Delivery Unit). The SDU's first job is to PLAN their change in detail, and also construct a regression plan, if it all goes wrong. If their plan is agreed then they will BUILD their solution, and have it tested. When this is approved, the Change can be IMPLEMENTED, and when the client agrees all is OK, the job can be CLOSED.

Roles of involved people

The following roles have been identified in the Change Control process:

  • Change Initiator (CI) - The Person who initiates the request and who ultimately will confirm its completion.
  • Change Sponsor (CS) - The Person who gives business approval for a change.
  • Change Administrator (CA) - One or more Change Administrators carry out initial categorisation and assessment, monitor progress of the change requests through the change Owners and ensure acceptance.
  • Impact Assessors (IA) - Relevant people who assess the impact of the change
  • Change Owner (CO) - Typically the person who is allocated to a change and who manages it through to acceptance and closure.
  • Change Manager (CM) - The Change Manager manages the overall change process, acts as a point of escalation for COs, exercises judgement in assessing requests and escalates to a Change Board. The CM also acts with authority delegated by the Change Board to drive emergency changes or expedited changes through the system.
  • Task Owners (TO) - Task Owners are assigned specific tasks by the Change Owner and own them through to completion. The system supports supervision of assigned tasks.
  • Change Board (CB) - An appropriate management Board used to review the change process and specific changes where required. Typically comprising Service Delivery Manager, Customer representative & Change Manager.


External links