Modern Change Management: Adoption Playbook & Maturity Journey    

      

 Introduction

     

            What do you mean by ‘Modern Change’?      

   

     

            A model-based approach      

   

     

           What pain points/problems does modernizing change solve?     

   

     

           Why ServiceNow is uniquely positioned to solve these pain points     

   

 Personas

     

           Who are the key personas involved in Modern Change?

 

 Technical specifications

     

            How is Modern Change licensed?      

   

     

            Core Change Management Features (req. ITSM Standard)      

   

     

            Additional Change Management Features (req. ITSM Pro or above)      

   

     

            Generative/Agentic AI add on capabilities (req. ITSM Pro Plus or above)     

   

     

            Additional related Products      

   

     

            What are the main actions required to install the Modern Change capabilities?

   

     

            Where does DevOps Change Velocity (DCV) fit?      

   

     

            Where does Digital Product Release (DPR) fit?     

   

 Key Modern Change concepts/capabilities

     

            Change Models      

   

 

Change models allow organizations to define fit-for-purpose models to simplify and streamline change across common use cases. Change models define the process a particular change use case will go through.

 

OOTB we ship models for the 3 traditional types of ITIL changes (Standard, Emergency and Normal) as well as some other change use case examples suitable for separate models (e.g., Change Registration, Cloud Infrastructure, Unauthorized change, DevOps changes). These other use case examples would historically have been processed as a part of Normal Change, which is usually more inefficient, or as a part of Standard Change, which may be inappropriate as Standard lacks any run-time governance.

 

 

Like the change types used for legacy ServiceNow change implementations, change models have several artifacts (e.g., change states, state transitions, approval policies, templates) associated to them. The primary difference though is artifacts for change models are modular in nature, so they can be maintained/modified individually and reused across models, compared to being directly integrated into a monolithic workflow for change types. This vastly reduces the technical complexity of change models and the maintenance requirement for them. See below for a visual of the artifacts associated with example change models.

 

 

One additional benefit of change models is they can better facilitate the capture of relevant structured data based on the change use case. This structured data can then be used to inform risk evaluation and approval decisions – a good example is the DevOps change model that can consider DevOps data (e.g., work items, code commits, test results, security scans) into automated governance decisions.

 

 

We recommend customers migrate from legacy Workflow-based Change to use Flows. Flows will help enhance efficiency, usability, and performance of your change process. Workflows were used in legacy Change implementations and are typically monolithic and complex, making them difficult to enhance without significant development and testing effort. Change Flows are modular and reusable by design. Today, we ship OOTB state-based flows for each Change model. These can easily be cloned and updated to meet your specific process requirements.

 

 

Why are Flows better?  Flows are designed to run asynchronously by default, ensuring fast execution without impacting the calling thread. The reusability of sub-flows and flow actions streamlines development, making it more efficient. The intuitive low-code, natural language interface accelerates workflow creation and comprehension. Leveraging the NowMQ in-memory queue for asynchronous processing, flows achieve faster execution speeds. Additionally, flows offer advanced capabilities for filtering content and managing workflows with precision, ensuring optimal performance and effectiveness.

 

In summary, migrating to Flows not only aligns with modern development practices but also significantly improves the overall workflow automation experience. It’s important to note that existing Change Workflow and model-based Change Flows can co-exist and both run in parallel to provide a smooth migration path for change workloads.

 

 

 

Approval policies can use any ServiceNow data as input to automatically evaluate and apply approval decisions based on business requirements. Changes can be:

• Auto approved
• Auto rejected
• Sent for manual review to a user or group

Approval policies provide an audit trail within each change request, can be linked to change compliance, and are reusable and independent from state-based flows (flows call them).

 

The key benefit of using Approval policies is they allow you to tailor your change approvals to align with your organization's appetite for risk. This can dramatically increase change velocity with sacrificing governance, audit and control.

 

 

             How do Approval policies work?      

 

 

When an approval policy is triggered in a flow (typically when a change is transitioning from New to Assess/Authorize), policy inputs are gathered and fed into the dynamic approval engine (If…Then decision hierarchy) which will determine the approval decision/action for the change. Policy inputs can be any data available on the ServiceNow platform or external data retrieved via a REST API call.

