Change Management Best Practices
General
Practice Area
Best Practice
Criteria
Change management policy,
procedures, and standards are
integrated with and
communicated to IT and business
management functions.
•
•
•
A written policy for change management exists,
which defines all roles, responsibilities, and
procedures related to change management,
approved by the CIO / IT Director, and the
business Information Security manager.
Change management procedures and standards are
communicated that define the techniques and
technologies to be used throughout the enterprise
in support of the above policy.
Policies, procedures, and standards are reviewed
periodically (at least annually) by IT management
to ensure suitability and completeness.
Organization
Roles and responsibilities
affecting Change Management
are defined, designated to
qualified personnel,
communicated to the
organization, and enforced
throughout the change
management process.
•
•
•
•
•
•
•
•
•
The number and skill levels of Infrastructure
Support personnel are appropriately assigned with
regard to the complexity of the organization, the
complexity and performance of the organization’s
applications and networks, and these systems’
criticality to the business.
Personnel responsible for business analysis are
competent and/or fluent in the organization’s IT
systems, and have exposure to organization’s
management policies, procedures, and people.
Personnel responsible for technical analysis are
skilled in the organization’s IT systems, and have
experience and/or have been trained in project
management for these systems.
“Major-impact” change management team consists
of sufficient business management authority to
analyze, prioritize, and allocate all resources for
project implementation.
“Minor-impact” change management team consists
of sufficient IT management authority to analyze,
prioritize, and allocate resources for change design
and implementation.
Configuration / Release managers are ass