Best Practices in IT Change Management

Best Practices in
IT Change Management 

by Faulkner Staff

Docid: 00018511

Publication Date: 2301

Report Type: TUTORIAL


Enterprises must keep up with changes in technology in order to reduce
costs, boost customer service, improve competitive positioning, and
increase operating efficiency. Ensuring that changes are truly needed –
and managing those changes effectively – are steps as critical to an
enterprise as the changes themselves. Following best practices for IT
change management can help ensure that changes are made in a smooth and
orderly way.

Report Contents:

Executive Summary

[return to top of this

Enterprise IT must constantly change. It must continually evolve as
technology improves or becomes obsolete; as employees are hired, promoted,
transferred, or terminated; as departments and divisions are reorganized;
and as business goals and processes are redefined.

ITIL for Enterprise IT
Management Tutorial
IT Governance Concepts Tutorial

Corporate mergers, acquisitions, and downsizing can also make it
necessary to consolidate, redistribute, or eliminate IT assets. In many
cases, an enterprise must adapt to a change in IT while continuing to
handle its existing workload and keeping critical applications running
without interruption. In such situations, it is critical to have a
well-defined process in place to manage change.

Since the mainframe era of the 1960s and ’70s, IT change management has
been viewed as a foundational systems management discipline, joining:

  • Incident or problem management
  • Configuration or asset management
  • Performance and capacity planning
  • Quality management

As defined by ServiceNow, “IT change management describes the practices
designed to ensure successful prioritizing, approval, scheduling, and
execution of changes to IT systems.”1

To help ensure completeness and uniformity of execution, IT change
management is normally conducted according to a widely-recognized and
highly-regarded IT service management (ITSM) or IT governance framework,

  • ITIL, the Information Technology Infrastructure
    Library framework – the most popular choice
  • COBIT, the Control Objectives for Information and
    Related Technologies framework
  • ISO/IEC 20000, the International Organization for
    Standardization/International Electrotechnical Commission 20000

An enterprise will typically use only one framework or perhaps elements
from two or three frameworks. In choosing which framework to employ,
organizations would be wise to consider their own corporate culture and to
find a compatible approach rather than force-fitting ill-suited processes.

Commercial IT change management software can be helpful for enterprises
that implement frequent, complex, or multi-stage changes. However, an
enterprise of any appreciable size should at least implement an IT change
management process, whether or not it leverages an IT change management
software solution.


[return to top of this

The concepts, processes, and tools described below are central to IT
change management. Used appropriately, they can help keep technology
changes to a minimally disruptive level.

Impact, Risk, and Resource Analysis

Before committing to a change in IT infrastructure, it is important to
analyze the impact of the proposed change on each IT asset and service,
the risk of proceeding or not proceeding with the change, and the
personnel and IT resources that will be required to implement the change.
These analyses can be based on information from an asset management
system, which integrates physical and financial details about each IT
asset with purchasing, support, general ledger, and other data throughout
an enterprise. A detailed picture of the global impact of local changes in
IT infrastructure can help an enterprise plan changes in a way that
reduces risk and downtime. The information about an enterprise’s IT assets
and support costs provided by an asset management system can also enable
faster, more accurate budgeting and cost projections to help an enterprise
forecast available and required resources for a project.

Scheduling and Task Sequencing

An IT change management system can help an enterprise schedule changes in IT
infrastructure in the proper order and at the least disruptive times. These
systems lower the risk of implementing changes, validate compliance with
internal and external policies and standards, and allow enterprises to
assess the impact of changes. These systems also help track
inter-dependencies, due dates, and current status. They may provide links to
applications (such as Microsoft Project) for scheduling.

Implementing a cross-disciplinary project team can help to ensure that
systems critical for each department remain available when they are most
needed. For example, although it would be most convenient for IT staff to
make changes during business hours, the customer support representative on
the team would make sure that such changes take place during low-demand
hours. An impact analysis report can help an enterprise determine when to
schedule a change to minimize disruption to the systems and people who
will be affected.

It is important to leave room in a schedule for unforeseen delays,
training time, and adjusting to one change before proceeding with another.
If a change in IT infrastructure necessitates training employees to
use the new system, such training should occur before the infrastructure
changes are completed to ensure that there is no dip in productivity when
the new system becomes operational. Organizations that standardize
their computer operations on a single platform may want to consider an IT
change management application designed specifically for
that platform.