 

Once a decision is matched, an Approval Definition, another key component to Approval Policies, is evaluated to dynamically determine which individual or group (and how approval needs to be obtained within a group) will be making the decision on a change. If the change is automatically approved or rejected, it will be on behalf of the user/group in the Approval Decision. If the change is routed for manual review, the user/group will be notified to review and approve/reject.

 

Approval Policies satisfy regulatory requirements when auto-approving changes. They accelerate time to value for the business by reducing or removing manual effort when configuring approvals and making approval decisions on changes.  They enable a high degree of agility and allow you to respond quickly to changing governance conditions.

 

 

• Auto-approve low risk changes for specific services or teams with high success
• Add manual approvals based on critical business services, change conflicts or teams with low success
• Auto-approve DevOps changes which meet development and operational governance criteria

 

 

ServiceNow provides four evaluators which can be used to calculate change risk. These can all be used together or individual evaluators can be activated / deactivated according to customer need.

• Risk Assessment
• Risk Conditions
• Risk Intelligence (requires ITSM Pro or above)
• Calculated Risk Score (requires ITSM Pro or above)

The risk evaluation framework takes the different risk evaluation methods you’ve configured to run on your change and provides a derived risk score, which OOTB is the most conservative (highest) risk score evaluated. All risk scores that were fed into the risk evaluation framework are also visible on the change.

 

 

Overviews of each risk evaluation method are below:

 

 

 

Risk Assessments are well established in most customers’ implementations.

• Risk assessments are an extension of the surveys and assessments core platform feature.
• Risk assessments can be configured and triggered using conditions. Different sets of questions can be used for different conditions (e.g., Normal change risk questions can be different to Emergency change)
• Questions in risk assessments are weighted, and the final score is calculated from the answers and weightings.
• Risk assessments can be run multiple times for a single change.
• The latest risk assessment is used for risk scoring.
• The history of risk assessment answers is stored against the change for audit and compliance.

 

Pros	Cons
Low technical ‘point of entry’ – no-code Usable when there is little or no structured data on the change records Very little (or no) process re-engineering required to use Audit trail for risk-based decisions	Responses can be highly subjective and open to misrepresentation of actual risk Can be ’gamed’ by teams Manual effort required, limited opportunities for automation and can be a blocker to change velocity Limited/no relevance to shift-left processes (e.g. DevOps) Risk questions often require the user to enter data which may already be available on the platform

 

We recommend you consider replacing subjective Risk Assessment questions with more objective, automated, data-driven risk calculation features to improve accuracy (see below).

 

 

Risk Conditions

• Automate the process of setting change risk and impact values based on data
• Can be triggered according to filter conditions
• Allow you to ensure that organizational compliance is adhered to
• Provide an audit trail
• Take the subjectivity out of risk decisions and allow the use of structured data

Pros	Cons
Low-medium technical ‘point of entry’ – no-code/low-code Use of structured data eliminates subjectivity Automation helps drive change velocity	Requires good referential and change data May require a degree of admin / engineering effort

 

 

• Uses established method to calculate risk - combination of change success Probability (change success score) + Impact (risk conditions) to determine risk
• Change probability X Impact matrix is configurable by customer

Pros	Cons
Probability and impact matrix uses established best practice for risk management Can be tailored to individual change models Configurable by change manager – no-code configuration	Moderately complex to understand the inputs and how they are derived Requires good governance of change review and closure data May be misleading if teams are low-volume change users

 

 

 

Predictive intelligence is a data-driven machine learning solution provided out of the box with ITSM Pro or above.

• Select from and configure one of two algorithm solutions (Classification or Similarity)
• It can be configured to work with the data and process that you have and works well with minimal configuration.
• You can trial the predictive intelligence solution to view the predicted risk values, then tweak and re-train the model until you are happy with the results, before configuring the solution to set the Risk value in ‘live’ use.

