Re-Envision Enterprise Printing

Don't settle for printer consolidation; seek the elimination of print

Analystperspective

You're likely not in the printing business.
Prepare your organization for the future by reducing print.

Initiatives to reduce printers are often met with end-user resistance. Don't focus on the idea of taking something away from end users. Instead, focus on how print reduction fits into larger goals of business process improvement, and on opportunities to turn the vendor into a partner who drives business process improvement through ongoing innovation and print reduction.

What are your true print use cases? Except in some legitimate use cases, printing often introduces friction and does not lead to efficiencies. Companies investing in digital transformation and document management initiatives must take a hard look at business processes still reliant on hard copies. Assess your current state to identify what the current print volume and costs are and where there are opportunities to consolidate and reduce.

Change your financial model. The managed print services industry allows you to use a pay-as-you-go approach and right-size your print spend to the organization's needs. However, in order to do printing-as-a-service right, you will need to develop a good RFP and RFP evaluation process to make sure your needs are covered by the vendor, while also baking in assurances the vendor will partner with you for continuous print reduction.

Emily Sugerman
Research Analyst, Infrastructure & Operations
Info-Tech Research Group

Darin Stahl
Principal Research Advisor, Infrastructure & Operations
Info-Tech Research Group

Executive summary

Your Challenge

IT directors and business operations managers face several challenges:

• Too many known unknowns: Enterprises may be overspending on printing, but this spend is often unknown and untracked.
• Opportunity costs: By locking into conventional printer leases and outdated document management, you are locking yourself out of the opportunity to improve business processes.

Common Obstacles

Printer reduction initiatives are stymied by:

• End-user resistance: Though sometimes the use of paper remains necessary, end users often cling to paper processes out of concern about change.
• Lack of governance: You lack insight into legitimate print use cases and lack full control over procurement of devices and consumables.
• Overly generic RFP: Print requirements are not tailored to your organization, and your managed print services RFP does not ask enough of the vendor.

Info-Tech's Approach

Follow these steps to excise superfluous, costly printing:

• Identify reduction opportunities via a thorough inventory and requirements-gathering process, and educate others on the financial and non-financial benefits. Enforce reduced printing through policies.
• Change your printing financial model to print-as-a-service by building an RFP and scoring tool for managed print services that makes the vendor a partner in continuous innovation.
• Leverage durable print management software to achieve vendor-agnostic governance and visibility.

Info-Tech Insight

Don't settle for printer consolidation: seek to eliminate print and enlist your managed print services vendor to help you achieve that goal.

Your challenge

This research is designed to help organizations that aim to reduce printing long term

• Finally understand aggregate printing costs: Not surprisingly, printing has become a large hidden expense in IT. Enterprises may be overspending on printing, but this spend is often unknown and untracked. Printer consumables are purchased independently by each department, non-networked desktop printers are everywhere, and everyone seems to be printing in color.
• Walk the walk when it comes to digital transformation: Outdated document management practices that rely on unnecessary printing are not the foundation upon which the organization can improve business processes.
• Get out of the printing business: Hire a managed print provider and manage that vendor well.

"There will be neither a V-shaped nor U-shaped recovery in demand for printing paper . . . We are braced for a long L-shaped decline."
–Toru Nozawa, President, Nippon Paper Industries (qtd. in Nikkei Asia, 2020).

Weight of paper and paperboard generated in the U.S.*

*Comprises nondurable goods (including office paper), containers, and packaging.

**2020 data not available.

Source: EPA, 2020.

Common obstacles

These barriers make this challenge difficult to address for many organizations:

• Cost-saving opportunities are unclear: In most cases, nobody is accountable for controlling printing costs, so there's a lack of incentive to do so.
• End-user attachment to paper-based processes: For end users who have been relying on paper processes, switching to a new way of working can feel like a big ask, particularly if an optimized alternative has not been provided and socialized.
• Legitimate print use cases are undefined: Print does still have a role in some business processes (e.g. for regulatory reasons). However, these business processes have not been analyzed to determine which print use cases are still legitimate. The WFH experience during the COVID-19 pandemic demonstrated that many workflows that previously incorporated printing could be digitized. Indeed, the overall attachment to office paper is declining (see chart).
• Immature RFP and RFP scoring methods: Outsourcing print to a managed service provider necessitates careful attention to RFP building and scoring. If your print requirements are not properly tailored to your organization and your managed print services RFP does not ask enough of the vendor, it will be harder to hold your vendor to account.

