This Change Management Plan establishes a structured approach for evaluating, approving, implementing, and documenting changes to the ICT Governance Framework Application. It ensures that changes are made in a controlled manner with appropriate oversight to minimize disruption and risk while enabling continuous improvement.
This plan applies to all changes affecting the ICT Governance Framework Application, including:
The ICT Governance Framework Application employs a change management approach based on the following principles:
The change management methodology incorporates elements from:
The change management strategy for the ICT Governance Framework Application will:
The Change Management Team provides oversight and governance for all change-related activities:
| Role | Responsibilities |
|---|---|
| Change Manager | - Overall accountability for change management - Chair Change Control Board meetings - Resolve conflicts and issues - Report on change management metrics |
| Change Coordinator | - Process change requests - Schedule Change Control Board meetings - Track change status - Coordinate change implementation - Maintain change documentation |
| Configuration Manager | - Identify configuration items affected by changes - Ensure configuration updates - Maintain configuration management database - Verify configuration compliance |
| Role | Change Responsibilities |
|---|---|
| Project Manager | - Submit change requests - Assess change impact on project - Incorporate approved changes into project plans - Report on change status to stakeholders |
| Development Team | - Implement technical changes - Provide technical input on change requests - Perform impact analysis for technical changes - Test changes before implementation |
| Infrastructure Team | - Implement infrastructure changes - Assess impact on infrastructure components - Provide technical expertise on platform changes - Validate infrastructure changes |
| Quality Assurance | - Test changes prior to implementation - Verify changes meet quality standards - Validate that changes deliver expected outcomes - Identify quality issues related to changes |
| Stakeholders | - Submit change requests - Provide business justification for changes - Review and approve changes from business perspective - Provide feedback on implemented changes |
Changes will be categorized based on impact and risk:
| Category | Description | Approval Requirements | Implementation Window |
|---|---|---|---|
| Standard | Pre-approved changes with well-understood impacts and established procedures | Pre-approved; Change Coordinator verification | Regular maintenance window |
| Minor | Low-risk changes with limited impact | Change Manager approval | Regular maintenance window |
| Significant | Moderate-risk changes with broader impact | Change Control Board approval | Scheduled maintenance window |
| Major | High-risk changes with significant impact | Change Control Board and Executive approval | Major maintenance window with notification |
| Emergency | Urgent changes needed to resolve critical issues | Emergency approval process; post-implementation review | Immediate with coordination |
The following change types will be managed within the ICT Governance Framework Application:
| Change Type | Description | Examples |
|---|---|---|
| Policy Change | Changes to governance policies and standards | - Update to tagging requirements - Modified security standards - New compliance policies |
| Code Change | Changes to automation scripts and modules | - Bug fixes in PowerShell scripts - New automation features - Code refactoring |
| Infrastructure Change | Changes to infrastructure components | - Updates to Azure resource configurations - New infrastructure components - Resource decommissioning |
| Configuration Change | Changes to application settings and parameters | - Parameter value updates - Feature toggles - Environment configuration changes |
| Documentation Change | Changes to documentation and guidance | - Updated user guides - New technical documentation - Process documentation revisions |
| Process Change | Changes to operational processes and procedures | - Modified deployment procedures - New operational workflows - Updated support procedures |
The standard change request process includes the following steps:
For emergency changes, an expedited process will be followed:
Change requests will be prioritized based on the following criteria:
| Priority | Description | Response Time | Implementation Timeframe |
|---|---|---|---|
| Critical | Urgent change needed to resolve service outage or security vulnerability | Immediate review | As soon as possible (24 hours) |
| High | Important change with significant business impact | Review within 1 business day | Within 1 week |
| Medium | Change with moderate business impact | Review within 3 business days | Within 2-4 weeks |
| Low | Change with minimal business impact | Review within 5 business days | Within 1-3 months |
The Change Control Board (CCB) will consist of representatives from key stakeholder groups:
| Role | Responsibility on CCB |
|---|---|