Pros	Cons
Low technical ‘point of entry’ – no code/low code Can be used in parallel to existing processes Can be applied only to specific models Testing and customer evidence show a high degree of accuracy Considers the wider change landscape	Requires good quality change data May require additional tweaking / training if data is low quality Requires a relatively high volume of historical change to be effective (minimum 10,000 records) Result is less explainable due to ML

 

 

Change Success Score is a numeric ‘credit’ score, calculated using historical data to help determine likelihood of success based on a team’s change history. The more successful a team is, the higher their score and the reverse is also true.

 

Scores range from 0 to 850, where:

• 700 – 850 is rated Excellent
• 600 – 699 is rated High
• 500 – 599 is rated Medium
• 0 – 499 is rated Low

If you need to modify the score ratings, please follow instructions here.

 

Success scores are also tracked for Change Type and Model so you can monitor performance of those across your enterprise.

 

Success scores can be used as an input for calculating risk as well as for approval policies. e.g. If a team has an Excellent success score, their approvals can be automated, whereas a team that has a Low or Medium success score requires manual review / approval to ensure their changes meet compliance and quality expectations. This allows for more flexible governance based on the data for a team’s performance. It also allows you to identify teams with Low success who may need additional training and support.

 

How to activate and start using change success scores

To use change success scores the ‘Change Management – Change Success Score’ plugin is required. Once this plugin is activated, a number of platform analytics (PA) jobs are added: Change success score metrics (Daily), Change success score metrics (Historical data), Change success scores (Historical data), and Change success scores for today. You can optionally choose to run the historical data jobs to set a baseline of success scores based on the past 30 days of changes, or alternatively you can begin using the daily job that will increment the change success scores from a base of 500. After the first job run, a Change Success Score card icon appears next to the Assignment group field on the change request form in UI16. At the moment of writing this FAQ, SOW change does not surface the Change Success Score modal information, but this is a gap that will be addressed in an upcoming release (please check release notes to see if has been updated at the time you are reading this). If you click this icon, you can view the score card details of the assignment group.

Each team starts with a baseline score of 500. Their scores are then adjusted up or down by the daily PA job. Scores for each team, type and model (as well the overall enterprise) and trends over time are tracked and displayed on the Change Success Score dashboard.

 

How Change Success Scores work

The following indicators are used to collect data daily for the changes completed on the previous day.

• Total Changes
• Successful changes
• Unsuccessful changes
• Successful changes with issues
• P1 incidents caused by change
• P2 incidents caused by change
• P3 incidents caused by change

If you want to add a custom indicator, please follow the instructions in this knowledge article which shows you how to add Outages for Change as a new indicator.

 

Configurable formula indicators are used to calculate the success scores. These indicators apply a multiplication operation to the data collected by the automated indicators to arrive at the final score.

You can view and configure the Change success score formula indicators in Performance Analytics under the indicator group Change success score - multipliers.

 

Below are the default multipliers used in success score calculation. If you need to modify the score calculation see this page.

 

Automated indicator	Multiplier applied by formula indicator
Successful changes	3
Successful changes with issues	-2
Unsuccessful changes	-5
P1 incident caused by change	-10
P2 incident caused by change	-5
P3 incident caused by change	-2

 

 

In Utah, release we introduced Change Management into the Service Operations Workspace experience. Our aim was to not only modernize, but also accelerate change management with an elevated, data-driven experience. Since then, we have continued to evolve Change capabilities in SOW.

 

 

One of the highlights of SOW Change is the new Dynamic Overview page which helps reduce the clutter on Change forms and render contextual information relevant to the Change state and the persona using the application. The intent is that users who are new to Change Management no longer need specific process knowledge to navigate the full Change lifecycle without relying on classic UI. This new, modern, experience is more intuitive and driven by the underlying state model and helps focus users on the next “job-to-be-done” as they fill in information and move from one state to the next. More experienced users can still manually fill in information using the Details tab if they choose to.

 

 

The change scheduling experience has been improved by providing a comprehensive scheduling calendar view that highlights areas of potential conflict (blackout windows, other related/relevant changes) within SOW. SOW Change will automatically look for conflicts and the next available conflict-free time slot for the planned change duration. If desired, ServiceNow can automatically schedule your change in the next conflict-free window. The Details tab will also update to show the planned start and end date, as well as if any conflicts were detected.

