The Importance of Change Management and Why it is Critical to Business Systems Security and Maintenance

Written by Tony McEvoy

Any IT environment needs to be secure from internal and external threats even before, during and after a breach. As well as the physical components of systems such as firewalls, networks, servers and accounts, there is the added importance of processes and procedures to help underpin and support the integrity of the infrastructure.

What is IT Change Management?

IT Change Management is a process that makes it easier for an organization to roll out change requests to the overall IT infrastructure. This helps the organization to request, prioritize, authorize, approve, schedule and implement any changes necessary.

An efficient Change Management System is critical in any size of organization to help control risk and keep disruptions to the services they offer to a minimum. There are some key points to be considered when looking at this:

  • Who will ultimately be responsible for the Change Management process?
  • How many changes to the environment are likely to be submitted and implemented on a weekly basis?
  • Do you have a Change Advisory Board* (depends on the size of the organization)?
  • Who will be the members of this board?
  • Do the members of the board have a clear understanding of the processes and the context of the changes being proposed?
  • Are people willing to ask questions on changes they do not understand?

*a Change Advisory Board (CAB) is a group of high-level people responsible for the authorization and scheduling of all complex changes. These can include Service Desk Analysts, Operation Managers and more.
The significant support of the leadership of an organization is critical to a Change Management System being successful. The importance of protecting the environment(s) should be the focal point of any amendments to key infrastructure.

Although it is essential to have a human element to Change Management in order to understand the domains and individuals involved, the knowledge should be used to automate a high number of changes to go through a standardization path. This helps to reduce the amount of time taken to review every single change at a Change Advisory Board (CAB).

Types of Changes

There are three distinct subcategories of change in Change Management. Each class of changes is managed in a different way:

Standard changes. The implementation process and risks are known upfront. The changes are managed by policies that an organization already has in place. An example of a standard change could be installing a new printer.

Normal changes. These changes have to go through change processes before they can be approved and implemented. If the change is deemed to be high risk, the Change Advisory Board decides whether it will be implemented. An example of a normal change could be adding a new server.

Emergency changes. These changes must be performed as soon as possible. An example of an emergency change could be fixing a security breach that requires a patch to a large number of sites.

Regardless, patching any vulnerabilities should be central to the Change Management process, it highlights where improvements can be made in the short-term and long-term, such as removing old operating systems, legacy applications and hardware on the cusp of going out of support.

What an IT Change Management Process Looks Like

Changes should incorporate a huge wealth of technical input (within the confines of the implementation plan and subsequent team tasks) and jargon, but should also be understood in layperson’s terms. Changes need to be drafted, reviewed and amended before their submission to ensure that all the relevant information has been captured and all teams have been involved for their viewpoints and knowledge.

Here is a breakdown of a typical Change Management process:

  • Request the change
  • Review the request
  • Approve the request
  • Create a plan for the change
  • Review and refine the plan
  • Plan and schedule the implementation for the change
  • Test the change
  • Assess and report the results of the change

Benefits of IT Change Management

There are several benefits to implementing a Change Management process within your organization, however the key benefit of IT Change Management is that it reduces the impact of disruptions to an organization’s services. In addition, Change Management helps with implementing changes more quickly, tracking the progress of changes, making the Change Management Process more transparent, the IT team are able to trace back if anything goes wrong and it can improve cost estimates for any proposed changes.

If you are looking to implement your own Change Management process, or would simply like more information regarding this subject, please do contact us and we will endeavor to help.

Knowledge Base

The Uber Hack – what went wrong and how bad is it?

Written by Mikel Pearce On September 15, Uber revealed that it was responding to a “cybersecurity incident”. Over the past ...

Read More +

Combating cyber security threats in educational institutions

Written by Natalie Trotter Cyber-attacks within educational institutions have been growing in frequency over the years and COVI...

Read More +

Cyber Exclusions and Nation State Actors – Burden of Proof Issues?

By Mikel Pearce In a recent Market Bulletin dated 16 August 2022 [1], Lloyd’s has set out its requirement that any standalone...

Read More +
CyberClan CyberClan CyberClan CyberClan