Change Management
The goal of change management is to standardize the methods and procedures in which IT organizations use to modify hardware, communication equipment, software, systems and other “live” application software. This precludes applications under development. The Change Management process should be implemented in parallel with the Configuration Management processes. The Change Management process is responsible for assessing impacts on business and IT performance, and authorizing changes based on the impact assessment. On the other hand, Configuration Management is responsible for identifying all areas that will be impacted based on the Change Request, providing that information to Change Management so it can assess the impact, and finally update the configuration items with the requested changes.
Managing changes addresses how an organization modifies functionality to help the business meet its service level agreements. Deficiencies in this area may significantly impact the service level promised to the business. For example, changes to the programs that allocate data to accounts require appropriate approvals and testing prior to the change to ensure classification and data integrity.
Change management ensures that security, availability, and processing integrity controls are set up in the system and maintained through its life cycle. Insufficient configuration controls can lead to security and availability exposures that may permit unauthorized access to systems and data and impact reporting.