How important is paper in your office?

Quocirca, a printer industry market research firm, found that the number of organizations for whom paper is "fairly or very important to their business" has dropped 10 percentage points between 2019 and 2021.

Source: Quocirca, 2021.

Info-Tech's approach

Permanently change your company's print culture

1. Plan your Project

• Create your project charter, investigate end user printer behavior and reduction opportunities, gather requirements and calculate printer costs

• Protect yourself by building the right requirements into your RFP, evaluating candidates and negotiating from a strong position

• Identify printers to consolidate and eliminate, install them, and communicate updated printer policy

The Info-Tech difference:

1. Use Info-Tech's tracking tools to finally track data on printer inventory and usage.
2. Get to an RFP for managed print services faster through Info-Tech's requirement selection activity, and use Info-Tech's scoring tool template to more quickly compare candidates and identify frontrunners and knockouts.
3. Use Info-Tech's guidance on print management software to decouple your need to govern the fleet from any specific vendor.

Info-Tech's methodology for Re-Envision Enterprise Printing

Insight summary

Keep an eye on the long-term goal of eliminating print

Don't settle for printer consolidation: seek to eliminate print and enlist your managed print services vendor to help you achieve that goal.

Persuading leaders is key

Good metrics and visible improvement are important to strengthen executive support for a long-term printer reduction strategy.

Tie printer reduction into business process improvement

Achieve long-lasting reductions in print through document management and improved workflow processes.

Maintain clarity on what types of printer use are and aren't supported by IT

Modifying and enforcing printing policies can help reduce use of printers.

Print management software allows for vendor-agnostic continuity

Print management software should be vendor-agnostic and allow you to manage devices even if you change vendors or print services.

Secure a better financial model from the provider

Simply changing your managed print services pay model to "pay-per-click" can result in large cost savings.

Blueprint deliverables

Key deliverable:

Managed Print Services RFP

This blueprint's key deliverable is a completed RFP for enterprise managed print services, which feeds into a scoring tool that accelerates the requirements selection and vendor evaluation process.

Managed Print Services Vendor Assessment Questions

Managed Print Services RFP Template

Managed Print Services RFP Vendor Proposal Scoring Tool

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Enterprise Printing Project Charter

Document the parameters of the print reduction project, your goals, desired business benefits, metrics.

Enterprise Printing Roles and Responsibilities RACI Guide

Assign key tasks for the project across strategy & planning, vendor selection, implementation, and operation.

Printer Policy

Start with a policy template that emphasizes reduction in print usage and adjust as needed for your organization.

Printer Reduction Tool

Track the printer inventory and calculate total printing costs.

End-User Print Requirements Survey

Base your requirements in end user needs and feedback.

Blueprint benefits

IT benefits

• Make the project charter for printer reduction and estimate cost savings
• Determine your organization's current printing costs, usage, and capabilities
• Define your organization's printing requirements and select a solution
• Develop a printer policy and implement the policy

Business benefits

• Understand the challenges involved in reducing printers
• Understand the potential of this initiative to reduce costs
• Accelerate existing plans for modernization of paper-based business processes by reducing printer usage
• Contribute to organizational environmental sustainability targets

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation

"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

Workshop

"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

Consulting

"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 8 to 12 calls over the course of 4 to 6 months.