 

 

You can use the table-based configuration to align the SOW Dynamic Overview pages with your organization’s change process.

 

Configuration options allow you to define how the Dynamic Overview pages render throughout the change life cycle. This includes configuration options for overview pages, contextual sidebar and activity stream behavior for each state.

 

You can configure the following components:

• Control the display of the cards in the contextual side panel
• Control the order of the cards to be displayed in the Overview pages
• Control the display of activity stream bar in the Overview pages
• Configure the journal fields

See the documentation for more details: Manage the workspace configuration for a Change request in Service Operations Workspace

 

 

As of May 2025, we have also brought the CAB Workbench experience into a new improved user experience in SOW. CAB in SOW launched with functional parity with the legacy CAB Workbench, supporting reviews of CAB-relevant changes, failed changes, and standard change proposals. As a part of the improved user experience, there are more options within agenda management for in progress CABs, such as pausing, deferring, and restoring agenda items.​ CAB efficiency is improved by encouraging pre-CAB reviews and commentary on upcoming changes. Look out for future enhancements to CAB in SOW in upcoming releases.

 

 

By leveraging DevOps Change Velocity, customers can significantly enhance and modernize their change management processes, leading to improved efficiency, compliance, and overall productivity. Key benefits include automated change creation from CI/CD pipelines, automated approval/rejection of changes based on DevOps data, and compatibility with all major DevOps tools. This reduces manual activities for developers, change managers, and release managers, increases change throughput, and ensures full traceability and auditability. Additionally, it centralizes data in the DevOps Data Model and automates control and governance through data-driven policies.

 

This results in improved compliance with a single source of truth for change control and governance data, and continuous improvement with greater visibility to enhance cross-team culture and process health. This leads to a lower failure rate, improved mean time to recovery, and optimized deployment frequency, with everything tracked through out-of-the-box integrations.

 

DCV addresses challenges such as eliminating the need to switch between tools and reduces manual work to manage changes, improving the correlation between changes and release content, enhancing visibility and transparency between Dev and Ops teams, enabling the increasing volume and velocity of DevOps changes, and reducing compliance risks. Through automation and integration, the non-intrusive approach allows developers to stay in their own tooling. See our DevOps Change Velocity Community page for more info.

 

Back to top & table of contents

 

This section contains best practice guidance to ensure change approval adds value to your process and doesn’t become unnecessarily burdensome.

 

The goal of Change Management is to balance the benefit vs the risk of the change to drive business outcomes within the risk profile of the organization. A well-balanced process should enable change to occur as rapidly as possible to meet the business need, while ensuring the associated risks are well understood and planned for. Aim to minimize the number of approvers in your process, to avoid change approval becoming a bottleneck.

 

Having large numbers of approvers on a change who don't perform a specific role in the process, should be avoided. Additional manual approvers may not necessarily lower the risk but can add significant manual overhead for the teams involved. For each approval level, try to limit the approval to a single group or person accountable. If this accountability is unclear or spread across multiple teams or people, it can create ambiguity and unnecessary manual overhead.

 

Change Approver Accountabilities

Change approval has a very specific function within the Change Management process. Each approver should have clearly defined accountabilities and a list of what they need to check for when performing a review. There should be as little overlap as possible between the different levels of approvers. Amongst other things, approvers should be checking to ensure:

• The risks and impacts of the change are clearly articulated
• There is sufficient evidence provided to cover implementation, testing, post-implementation validation, backout; including catering for scenarios of what could go wrong and how to mitigate any issues if they arise.

 

Avoid using Change Approval as a proxy for Change Notification

Change approval is sometimes used as a proxy for notification of upcoming changes. This is poor practice and should be avoided. There are many ways to enable notification of the forward schedule of planned changes without needing to be an approver (e.g. change schedules, reports, dashboards, VTBs, CI subscriptions etc.). Unnecessary approvals (especially if there are many levels across different groups) can slow the process, make it difficult to navigate, dilute the accountability of the other approvers and detract from the valuable outcomes that change governance delivers to the organization.