Frameworks for IT Change Management

Like other systems management disciplines, IT change management is
normally performed within parameters established by a standard IT service
management (ITSM) or IT governance framework, like COBIT, ITIL, or ISO/IEC


Created by ISACA (the Information Systems Audit and Control Association),
COBIT, or Control Objectives for Information and Related Technology, is
primarily concerned with IT risk management, including risks related to IT
change management, and furnishes a comprehensive list of control
objectives which are essential to effective IT business control.2


Owned by Axelos, ITIL, or Information Technology Information Library, is
“a framework designed to standardize the selection, planning, delivery,
maintenance and overall lifecycle of IT services within [an enterprise].”3

Concerning IT change management, ITIL recognizes three types of change:

  1. Standard changes are those that are documented and
    pre-approved. “Updating the operating system on enterprise devices is an
    example of a standard change.”
  2. Emergency changes are changes that need to be
    implemented immediately to mitigate the impact of an incident. “Security
    measures carried out following the detection of a security breach is an
    example of an emergency change.”
  3. Normal changes are changes that cannot be classified
    as a standard change or emergency change. “Normal changes are usually
    initiated for process improvement, increased productivity, and other
    business goals.”4

ISO/IEC 20000

The ISO/IEC 20000-1:2018: Information technology – Service management –
Part 1: Service management system requirements standard “specifies
requirements for an [enterprise] to establish, implement, maintain and
continually improve a service management system (SMS) [see Figure 1]. The
requirements specified in this [standard] include the planning, design,
transition, delivery and improvement of services to meet the service
requirements and deliver value.”5

Figure 1. ISO/IEC 20000 Service Management System

Figure 1 ISO/IEC 20000 Service Management System

Source: ISO

IT Change Management Software

IT change management software provides valuable information that can help
an enterprise analyze what to change, when and how to change it, and what
risks, costs, and potential obstacles may accompany the change. Such
software can also help to manage the process of change by using task
sequencing, automated approval processing, and remote software deployment.

Prominent IT change management software solutions include:

  • ManageEngine ServiceDesk Plus
  • SolarWinds Change Management Software
  • BMC Helix ITSM6

Current View

[return to top of this

The Business Reason for the Change

When considering a technology change, an enterprise should make sure that
there is a valid business reason for the change, and it should assemble an
IT change management team that includes representatives for all the
stakeholders in the enterprise. It is wise to also build support for the
project through effective communication among all people within the
enterprise who will be affected by it. During implementation, making
smaller, incremental changes minimizes risk and makes it easier to isolate
problems and make mid-course corrections.

As technology improves at a faster and faster rate, it quickly becomes
out of date. But it is important to guard against changing an IT system
for no other reason than the availability of newer technology. IT change
must be motivated by a goal that is strategic and business-related, rather
than being driven just by changes in technology. One business reason for
change could be that an enterprise’s IT infrastructure is hindering the
enterprise from maintaining a competitive edge and effectively servicing
its customers and employees. Another reason could be that significant cost
savings could be achieved by making changes in the IT infrastructure.
Still other IT changes are required as a result of a merger or downsizing,
or of changes in the regulatory environment.

Collaboration and Communication

IT can have an impact on every department and function in an enterprise,
not just on IT-specific operations. When planning a change, therefore, an
enterprise should assemble a cross-disciplinary team that represents the
key stakeholders throughout the enterprise who will be affected by the
change and whose cooperation will be needed in order for the project to
succeed. Frequently, this group is referred to as a Change Management
Committee (CMC).

By including people who understand the business context in which the IT
system will be used, the CMC (or other planning team) can better assess
and manage which parts of the business and the IT infrastructure will be
affected by the change, and in particular how customers and
employees may be affected. A diverse team that represents all the
stakeholders within the enterprise will also be better able to establish a
reasonable scope for the project, changing only what is necessary and
integrating new components with existing systems that are still

Incremental Changes

Making several major changes at the same time is risky. It is wiser to
make smaller, incremental changes at different times. Then it will be
easier to isolate and resolve any problems that occur because there will
be fewer variables in play. In addition, an enterprise can begin to
benefit as the first changes are completed, rather than waiting until the
entire project is completed before realizing any benefits. Making changes
incrementally also allows an enterprise to reevaluate plans and make
mid-course corrections. This is especially important when dealing with
changes in IT infrastructure, because new technology may become available
midway through the project, which could affect decisions about how to

Asset Management

An important component of successful IT change management is disciplined
IT asset management, the creation and maintenance of a comprehensive asset
repository that integrates physical and financial details about each IT
asset with purchasing, support, general ledger, and other data throughout
the enterprise. This data serves as a foundation for risk and impact
analysis that enables well-informed, intelligent decisions about when,
how, and why to make changes in IT. For example, IT asset management can
identify dormant assets that accrue costs without providing benefits, as
well as those assets that cause a disproportionate share of trouble
tickets and service requests. It can also help an enterprise assess
feasibility and TCO before committing to a mass software upgrade or
desktop standardization, taking into account expenses such as training or
analysis of what percentage of the enterprise’s desktops will need
upgrades in order to be capable of running the new software. And the
consistent tracking of installations, moves, adds, and changes (known as
IMACs) that is part of IT asset management ensures that any changes will
be handled in an organized, well-documented manner.