Phase 1

Strategy and Planning

Re-Envision Enterprise Printing

• This phase will walk you through the following activities:
• Create a list of enterprise print roles and responsibilities
• Create project charter
• Inventory printer fleet and calculate printing costs
• Examine current printing behavior and identify candidates for device elimination
• Gather requirements, including through end user survey

This phase involves the following participants:

• IT director/CIO
• Business operations manager
• Project manager

Step 1.1

Create project charter and assign roles

Outcomes of this step

Completed Project Charter with RACI chart

Phase 1: Strategy and Planning

• Step 1.1 Create project charter and assign roles
• Step 1.2 Assess current state
• Step 1.3 Gather requirements

This step involves the following participants:

• IT director/CIO
• Business operations manager
• Project manager

Activities in this step

• Create a list of enterprise print roles and responsibilities
• Create project charter

1.1 Create project charter

Use the project charter to clearly define the scope and avoid scope creep

Identify project purpose

• Why is the organization taking on this project? What are you trying to achieve?
• What is the important background you need to document? How old is the fleet? What kinds of printer complaints do you get? What percentage of the IT budget does printing occupy?
• What specific goals should this project achieve? What measurable financial and non-financial benefits do these goals achieve?

Identify project scope

• What functional requirements do you have?
• What outputs are expected?
• What constraints will affect this project?
• What is out of scope for this project?

What are the main roles and responsibilities?

• Who is doing what for this project?

How will you measure success?

• What are the project's success metrics and KPIs?

Enterprise Printing Project Charter

Anticipate stakeholder resistance

Getting management buy-in for printer reduction is often one of the biggest challenges of the project.

Info-Tech Insight

If printer reduction is not driven and enforced from the top down, employees will find ways to work around your policies and changes. Do not attempt to undertake printer reduction initiatives without alerting executives. Ensure visible executive support to achieve higher cost savings.

Align the printer reduction project to org goals to achieve buy-in

A successful IT project demonstrates clear connections to business goals

Which business and organizational goals and drivers are supported by IT's intention to transform its printing ecosystem? For example,

Legislation: In 2009, the Washington House of Representatives passed a bill requiring state agencies to implement a plan to reduce paper consumption by 30% (State of Washington, 2009). The University of Washington cites this directive as one of the drivers for their plans to switch fully to electronic records by 2022 (University of Washington, n.d.).

Health care modernization: Implementing electronic health records; reducing paper charts.

Supply chain risk reduction: In 2021, an Ontario district school board experienced photocopier toner shortages and were forced to request schools to reduce printing and photocopying: "We have recommended to all locations that the use of printing be minimized as much as possible and priority given to the printing of sensitive and confidential documentation" (CBC, 2021).

Identify overall organizational goals in the following places:

• Company mission statements
• Corporate website
• Business strategy documents
• Other IT strategy documents
• Executives

Document financial and non-financial benefits

Financial benefits: Printer reduction can reduce your printing costs and improve printing capabilities.

• Printer reduction creates a controlled print environment; poorly controlled print environments breed unnecessary costs.
• Cost savings can be realized through:
  • Elimination of cost-efficient inkjet desktop printers.
  • Elimination of high-cost, inefficient, or underutilized printers.
  • Sharing of workshop printers between an optimal number of end users.
  • Replacing separate printers, scanners, copiers, and fax machines with. multi-function devices.
• Cost savings can be achieved through a move to managed print services, if you negotiate the contract well and manage the vendor properly. The University of Washington estimated a 20-25% cost reduction under a managed print services model compared to the existing lease (University of Washington, "What is MPS").

Non-financial benefits: Although the main motivation behind printer reduction is usually cost savings, there are also non-financial benefits to the project.

• Printer reduction decreases physical space required for printers
• Printer reduction meets employee and client environmental demands
  • Printer reduction can reduce the electricity and consumables used
  • Reduction in consumables means reduced hazardous waste from consumables and devices
• Printer reduction can result in better printing capabilities
  • Moving to a managed print services model can provide you with better printing capabilities with higher availability

Assign responsibility to track print device costs to IT

Problem:
Managers in many organizations wrongly assume that since IT manages the printer devices, they also already manage costs.

However, end users typically order printer devices and supplies through the supplies/facilities department, bypassing any budget approval process, or through IT, which does not have any authority or incentive to restrict requests (when they're not measured against the controlling of printer costs).

Organization-wide printer usage policies are rarely enforced with any strictness.

Without systematic policy enforcement, end-user print behavior becomes frivolous and generates massive printing costs.

Solution:
Recommend all print device costs be allocated to IT.