| Change Manager (Chair) | - Lead CCB meetings - Ensure proper review process - Break ties in voting if necessary |
| Technical Lead | - Evaluate technical feasibility - Assess technical risks - Provide technical expertise |
| Security Representative | - Assess security implications - Ensure security standards compliance - Identify security risks |
| Business Representative | - Evaluate business value - Represent business priorities - Assess business impact |
| Operations Representative | - Assess operational impact - Evaluate supportability - Identify operational risks |
| Quality Assurance Representative | - Assess quality implications - Ensure testing adequacy - Identify quality risks |
The CCB will make decisions using the following approach:
All CCB activities will be documented, including:
Change impact analysis will cover the following areas:
| Area | Assessment Considerations |
|---|---|
| Technical | - Systems and components affected - Integration impacts - Performance implications - Technical dependencies |
| Operational | - Operational processes affected - Support requirements - Monitoring implications - Backup and recovery impacts |
| Security | - Security control impacts - Authentication/authorization changes - Vulnerability introduction - Compliance implications |
| Business | - Business process impacts - User experience changes - Business continuity implications - Value delivery assessment |
| Resource | - Implementation resource requirements - Training needs - Documentation updates - Cost implications |
| Schedule | - Implementation timeline - Deployment window requirements - Dependency on other changes - Critical path impact |
| Risk | - Implementation risks - Rollback complexity - Service disruption potential - Compliance risks |
For each significant or major change, a structured impact analysis will be conducted:
The following tools and techniques will be used for impact analysis:
For approved changes, an implementation plan will be developed including:
Changes will be tested prior to implementation:
The following implementation approaches may be used based on change characteristics:
| Approach | Description | When to Use |
|---|---|---|
| Direct Implementation | Implement change directly in production | - Low-risk changes - Standard changes - Configuration updates |
| Phased Implementation | Implement change in stages | - Complex changes - Changes with user impact - Broad scope changes |
| Parallel Implementation | Operate old and new systems in parallel | - Critical system changes - High-risk changes - Changes needing verification |
| Pilot Implementation | Implement for limited scope first | - User-impacting changes - Changes needing validation - Changes with uncertain impact |
All changes will include rollback procedures:
Change communication will be tailored to stakeholder needs:
| Stakeholder Group | Communication Needs | Communication Methods |
|---|---|---|
| Executive Leadership | - Strategic impact - High-level status - Risk overview |
- Executive summaries - Dashboard reports - Quarterly reviews |
| Technical Teams | - Technical details - Implementation requirements - Dependencies |
- Technical specifications - Implementation plans - Technical briefings |
| Operations Team | - Operational impact - Support requirements - Monitoring changes |
- Operational procedures - Support documentation - Handover sessions |
| End Users | - Functionality changes - User experience impact - Schedule awareness |
- User announcements - Training materials - User guides |
| Compliance Team | - Compliance impact - Documentation updates - Audit implications |
- Compliance assessments - Documentation reviews - Compliance briefings |
Communication will be provided at key points in the change lifecycle:
Standardized templates will be used for change communications:
The following documentation will be maintained for changes:
| Document | Purpose | Required For |
|---|---|---|
| Change Request | Document change details and justification | All changes |
| Impact Analysis Report | Document change impacts and risks | Significant and Major changes |
| Implementation Plan | Detail implementation approach and steps | All changes except Standard |
| Test Plan and Results | Document testing approach and outcomes | All changes except Standard |
| Technical Specification | Detail technical aspects of the change | Code and Infrastructure changes |
| User Documentation | Explain changes from user perspective | User-impacting changes |
| Post-Implementation Report | Document implementation results and lessons | All changes |
| Configuration Update Record | Document configuration changes | All changes affecting CIs |
Change documentation will be:
Changes will be tracked using a change management system that records:
[Change Identification] → [Change Request Submission] → [Initial Review] → [Impact Analysis] → [Change Approval] → [Change Scheduling] → [Change Implementation] → [Post-Implementation Review]
[Emergency Identification] → [Emergency Approval] → [Controlled Implementation] → [Post-Implementation Documentation] → [Emergency Change Review]