 

Recommended Approval Levels

We recommend that approvals are generated for:

• Peer review (technical assessment) - usually by a peer in the Assignment Group other than the change assignee (for all risk levels)
• Change Management for quality & compliance review (for medium and high risk)
• CAB (for high risk)
• Service Owners – only if their service will experience a planned outage
• Others only as needed (e.g. Firewall changes would usually require approval from the Security team)

 

Task Assignees should not be Approvers

Task assignees don’t also need to be Change approvers. This adds unnecessary approvers to a change. Acceptance of a task can be managed by the change owner populating only the assignment group on the CTASK (not the Assignee field). Assignment groups can monitor their task queues and acceptance for the task can be indicated by populating an Assignee name on the CTASK. If a CTASK Assignee is blank, the change owner can follow up with the relevant group. They can also add a work note to provide more details if required.

 

 

Use Blackout and Maintenance windows to help your teams schedule their changes during optimum periods to lower the risk and impact to service.

• Blackout windows specify times during which normal change activity should not be scheduled. e.g. a change freeze period during critical processing times such as holidays or End of Financial Year.
• Maintenance windows specify times during which change requests should be scheduled to minimize service disruption. E.g. changes are scheduled between midnight and 4am when the service is not being used.

Conflict detection uses blackout and maintenance schedules to find potential scheduling conflicts for the configuration items (CIs) associated with a change request. When conflict detection runs, it determines if either type of defined schedule applies to the change request. If a potential conflict is identified, a warning message appears and conflicts are listed in the UI.

As well as blackouts or maintenance schedules which are global in nature (i.e. periods which apply to all changes), you should also consider more granular blackouts and maintenance schedules for discrete groups of services, CIs, or even assignment groups (or other data points relevant to your organization). More granular blackout and maintenance schedules (based on a specific set services for example) are more effective because they are specific and targeted. This helps avoid unnecessary conflicts which global schedules can generate.

 

Back to top & table of contents

Shown above is our perspective on an outcome-focused maturity journey to realize a modern change management process within your organization. The top boxes in this visual represent the top-level outcomes as well as sub outcomes that can be achieved at each maturity stage. The bottom boxes in red represent the data that should be available to leverage within this process at each stage.

 

At a high level, through this maturity journey we aim to help customers visualize how they can realize the outcomes described through the planned adoption of our Modern Change features while limiting impact to ongoing business operations. This maturity is most applicable to existing customers looking to migrate away from their legacy change implementations but is also broadly applicable to new customers.

• This starts with evaluating your as-is process and identifying use cases where you can begin experimenting with change models, flows, approval policies, etc. to familiarize yourself with what’s available (this is applicable to legacy customers looking to migrate).
• Then it moves to expanding on use of models for more use cases and beginning the planning, building, and testing to migrate from change types to models for ITIL changes.
• With that foundation, next is defining and leveraging data available within ServiceNow in your change process – such as blackout and maintenance schedules, data-driven risk conditions, operational data, change historical performance, engineering data – into robust approval policies to drive automated governance over your change process.
• Along the way, we recommend thinking about simplifying your change process by looking at products like Digital Product Release, which can help shift left release validations often added into change approval, instead of earlier in the release lifecycle.
• And by the end, customers can get to the point of achieving full change automation for certain use cases, from creation to approval. Additionally, GenAI/Agentic AI capabilities can be used to reimagine how changes are created and managed.

It’s important to mention that based on a customer’s maturity and requirements, it may make sense to start at different points along this journey. What’s shown is our general recommendation for the path a customer can take.

 

 

Before you get started on your maturity journey, it’s a good idea to plan and document the outcomes you want to achieve with Change Management. It’s also important to document how you will measure success, so you can track your progress to achieving your goals and correct course if necessary.

 

Think about the key goals and outcomes you want to drive. Here are some examples:

• Better manage increasing change velocity
• Handle a higher volume of changes
• Improve change quality
• Improve service resilience and stability
• Drive more accurate risk assessments
• Reduce incidents caused by change
• Reduce manual approvals
• Achieve robust controls & compliance
• Simplify and uplift the user experience
• Make CAB more efficient

All of these can all be achieved with ServiceNow’s modern change solution. Prioritizing which goals are most important to your organization and how you will measure success, can help you plan and sequence your own Change maturity journey and roadmap.