• Aggregate responsibility: Recommend that all printer costs be aggregated under IT's budget and tracked by IT staff.
• Assign accountability: Although supplies may continually be procured by the organization's supplies/facilities department, IT should track monthly usage and costs by department.
• Enforce policy: Empower IT with the ability to enforce a strict procurement policy that ensures all devices in the print environment are approved models under IT's control. This eliminates having unknown devices in the printer fleet and allows for economies of scale to be realized from purchasing standardized printing supplies.
• Track metrics: IT should establish metrics to measure and control each department's printer usage and flat departments that exceed their acceptable usage amounts.

Assign accountability for the initiative

Someone needs to have accountability for both the printer reduction tasks and the ongoing operation tasks, or the initiative will quickly lose momentum.

Customize Info-Tech's Enterprise Printing Roles and Responsibilities RACI Guide RACI chart to designate project roles and responsibilities to participants both inside and outside IT.

These tasks fall under the categories of:

• Strategy and planning
• Vendor selection, evaluation, and acquisition
• Implementation
• Operate

Assign a RACI: Remember the meaning of the different roles

• Responsible (does the work on a day-to-day basis)
• Accountable (reviews, signs off on, and is held accountable for outcomes)
• Consulted (input is sought to feed into decision making)
• Informed (is given notification of outcomes)

As a best practice, no more than one person should be responsible or accountable for any given process. The same person can be both responsible and accountable for a given process, or it could be two different people.

Avoid making someone accountable for a process if they do not have full visibility into the process for appropriate oversight, or do not have time to give the process sufficient attention.

The Enterprise Printing Roles and Responsibilities RACI Guide can be used to organize and manage these tasks.

Define metrics to measure success

Track your project success by developing and tracking success metrics

Ensure your metrics relate both to business value and customer satisfaction. "Reduction of print" is a business metric, not an experience metric.

Frame metrics around experience level agreements (XLAs) and experience level objectives (XLOs): What are the outcomes the customer wants to achieve and the benefits they want to achieve? Tie the net promoter score into the reporting from the IT service management system, since SLAs are still needed to tactically manage the achievement of the XLOs.

Use the Metrics Development Workbook from Info-Tech's Develop Meaningful Service Metrics to define:

• Relevant stakeholders
• Their goals and pain points
• The success criteria that must be met to achieve these goals
• The key indicators that must be measured to achieve these goals from an IT perspective
• What the appropriate IT metrics are, based on all of the above

Metrics could include

• User satisfaction
• Print services net promoter model
• Total printing costs
• Printer availability (uptime)
• Printer reliability (mean time between failures)
• Total number of reported incidents
• Mean time for vendor to respond and repair

Info-Tech Insight:

Good metrics and visible improvement are important to strengthen executive support for a long-term printer reduction strategy.

Step 1.2

Assess current state

Outcomes of this step

• Aggregate view of your printer usage and costs

Strategy and Planning

This step involves the following participants:

• IT director/CIO
• Business operations manager
• Project manager

Activities in this step

• 1.2. Inventory your printer fleet: Office walk-around
• 1.2 Inventory your printer fleet: Collect purchase receipts/statements/service records
• 1.3 Calculate printing costs

Create an aggregate view of your printer usage and costs

Problem: Lack of visibility

• Most organizations are unaware of the savings potential in reducing print due to a lack of data.
• Additionally, organizations may have inappropriately sized devices for their workloads.
• Often, nobody is responsible for managing the printers collectively, resulting in a lack of visibility into printing activity. Without this visibility, it is difficult to muster executive commitment and support for printer reduction efforts.
• The first step to eliminating your printers is to inventory all the printers in the organization and look at an aggregate view of the costs. Without understanding the cost saving potential, management will likely continue to avoid printer changes due to the idea's unpopularity with end users.
• Valid use cases for printers will likely still remain, but these use cases should be based on a requirements analysis.

Create visibility through by following these steps:

1. Office walk-around: Most organizations have no idea how many printers they have until they walk around the office and physically count them. This is especially true in cases where management is allowed to purchase personal printers and keep them at their desks. An office walk-around is often necessary to accurately capture all the printers in your inventory.
2. Collect purchase receipts/statements/service records: Double-check your printer inventory by referring to purchase receipts, statements, and service records.
3. Identify other sources of costs: Printer purchases only make up a small fraction of total printing costs. Operating costs typically account for 95% of total printer costs. Make sure to factor in paper, ink/toner, electricity, and maintenance costs.

