Change Management Approval

Blue
Tera Contributor

Hello all, we are interested in how you have approached your Change Management for the enterprise IT.

 

Who compromises your Change Authority Board (CAB)? Is it all IT Managers or IT Directors or IT VPs or etc.?

Do all of the CAB members need to approve CHGs in ServiceNow to allow it to progress? How have you configured the approval for CAB on a CHG in ServiceNow?

Option 1: One CAB member can approve

Option 2: All CAB Members must approve

Option 3: % of CAB Members must approve (ie. 100%, 75%, 51% etc.)


We are revisiting our approach.

1 ACCEPTED SOLUTION

Alan Prochaska
Tera Expert

We have a multi-stage change approval process:

 

We have defined the manager of the assignment group as the primary approver, who is accountable for the change end-to-end.  If the change blows up or disrupts something else, the primary approver is accountable and gets to provide explanations.  Primary approval happens during Assess.

 

After primary approval completes, the change moves to Authorize, where it could have some combination of compliance approval, CAB approval, and additional approvals.  If the lead CI of the change is in-scope and onboarded for a compliance regulation, then the workflow stages a compliance approval to the business application owner and their delegate.  Once complete, the workflow stages a CAB approval to the CAB assigned for the lead CI (Chg.Configuration Item.Approval Group).  Once CAB approval is complete, then if the change request included an Additional Approval, the change workflow stages and collects it.  

 

Compliance approval ensures the change complies with key regulatory controls for change, specifically that a) new content was successfully tested off production before implementation in prod, and b) approval was collected before new content was migrated to prod.

 

CAB approval ensures that appropriate communication and coordination with key stakeholders has been done, and there are no objections (ie. they agree that the content can be implemented per the defined scope and schedule).  This is different from many orgs' expectation of CABs.  We no longer make CABs accountable for changes, only responsible for communication and coordination.  Accountability lies with the primary approver.

 

Additional approval is typically a way to include additional CABs for broader oversight and awareness.

 

Compliance approval may or may not be required.  It depends on the CI.

CAB approval is required.

Additional approval may or may not be required.  it depends on whether the change manager (Assigned To) specified an Additional Approval on the change request.

 

CABs are typically not populated with VPs or even Exec Directors.  Levels below them are typically the ones reviewing and approving the changes to move forward.   VPs or EDs typically are not aware of change and impact specifics.

 

All approvals are "one must approve".  We have found that multiple approvals and shared accountability are not effective.  The basic model is "many reviewers, one approver" and "one throat to choke".  If a CI or deliverable has many stakeholders, the approver must be accountable for all stakeholders and incorporate their opinions and recommendations into their decision.  Trade-offs may be required, and decisions must be made.

Our 0.02

View solution in original post

12 REPLIES 12

Neil P
Tera Contributor

Who compromises your Change Authority Board (CAB)? Is it all IT Directors or VPs or etc.?:  In our case, it's the managers of the assigned teams, based on which groups have changes.

Do all of the CAB members need to approve CHGs in ServiceNow to allow it to progress? No

How have you configured the approval for CAB on a CHG in ServiceNow? First approval goes to assigned to Manager.  This gets it to CAB.  In CAB, there is a group approval comprising of 10 managers for the change groups.  Once 4 managers have OKd, it goes to the CAB Manager group requiring one of that group to approve as a final step.  4 happens to be 40%, but I'm using a script to call a system property for the amount, so it's changeable quickly.  I use the same logic for denials.

 

Josh Pirozzi
Kilo Sage

Hi @Blue,

 

For my organization it's broken down by Change Type:

  • Normal Changes:
    • We have 2 approvals associated to the workflow.
      • Approval 1: Routes the approval request to a 'Manager Approval' Group. This Group consists of Manager(s) and / or supervisor(s) on a team or department.
        • Only one group members needs to approve.
      • Approval 2: Routes to our CAB Group which is composed of our Problem and Availability MGR (who runs our weekly CAB Meetings) and the members of our SMO team.
        • Because we discuss these Change Requests during the meeting, only one member of the CAB Group needs to approve.

What roles are in your SMO team and who fills those roles?

They cover:

  • Manager of our Service Management team
  • The Problem and Availability manager
  • Senior Service Management Performance Analyst (CMDB Manager)
  • Service Management Performance Analyst (ITSM [Incident/Request] Focused Analyst)

The team also focuses on a range of modules/areas from tracking metrics and continual improvements.