Document Everything

Analyst Melissa Palmer observes that “Everything should be documented
when it comes to driving effective [IT] change management. There’s no such
thing as too much documentation. Organizations often go down the path of
[IT] change management because something terrible happened in the
environment. That highlights the need to quickly and easily [determine]
what changes were made, and when. Likewise, when a change initiative is
successful, documentation of the process can inform future changes and
serve as [an IT] change management model [from which to build].”7


[return to top of this

The following is a list of best practices for IT change management

1. Make sure that there is a valid business reason for the change.

IT change should not be driven just by the availability of new
technology. Business-related reasons for change include improving service
to customers and employees; significantly reducing the TCO of the IT
infrastructure; and consolidating, redistributing, or eliminating IT
assets in response to corporate mergers, acquisitions, or downsizing.

2. Assemble a cross-disciplinary change team that represents the key
stakeholders throughout the enterprise.

Include people who understand the business context in which the IT system
will be used, who will be affected by the change, and whose cooperation
will be needed in order for the project to succeed. A diverse team can
better assess which parts of the business and of IT should change.

3. Make modular, incremental changes.

Incremental changes reduce the risk of IT change by making it easier to
isolate and resolve any problems that occur, and to reevaluate plans and
make mid-course corrections. They also allow an enterprise to benefit as
each change is completed rather than delaying benefits until the end of
the entire project.

4. Develop change “reversion” plans.

One of the most overlooked aspects of IT change management is change
reversion, which is the process of removing a change once it has been
implemented. While some changes cannot be reversed, others can be “backed
out” if problems develop. To prevent damage to IT systems, applications,
and data and to minimize inconvenience to IT users, the IT department
should be prepared to rapidly revert a change once a reversion has been
authorized by enterprise officials.

5. Implement IT change management in accordance with a recognized
IT governance standard.

ITIL is an excellent choice. ITIL is the most widely adopted approach for
IT Service Management in the world. ITIL has been embraced by thousands of
organizations, such as NASA, the UK National Health Service (NHS), HSBC
bank, and Disney.

6. Update the enterprise business continuity and disaster
recovery plans as appropriate.

Major changes to IT systems or applications – particularly those that
reflect major changes to enterprise business operations – may require
coincident changes to the enterprise business continuity and disaster
recovery plans. The leaders who manage these plans should be consulted
when any major change will be made.

7. Implement an IT change management system with the right

Organizations should seek an IT change management system that does the

  • Integrates with an IT asset management system to provide access to
    comprehensive physical and financial details about IT assets, enabling
    well-informed decisions about changes in the IT infrastructure.
  • Helps with impact, risk, and resource analysis by analyzing the impact
    of proposed changes on people, devices, and processes within the IT
  • Helps automate scheduling and task sequencing based on task
    dependencies, due dates, time spent, and statuses.
  • Automates workflow and approvals processing by capturing requests and
    performing automatic escalations and assignments.
  • Creates a complete audit trail of each step in the IT change process
    for better security and accountability, detailed reporting, and the
    ability to roll back IT changes and restore a previous configuration
    when necessary.
  • Provides comprehensive reports, including impact analysis reports,
    scheduling and task dependency reports, and graphs of a project’s status
    and progress, as well as the ability to create custom reports.
  • Performs remote deployments, patches, and updates on large numbers of
    servers, desktops, and devices simultaneously to increase consistency
    and accuracy, and to allow the IT change to be scheduled after-hours to
    minimize disruption.
  • Does not place an undue additional load on IT or other staff.
  • Uses procedures and processes that conform with industry standards
    best practices.

8. Keep the lines of communication open and effective. 

Poor communication can result in an IT change management implementation
failure. Developing guides that explain why change is taking place helps
keep all employees in the loop. Employees should also be able to voice
concerns to mid-level managers so that issues can be quickly addressed.
According to Forbes, it is important that C-level executives
lead the way to shape employees’ attitude towards change and that begins
with communication.8


[return to top of this

[return to top of this