1.2.1 Inventory your printer fleet: part 1

Office walk-around

1. Methodically walk around the office and determine the following for each printer:
   • Device type
   • Make, model, serial number
   • Location
   • Number of users supported
   • Device owner
   • Type of users supported (department, employee position)
2. Record printer details in Tab 1 of Info-Tech's Printer Reduction Tool. Collaborate with the accounting or purchasing department to determine the following for each printer recorded:
   • Purchase price/date
   • Monthly duty cycle
   • Estimated remaining useful life
   • Page count to date

Download the Printer Reduction Tool

1.2.2 Inventory your printer fleet:
part 2

Collect purchase receipts/statements/service records

1. Ask your purchasing manager for purchase receipts, statements, and service records relating to printing.
2. For documents found, match the printer with your physical inventory. Add any printers found that were not captured in the physical inventory count. Record the following:
   1. Device type
   2. Make, model, serial number
   3. Location
   4. Number of users supported
   5. Device owner
   6. Type of users supported (department, employee position)
3. 3. Collaborate with the accounting or purchasing department to determine the following for each printer recorded:
   1. Purchase price/date
   2. Monthly duty cycle
   3. Estimated remaining useful life
   4. Page count to date
4. Enter the data in Tab 1 of the Printer Reduction Tool

Download the Printer Reduction Tool

1.2.3 Calculate your printing costs

Collect purchase receipts/statements/service records

• Collect invoices, receipts, and service records to sum up the costs of paper, ink or toner, and maintenance for each machine. Estimate electricity costs.
• Record your costs in Tab 2 of the Printer Reduction Tool.
• Review the costs per page and per user to look for particularly expensive printers and understand the main drivers of the cost.
• Review your average monthly cost and annual cost per user. Do these costs surprise you?

Step 1.3

Gather printing requirements

Outcomes of this step

• Understanding of the organization's current printing behavior and habits
• Identification of how industry context and digitization of business processes have impacted current and future requirements

This step involves the following participants:

• IT director
• IT staff
• Rest of organization

Activities in this step

• Examine current printing behavior and habits
• Administer end-user survey
• Identify current requirements
• Identify future requirements

Requirements Gathering Overview

1. Identify opportunities to go paperless
   • Determine where business process automation is occurring
   • Align with environmental and sustainability campaigns
2. Identify current requirements
   • Review the types of document being printed and the corresponding features needed
   • Administer end-user survey to understand user needs and current printer performance
3. Identify future requirements

• Identify future requirements to avoid prematurely refreshing your printer fleet

Stop: Do not click "Print"

The most effective way to achieve durable printing cost reduction is simply to print less.

• Consolidating devices and removing cost-inefficient individual printers is a good first step to yielding savings.
• However, more sustainable success is achieved by working with the printer vendor(s) and the business on continuous innovation via proposals and initiatives that combine hardware, software, and services.
• Sustained print reduction depends on separate but related business process automation and digital innovation initiatives.

Info-Tech Insight:

Achieve long-lasting reductions in print through document management and improved workflow processes.

Leverage Info-Tech research to support your business' digital transformation

Define how changes to enterprise printing fit into digital transformation plans

Identify opportunities to go paperless

The "paperless office" has been discussed since the 1970s. The IT director alone does not have authority to change business processes. Ensure the print reduction effort is tied to other strategies and initiatives around digital transformation. Working on analog pieces of paper is not digital and may be eroding digital transformation process.

Leverage Info-Tech's Assert IT's Relevance During Digital Transformations to remind others that modernization of the enterprise print environment belongs to the discussion around increasing digitized support capabilities.

