ITIL Change Management & the CAB
In the ITIL framework, change management is one of the main processes of the Service Transition phase. Other processes that work in tandem with change management in the Service Transition phase include:
- Change evaluation
- Product management
- Application development
- Release management
- Service validation and testing
- Service asset and configuration management
- Knowledge management
Download Now: ITIL 4 Best Practice e-Books
These all-new for 2020 ITIL e-books highlight important elements of ITIL 4 best practices. Quickly understand key changes and actionable concepts, written by ITIL 4 contributors.
Overall, the Service Transition phase governs service and product delivery. In this phase, change management serves to express control over the lifecycle of change across all processes involved in Service Transition. The transition itself occurs as products or services are shifted from the organization to the client in finished form.
By design, controlling the life cycle enables a team to make positive changes to the service delivery model without disrupting business. This team is known as the Change Advisory Board, or CAB for short.
In ITIL, change management focuses on limiting business risk created because the following two objectives of the framework are in competition:
- Objective 1: Providing reliable services with stability that clients can rely on.
- Objective 2: Providing flexible services that can change quickly with the needs of a client.
As much as some organizations may try to resist the formality of a change advisory board, meeting both of these objectives means adopting the ITIL change management process as a best practice.
CAB Members
The CAB is often made up of several high-level members. These include the following:
Service Desk Analyst
A Service Desk Analyst takes service calls, documents incidents and escalates to a Service Desk Manager. Either the Analyst or the Manager can participate as a member of the CAB. He or she will offer insight as to common issues with service delivery and how to troubleshoot them.
Operation Managers
Any Ops Managers responsible for day-to-day running of the organization might be included in the CAB.
Application Manager / Engineer
The Application Manager is responsible for overseeing the development and deployment of applications. This role offers high-level insight on products offered to internal or external customers.
Information Security Officer
Information Security Officers manage the day-to-day aspects of network security and provide knowledge of potential threats or vulnerabilities to applications and systems.
Senior Network Engineer
Network Administrators oversee and manage an organization’s networks and cloud infrastructures. Senior engineers are usually required to bring a certain number of years of quality experience to the CAB table.
Business Relationship Managers
Business Relationship Managers work directly with clients, usually in a B2B setting, but they could also work with direct to consumer services. These professionals offer insight on client wants and needs.
Characteristics of a CAB Team
As you can tell, the CAB team is made up of a diverse group of business leaders and high authority individuals throughout the organization. Think of the CAB as a specialized group of individuals who embody certain characteristics to meet operational goals.
These characteristics include:
- Fostering professional courtesy within the team and across the organization.
- Presenting a number of different perspectives to offer the group variety.
- Providing a strong desire to engage one another toward the goal of change.
- Offering a committed approach to ensure that services and business continuity remains stable throughout the change process.
Goals of the CAB
In a perfect ITIL framework, all changes in production will be brought through the CAB for review, since the ultimate goal of the CAB is to ensure quality release. This is achieved by keeping the following goals in mind during the operations process.
- Ensuring that application timeline does not conflict with other business needs.
- Requiring that all architectural standards are met.
- Retaining ownership of the change management process.
- Delivering consistent quality standards to customers.
- Advising business leaders on change management processes.
- Supporting the review and approval process.
Functions of the CAB
The CAB often advises change managers based on the goals of the group listed above. However, it is important to note that the CAB does not have the authority to function as a review and approval board. Instead, the advisory board carefully acts on a number of processes as follows:
- Assessing risks and consequences of requested changes.
- Reviewing Requests for Change (RFCs) – considering the resources available and potential impact.
- Supporting the Change Manager, who is the ultimate decision maker.
- Creating documentation for review.
- Communicating regarding upcoming changes throughout the organization.
- Ensuring changes are understood.
- Offering suggestions to reduce overall company risk.
- Participating in continuous improvement initiatives to the change management process.
- Using change management software and familiarizing Change Managers as needed.
- Requesting a more in-depth review of upcoming changes, as needed.
CAB functions also include periodic revisiting of meeting minutes. During these audits of previous meetings, the CAB reviews:
- Any changes implemented in the previous period.
- Any failed changes.
- All successful changes.
- Any changes the team did not implement.
- Incidents that occurred as a result of change.
CAB Operations
The Change Manager is typically in charge of conducting CAB meetings which can be held on a regular schedule that takes into account the size of the organization and resources. Typically, meetings are scheduled monthly but they could also be required on a weekly or daily basis.
Meeting Agenda
Meetings usually open by reviewing the previous meeting minutes as described in the previous section. The agenda could look something like this:
- Assess proposed Requests For Change (RFCs)
- Review risk and overall impact:
- How are services impacted?
- How are service levels impacted?
- How will this change impact performance?
- How will resources be tasked?
- What impact does this have on security and compliance initiatives?
- What impact can we expect on finances?
- Review required resources
- Prioritize RFCs
Emergency CAB Meetings
Change Managers can schedule emergency CAB meetings to address urgent needs. These usually arise from incidents that occur in the Service Transition process. For an emergency meeting to be called, the incident has to represent some problem or breach that would impact critical business functions.
As with all CAB interventions, only the change manager has the authority to make a final approval of change, even in an emergency situation.
CAB & ITSM
In a previous post, we explained the similarities and difference in ITIL and ISO 20000. Both offer solutions that work together to enhance IT Service Management, also known as ITSM. While ISO 20000 and other ITSM resources do not require a CAB, it is recommended that organizations include this ITIL best practice as part of their ITSM strategy.
Of note, most frameworks offer specific guidelines that must be fulfilled with regards to change management, ISO 20000 included. These guidelines are implemented by fulfilling the goals and functions of CAB.
CAB: A Necessary Piece of the ITIL Framework
In this post, we’ve explained the Change Advisory Board and why it forms such a critical part of the ITIL framework in the Service Transition phase. Most of all, CAB offers a formal way to make stable, reliable services more flexible to meet the needs of the organization and clients, alike.
That said, organizations sometimes struggle to get on board with creating a CAB for a few of reasons.
First, business leaders can be leary of governance. People often misconstrue CAB as a board that deals in approvals and denials causing red tape and roadblocks. In actuality, CAB only stands to advise Change Managers on the best solutions after assessing all risks. Further, the diversity of a CAB panel offers a number of insights that make this process enriching.
Next, some organizations do not implement CAB because they struggle with ITIL change management process as a whole. They may implement only one or two parts of the change management process as they see fit. However, this sometimes excludes best practices required to review, monitor and implement change, like the creation of a CAB.
For more information on how Remedy can positively impact your business, contact us today.
Additional Resources