 

 

The first stage in the Modern Change maturity journey is mostly relevant to customers with legacy change implementations, but there are elements (like how to identify change model use cases, defining new change models, creating and using approval policies, setting up structured risk evaluation methods) that will be applicable to all customers.

 

At this stage, the primary outcome is to reduce the complexity and subjectivity of your existing change process by removing the burden on highly customized, legacy change processes through the adoption of select modern change features. This entails:

• Defining and using more pre-approved Standard changes for frequent, low risk use cases which have a good history of success
• Identifying and experimenting with the first change model use cases and testing their effectiveness with select teams
• Activating data-driven risk conditions to use alongside other risk evaluation methods
• Defining initial approval policies to help automate governance decisions

1). Review your current Change Management process to gain a clear understanding of which steps and data are mandatory for your organization. Over time, processes can become cumbersome and inefficient and should be regularly reviewed to ensure their effectiveness and efficiency. It’s important to not recreate any existing process issues within your new models and flows. It’s good practice to question the value and necessity of every input, step, and output in your current process to ensure:

• Alignment to your organization’s goals for Change Management (refer to ‘Before you begin’ section in this document for example goals)
• Alignment to the Technology Risk & Controls frameworks applicable in your industry
• Every input > step > output should add value (i.e. eliminate waste and unnecessary toil)

2). Identify pilot low risk use cases & teams to test with to unburden what often is an overloaded, complex Normal Change process. We recommend starting with frequent, low risk change use cases that would be appropriate for either a Standard Change template or for a change model.

 

Standard Changes are pre-approved and are appropriate for repeatable, low risk use cases that have a strong history of success, thus not requiring approval at run time. If you need to add an approval step to a low risk use case, we recommend using a change model instead. Change Models enable more flexibility than a Standard change. Used in conjunction with an approval policy, a ‘Low Risk’ change model can allow for automated approvals when policy parameters (e.g. risk is low, non-critical CI/service, no conflicts detected) are met to provide the speed of a Standard change, but can also route a change for manual approval if details of the change or operational environment elevate the risk outside of defined conditions.

 

Examples of low risk change use cases are:

• Cloud infrastructure provisioning
• Deployments to non-production environments
• Applying non-critical software patches
• Standard firewall rule changes
• Low-risk administrative actions (e.g., user account provisioning, email distribution list updates)

Guidance on how to identify use cases for change models:

1. Review your current Normal and Standard change workload to identify initial use cases. Think about frequently used low risk use cases where the implementation, testing and backout steps are well understood and have a good history of success. This could be for specific teams, CIs, applications, services or other patterns.
2. Think about changes which can be made more efficient because there is little value in them having to traverse the full Normal change lifecycle. Examples include: Patching, Cloud Provisioning, Minor Application Enhancement.
3. Consider Standard Changes that could benefit from adding an approval step to better manage changing operational conditions (e.g., if the CI being changed is experiencing an incident/outage, or there is an urgent blackout in place conflicting with the change à auto-reject change or add a manual approval step to review risk prior to implementation). A low risk change model with associated approval policies can enable more flexibility and automatically cater to changing operational conditions.

Whether your organization decides to use Standard Change or a ‘Low Risk’ change model is up to your governance requirements. At this stage, look to identify what these repeatable, common low risk use cases are.

 

At this step, we also recommend identifying a short list of teams (maybe start with just one) that you can test this new process with before rolling out to the broader organization.

 

3). Begin reducing change complexity of your existing change process through the adoption of select Modern Change features.

