IT Change Control Process


Published on

IT Change Control Process

Published in: Business, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

IT Change Control Process

  1. 1. IT Change Control Process 18 August 2005 [email_address]
  2. 2. Why Does UD Require IT Change Controls To maintain the IT systems in a Validated State. To provide proof to our customers/suppliers/auditors that UD and IT --WORK TOGETHER-- to a formal process. To allow UD management to review and be informed of interdepartmental workflow and requests for change. To minimise cost of change by clearly specifying requirements prior to implementation and installation (cost of ownership).
  3. 3. Cost/Effort Of A Change Request (from Boehm, Barry W. Software Engineering Economics . Englewood Cliffs, NJ: Prentice-Hall, 1981) 0 10 20 30 40 50 60 70 Requirements Design Code Development Testing Acceptance Testing Operation Development Phase Cost/Effort to Correct a Problem
  4. 4. What Is An IT Change Control System ? <ul><li>A formal, documented process that describes when and how IT System functions are changed. </li></ul><ul><li>Describes who is authorized to make changes and how to make them. </li></ul><ul><li>Often includes a change control board (CCB), configuration management, and a process for communicating changes to the UDD business and external entities. </li></ul>
  5. 5. Change Control Boards (CCBs) <ul><li>A formal group of people responsible for approving or rejecting changes on a project </li></ul><ul><li>CCB’s provide guidelines for preparing change requests, evaluate change requests, and manage the implementation of approved changes. </li></ul><ul><li>Includes members from across the UDD business spectrum. </li></ul><ul><li>A CCB can say “NO” to a change request before it reaches the IT Department. </li></ul>
  6. 6. Control Board Function <ul><li>CCBs may only meet occasionally, so it may take too long for changes to occur !!?? </li></ul><ul><li>Some organizations have policies in place for time-sensitive changes (jump the process!!) </li></ul><ul><li>The ultimate decision on whether a required IT functional change is necessary. </li></ul><ul><li>Agreement and signoff approval on Requests For Change. </li></ul>
  7. 7. What are the advantages of a change control board <ul><li>A form of IT Governance. </li></ul><ul><ul><li>What is IT being asked to do and for what purpose ? </li></ul></ul><ul><li>Empowers UD management in the development cycle. </li></ul><ul><li>A greater spread of information. </li></ul><ul><li>Allows monitoring of IT performance. </li></ul><ul><li>Allows prioritising of issues for the IT department. Reduces the need of heroics by certain IT individuals. </li></ul><ul><li>Allows UD business to risk assess changes to IT functions in relation to their business processes. </li></ul>
  8. 8. The Change Control Process Loop
  9. 9. A Compliant CCP <ul><li>Initiation Anyone currently within the company can identify, recommend, initiate a possible change request. </li></ul><ul><li>Acknowledgement IT acknowledges receipt of the initiation (by email, telephone,meeting (casual or otherwise). </li></ul><ul><li>Pre-approval IT Reviews the request, evaluates initial feasibility. </li></ul><ul><li>Implementation IT executes the change or initiates communication with a vendor to execute the change. </li></ul><ul><li>Resolution IT /Vendor documents resolution of the problem / change. </li></ul><ul><li>Testing Demonstration of compliance and documentation of results (IQ OQ) . </li></ul><ul><li>Final Approval Acknowledgement of the action/resolution by the initiator,network administrator, computer software validation members. (PQ) </li></ul><ul><li>Update Manual entry to system inventories reflecting changes </li></ul><ul><li>Audit/Review Performed by the computer software validation specialist or external auditor. </li></ul>
  10. 10. Proposal For UDD <ul><li>A CCP document pack per change request. </li></ul><ul><li>Restart UDD Steering Meetings under guise of Change Control Board. </li></ul><ul><li>CCB signoff on all requests which are deemed GxP critical. </li></ul><ul><li>Design of an SOP to by-pass the adopted Change Control Process (documented retrospectively where necessary) </li></ul>