Eliminate business process friction caused by print

Analyze workflows for where they are still using paper. Ask probing questions about where paper still adds value and where the business process is a candidate for paperless digital transformation

• Is this piece of paper only being used to transfer information from one application to another?
• What kind of digitalization efforts have happened in the business as a result of the COVID-19 pandemic? Which workflows have digitized on their own?
• Where has e-signature been adopted?
• Is this use of paper non-negotiable (e.g. an ER triage that requires a small printer for forms; the need for bank tellers to provide receipts to customers)?
• Do we have compliance obligations that require us to retain a paper process?
• What is getting printed? Who is printing the most? Identify if there are recurring system-generated reports being printed daily/weekly/quarterly that are adding to the volume. Are reports going directly from staff mailboxes to a recycling bin?
• Does our print financial model incentivize the transformation of business processes, or does it reinforce old habits?
• What services, software, and solutions for document management and business process analysis does our managed print services vendor offer? Can we involve the vendor in the business transformation conversation by including an innovation clause in the next contract (re)negotiation to push the vendor to offer proposals for projects that reduce print?

Develop short-term and long-term print reduction strategies

Short-term strategies

• Consolidate the number of printers you have.
• Determine whether to outsource printing to a managed services provider and make the move.
• Enable print roaming and IT verification.
• Require user-queued print jobs to be authenticated at a printer to prevent print jobs that are lost or not picked up.
• Set up user quotas.
• Provide usage records to business managers so they can understand the true cost of printing.
• User quotas may create initial pushback, but they lead users to ask themselves whether a particular print job is necessary.
• Renegotiate print service contracts.
• Revisit contracts and shop around to ensure pricing is competitive.
• Leverage size and centralization by consolidating to a single vendor, and use the printing needs of the entire enterprise to decrease pricing and limit future contractual obligations.
• Train users on self-support.
• Train users to remedy paper jams and move paper in and out of paper trays.

Long-term strategies

• Promote a paperless culture by convincing employees of its benefits (greater cost savings, better security, easier access, centralized repository, greener).
• Educate users to use print area wisely.
• Develop campaigns to promote black and white printing or a paperless culture.

Info-Tech Insight:

One-time consolidation initiatives leave money on the table. The extra savings results from changes in printing culture and end-user behavior.

Examine current printing behavior and habits

It's natural for printer usage and printing costs to vary based on office, department, and type of employee. Certain jobs simply require more printing than others.

However, the printing culture within your organization likely also varies based on

• office
• department
• type of employee

Examine the printing behaviors of your employees based on these factors and determine whether their printing behavior aligns with the nature of their job.

Excessive printing costs attributed to departments or groups of employees that don't require much printing for their jobs could indicate poor printing culture and potentially more employee pushback.

Examine current printing behavior and habits, and identify candidates for elimination

1. Go to Tab 3 of your Printer Reduction Tool ("Usage Dashboard Refresh"). Right-click each table and press "Refresh."
2. Go to Tab 4 of your Printer Reduction Tool ("Usage Dashboard") to understand the following:
   1. Average printer utilization by department
   2. Pages printed per month by department
   3. Cost per user by department
3. Take note of the outliers and expensive departments.
4. Review printer inventory and printer use rates on Tab 5.
5. Decide which printers are candidates for elimination and which require more research.
6. If already working in a managed print services model, review the vendor's recommendations for printer elimination and consolidation.
7. Mark printers that could be eliminated or consolidated.

Administer end-user survey

Understand end-user printing requirements and current printer performance through an end-user survey

1. Customize Info-Tech's End-User Print Requirements Survey to help you understand your users' needs and the current performance of your printer fleet.
2. Send the survey to all printer users in the organization.
3. Collect the surveys and aggregate the requirements of users in each department.
4. Record the survey results in the "Survey Results" tab.

Download the End-User Print Requirements Survey

Info-Tech Insight:

Use an end-user printer satisfaction survey before and after any reduction efforts or vendor implementation, both as a requirement-gathering user input and to measure/manage the vendor.

Identify your current requirements

Collect all the surveys and aggregate user requirements. Input the requirements into your Printer Reduction Tool.