1. Introduce or expand use of Standard Changes and Standard Change catalogue
   1. Guidance on proposing, approving, and maintaining Standard Change templates
      1. Proposing Standard Change Templates
         • Standard Change templates proposals can come from both the Change management team as well as change requestors (via propose standard change UI action)
         • Templates proposed should be for low-risk, well-understood, and repeatable use cases with a good history of success
         • Robust standard change template proposals should have all necessary change details populated (e.g., description, implementation plan, backout plan, test plan, justification, affected CIs, impacted Services etc.)
      2. Approving Standard Change Templates
         • Proposed Standard Change Templates should be reviewed by the change management team and relevant stakeholders (e.g., technical SMEs, service owners) – this may happen as a part of CAB/equivalents
         • Review proposals for completeness, clarity, technical accuracy, operational readiness to support, service impact and compliance with security, regulatory, and organizational policies
         • Assign ownership for ongoing oversight and accountability
      3. Maintaining Standard Change Templates
         • Set up regular governance to ensure approved Standard Changes are performing as expected and not causing any incidents or outages. If a Standard change is continually unsuccessful and/or causes an incident or outage, the associated Standard Change template should be deactivated
         • Track usage metrics and feedback to continuously improve template quality
         • Update templates promptly after any process, tool, or system change
         • Retire templates that are outdated or no longer in use
2. Activate Risk Conditions for more data-driven risk evaluation.
1. Risk Conditions are predefined property- and condition-based checks used to evaluate change risk (e.g., if the service/CI is critical à Risk = High, if schedule conflict exists à Risk = High).
   1. Risk Conditions are defined using no-code (e.g., condition builder) and low-code (e.g., advanced condition script)
2. Risk Conditions help to:
   1. Automate the process of setting change risk and impact values based on data
   2. Can be triggered according to filter conditions
   3. Allow you to ensure that organizational compliance is adhered to
   4. Provide an audit trail
   5. Take the subjectivity out of risk decisions and allow the use of structured data
3. To activate Risk Condition(s), you must check the ‘Active’ checkbox for each condition to be utilized
4. By default, our dynamic risk engine will capture the risk outputs from the various risk evaluation methods you have activated (e.g., risk assessments, risk conditions) and set the change to the most conservative (i.e., highest) risk evaluation.
3. Define initial change model and pilot use case with targeted team. Steps to consider as you do this:
1. For legacy change customers, before creating anything it’s essential to ensure legacy change types can run in conjunction with models by updating existing Change Workflow so it can run in parallel. This will allow you to begin creating models as you work to migrate your change workload from Workflow to Flows and ensure your current process remains unaffected by running Change Models while at the same time, running your current Change workflow.
   1. Review current Change process workflow, Business Rules, ACLs, UI policies, Data policies, any customized fields, field values or other customizations, to gain a comprehensive understanding of any mandatory steps and fields which must apply to new changes models, as well as which can be ignored.
   2. Update current change workflow to ignore any changes created from a model. This ensures the current change workflow can continue to operate without conflicting with new change model flows. i.e. they can both run separately in parallel.
   3. Identify your current change workflow for Normal change. Navigate to Workflow Editor > Change Request - Normal is the OOB workflow. Note: your instance may have multiple workflows with different names.
   4. Checkout workflow
   5. Go to Properties > Conditions
   6. Set workflow trigger conditions to ignore any changes executing via a Model
   7. Update > Save > Publish workflow
   8. In a similar way, repeat this for Business Rules, UI Policies, ACLs etc. to ignore changes which are processing via a model, unless you need to have these also execute for model-based changes.
2. Creating the pilot change model(s)
   1. Leveraging one of the ideal use cases identified as a part of step 2 (identify pilot use cases) and create a model for it. It may be easiest to duplicate and modify the OOTB Normal Change model.
      1. Determine the ‘Implementation states’ (this is typically only the Implement state)
      2. Define record presets (preset change field data)
      3. Set up security rules to restrict access to the model (optional, but recommended for the pilot)
      4. Create the model states which are applicable for the use case.
         • Model states are the states that changes using this model can progress through (e.g., New > Assess > Authorize > Scheduled > Implement > Review > Closed OR Cancelled)
         • Not all states will be relevant to change model use cases. Any unnecessary states can be removed.
      5. Create the state transitions (what states can transition to other states (e.g., New can only go to Assess OR Cancelled) and transition conditions (conditions that allow for automated or manual transition between states) 
   2. Create the approval definitions for the model
      1. An approval definition specifies the approval action, who will be doing the approval. Approval definitions are called in approval policies. In approval definitions you define the following:
         • Approval action (approve, reject, add user approval, add group approval)
         • Approver source (e.g., approval definition, change request (can be dynamic))
         • Approver source reference (e.g., user field, group field)
         • Wait for or approval type (e.g., first response, all approvers, % of approvers in the group) 
   3. Create the approval policies and decisions for the model
   1. Approval policies define the inputs, rules and conditions that assess those inputs, and ultimate approval decision for a change.
   2. Approval policies are powerful in that they can leverage structured data within ServiceNow as the inputs.
      • At earlier stages of change maturity these policies may only look at risk and state, but as you make use of additional data these policies can become more complex and robust.
      • At later stages in the Modern Change maturity journey we’ll define other operational data and external data that can be used to augment approval policies and drive more robust change approval automation
   3. The approval definitions defined in the prior step will be used as the possible outcomes of the approval policy decisions (auto-approve, auto-reject, route for manual user/group approval)
   4. Create or update the flows to associate with the model and approval policies
      1. Approval policies will not be associated to or trigger with any changes unless they are tied to the relevant flow in Flow Designer
      2. There is an OOTB action in Flow Designer to ‘Apply Change Approval Policy’
      3. If you are creating a new flow, we recommend duplicating one of the OOTB flows and modifying it
      4. It’s best practice to create flows that are unique to both the change model AND the change model state (i.e., state-based flows). This will ease ongoing maintenance of these specific flows. Flows can be easily duplicated and modified to fit other change model use cases.  
   5. Test the new change model, associated flows, and approval policies
      • Check that the following are in place: access controls, appropriate record presets and read only fields, model has the correct states, manual vs automated state transitions execute as expected, and flows and approval policies execute as expected
   6. Deploy initial change model to pilot teams and monitor effectiveness using available (Change Success Score, Change Model Success, Change Velocity, etc.) or better yet, build your own reporting and dashboards using Platform Analytics.
4. Summary & putting it all together.
   1. This first stage in the maturity journey is about setting up the foundation for expansion into broader change model usage, adoption of additional modern change functionality, and enabling a transition away from legacy change implementation technologies (e.g., workflow, change types)
   2. Note how the different features within Modern Change are modular in nature. They are defined and maintained individually but are put together, in different combinations, to define an organization’s change process. Change models define the change process for a particular use case, approval policies define the governance, and state-based flows define change state validation and progression.

