What constitutes a change? That's a question we're wrestling with at the moment as we implement ITIL, and yesterday we had a meeting with our Process Managers to look at progress so far. As part of looking at change management , our Change Manager had carried out a data collection exercise in November where all staff had to log any change they made to an outward facing (ie live) system using a web form. They also had to assess the risk and the possible impact of the change.
Interesting results. A total of 2564 logged changes over 24 days ( so some were made at weekends). That's about 1 every 5 minutes on a working day. Lots of data collected, and some initial analysis has been done. Lots of discussion on what constitutes a system change, and what is a change to data - on the telephone system for example is moving an extension a change? maybe it's just a change to data, but it could have an effect on either a user or a group of users if it goes wrong.
The next step is to use the information we've collected to inform our thinking on what sort of change management and change approval process to put in place. I'm keen that we don't just implement the process as recommended by ITIL but that we do what works for us, and we'll have different processes for different sorts of changes - the 60 reported changes that had been assessed as high risk and with a high impact will be subject to a different process to the straightforward data changes. What's important is that everything follows an agreed process.
We also had a presentation from our Test Manager - test management being the process for reducing the risk of service failures when moving from development to production. There are many different ways of testing systems (even by releasing something and letting users test it which some software manufacturers have been know to use....). We know we have many different ways of doing things here - things like payroll we test almost to destruction before anything goes live, with other services we're much less stringent. Again, it's about getting an appropriate process in place.
Other presentations included progress on the service catalogue, and incident and problem management. Our incident management procedures are now well established for in-hours incidents, but we're currently reviewing out of hours ones.