Discussion activity:

• Review the requirements for each department and discuss:
• What is this device being used for (e.g. internal documents, external documents, high-quality graphics/color)?
• Based on its use case, what kinds of features are needed (e.g. color printing, scanning to email, stapling)?
• Is this the right type of device for its purpose? Do we need this device, or can it be eliminated?
• Based on its use case, what kinds of security features are needed (e.g. secure print release)?
• Are there any compliance requirements that need to be satisfied (e.g. PCI, ITAR, HIPAA)?
• Based on its use case, what's the criticality of uptime?
• What is this device's place in the organization's workflow? What are its dependencies?
• With which systems is the device compatible? Is it compatible with the newer operating system versions? If not, determine whether the device is a refresh candidate.

Identify your future requirements

Prepare your printer fleet for future needs to avoid premature printer refreshes.

Discussion activity:

• Review the current requirements for each department's printers and discuss whether the requirements will meet the department's printing needs over the next 10 years.
• What is this device going to be used for in the next 10 years?
• Will use of this device be reduced by plans to increase workflow digitization?
• Based on its use case, what kinds of features are needed?
• Is this the right type of device for its purpose?
• Based on its use case, what kinds of security features are needed?
• Based on its use case, what is the criticality of uptime?
• Is this device's place in the organization's workflow going to change? What are its dependencies?
• Reassess your current requirements and make any changes necessary to accommodate for future requirements.

Examine requirements specific to your industry and workflow

Some common examples of industries with specific printing requirements:

• Healthcare
  • Ability to comply with HIPAA requirements
  • High availability and reliability with on-demand support and quick response times
  • Built-in accounting software for billing purposes
  • Barcode printing for hospital wristbands
  • Fax requirements
• Manufacturing
  • Barcoding technology
  • Ability to meet regulations such as FDA requirements for the pharmaceutical industry
  • Ability to integrate with ERP systems
• Education
  • Password protection for sensitive student information
  • Test grading solutions
  • Paper tests for accessibility needs

Phase 2

Vendor Selection, Evaluation, Acquisition

Re-Envision Enterprise Printing

• This phase will walk you through the following activities:
• Define managed print services RFP requirement questions
• Create managed print services RFP and scoring tool
• Score the RFP responses

This phase involves the following participants:

• IT director/CIO
• Business operations manager
• Project manager

Change your financial model

The managed print services industry allows you to use a pay-as-you-go approach and right-size your print spend to the organization's needs.

Avoid being locked into a long lease where the organization pays a fixed monthly fee whether the printer runs or not.

Instead, treat enterprise printing as a service, like the soda pop machine in the break room, where the vendor is paid when the device is used. If the vending machine is broken, the vendor is not paid until the technician restores it to operability. Printers can work the same way.

By moving to a per click/page financial model, the vendor installs and supports the devices and is paid whenever a user prints. Though the organization pays more on a per-click/page basis compared to a lease, the vendor is incentivized to right-size the printer footprint to the organization, and the organization saves on monthly recurring lease costs and maintenance costs.

Right-size commitments: If the organization remains on a lease instead of pay-per-click model, it should right-size the commitment if printing drops below a certain volume. In the agreement, include a business downturn clause that allows the organization to right-size and protect itself in the event of negative growth.

Understand the managed print services model and its cost savings

Outsourcing print services can monitor and balance your printers and optimize your fleet for efficiency. Managed print services are most appropriate for:

• Organizations engaging in high-volume, high-quality print jobs with growing levels of output.
• Organizations with many customer-facing print jobs.

There are three main managed printing service models. Sometimes, an easy switch from a level pay model to a pay-per-click model can result in substantial savings:

Level Pay

• Flat rate per month based on estimates.
• Attempts to flatten IT's budgeting so printing costs are consistent every month or every year (for budgeting purposes). At the end of the year, the amount of supplies used is added up and compared with the initial estimates and adjusted accordingly.
• The customer pays the same predictable fee each month every year, even if you don't meet the maximum print quantity for the pay. Increased upcharge for quantities exceeding maximum print quantity.

Base Plus Click

• Fixed base payment (lease or rental) + pay-per-sheet for services.
• In addition to the monthly recurring base cost, you pay for what you use. This contract may be executed with or without a minimum monthly page commitment. Page count through remote monitoring technologies is typically required.

Pay Per Click

• Payment is solely based on printing usage.
• Printing costs will likely be the lowest with this option, but also the most variable.
• This option requires a minimum monthly page commitment and/or minimum term.