**Our team is still working on building out our more detailed recommendations for maturity steps 2-5. Please refer back to this article periodically to see these additional recommendations and review any updates to this maturity journey.**

 

Back to top & table of contents

How is Change Management related to Release Management?

Change Management is the process of managing changes (planning, scheduling, assessing, implementing) to an organization’s IT infrastructure that may impact IT services or systems with the goal of ensuring that changes are deployed in a controlled manner and do not negatively impact IT services or systems. Release Management is the process of managing the release (planning, designing, building, testing/validating, deploying) of new or updated IT services or systems into production.

 

In simple terms, one can think of Change Management as the final gatekeeper with the objective of protecting the production environment and Release Management as the implementation process that prepares new code/changes ready for deployment to production. Before the product of a release - a new version of an IT service or application - can be pushed to production, a change request is necessary as the final gate to minimize potential negative impact and provide traceability.

 

Back to top & table of contents

Where can I learn more about Modern Change?

• One of the best places to both engage with us and customers like you is ServiceNow’s ITSM Community page. There are a few key articles related to Modern Change you can reference:
  • DevOps Change Velocity Lab Guide
• Modern Change Management Launch & Learn series – webinar series covering an overview of what Modernizing Change means and deep dive sessions into key capabilities we provide to support Modern Change
• Modern Change Academy – monthly, ongoing webinar series that covers one Modern Change related topic. This article has the link to register and links to past sessions.
• DevOps Change Velocity Community – Community page dedicated to assets related to DevOps Change Velocity. Helpful assets include:
• Now Create Collateral – assets to support in your implementation/adoption journey
• DevOps Change Velocity Fundamentals
• Process Guide
• Process Workshop Deck
• Starter Stories
• Now Learning Assets – courses to support in your understanding of ServiceNow capabilities
  • DevOps Change Velocity Fundamentals