Info-Tech Insight:

Vendors typically do not like the pay-per-click option and will steer businesses away from it. However, this option holds the vendor accountable for the availability and reliability of your printers, and Info-Tech generally recommends this option.

Compare financials of each managed print services option

Your printing costs with a pay-per-click model are most reflective of your actual printer usage. Level pay tends to be more expensive, where you need to pay for overages but don't benefit from printing less than the maximum allocated.

See the below cost comparison example with level pay set at a maximum of 120,000 impressions per month. In the level pay model, the organization was paying for 120,000 sheets in the month it only used 60,000 impressions, whereas it would have been able to pay just for the 60,000 sheets in the pay-per-click model.

Financial comparison case study

This organization compared estimated costs over a 36-month period for the base-plus-click and pay-per-page models for Toshiba E Studio 3515 AC Digital Color Systems.

Results

Though the per-image cost for each image is lower in the base-plus-click model, the added monthly recurring costs for the lease means the "net pay per click" is higher.

Overall, the pay-per-page estimate saved $10,044 over a 36-month period for this device.

Bake continuing innovation into your requirements

Once you are in the operation phase, you will need to monitor and analyze trends in company printing in order to make recommendations for the future and to identify areas for possible savings and/or asset optimization.

Avoid a scenario where the vendor drops the printer in your environment and returns only for repairs. Engage the vendor in this continuous innovation work:

In the managed services agreement, include a proviso for continuous innovation where the vendor has a contractual obligation to continually look at the business process flow and bring yearly proposals to show innovation (e.g. cost reductions; opportunities to reduce print, which allows the vendor to propose document management services and record keeping services). Leverage vendors who are building up capabilities to transform business processes to help with the heavy lifting.

Establish a vision for the relationship that goes beyond devices and toner. The vendor can make a commitment to continuous management and constant improvement, instead of installing the devices and leaving. Ideally, this produces a mutually beneficial situation: The client asks the vendor to sell them ways to mature and innovate the business processes, while the vendor retains the business and potentially sells new services. In order to retain your business, the vendor must continue to learn and know about your business.

The metric of success for your organization is the simple reduction in printed copies overall. The vendor success metric would be proposals that may combine hardware, software, and services that provide cost-effective reductions in print through document management and workflow processes. The vendors should be keen to build this into the relationship since the services delivery has a higher margin for them.

Sample requirement wording:

"Continuing innovation: The contractor initiates at least one (1) project each year of the contract that shows leadership and innovation in solutions and services for print, document management, and electronic recordkeeping. Bidders must describe a sample project in their response, planning for an annual investment of approximately 50 consulting hours and $10,000 in hardware and/or software."

Reward the vendor for performance instead of "punishing" them for service failures

Problem: Printer downtime and poor service is causing friction with your managed service provider (MSP).

MSPs often offer clients credit requests (service credits) for their service failures, which are applied to the previous month's monthly recurring charge. They are applied to the last month's MRC (monthly reoccurring charges) at the end of term and then the vendor pays out the residual.

However, while common, service credits are not always perceived to be a strong incentive for the provider to continually focus on improvement of mean time to respond or mean time to repair.

Solution: Turn your vendor into a true partner by including an "earn back" condition in the contract.

• Engage the vendor as a true partner within a relationship based upon service credits.
• Suggest that the vendor include a minor change to the non-performance processes within the final agreement: the vendor implements an "earn back" condition in the agreement.
• Where a bank of service credits exists because of non-performance, if the provider exceeds the SLA performance metrics for a number of consecutive months (two is common), then a given number of prior credits received by the client are returned to the provider as a reward for improved performance.
• This can be a useful mechanism to drive improved performance.

Leverage enterprise print management software

Printers are commoditized and can come and go, but print management software enables the governance, compliance, savings and visibility necessary for the transformation

• Printer management solutions range from tools bundled with ink-jet printers that track consumables' status, to software suites that track data for thousands of print devices.
• Typically, these solutions arrive in enterprises as part of larger managed services printing engagements, bundled with hardware, financing, maintenance, and "services."
• Bundling print management software means that customers very rarely seek to acquire printing management software alone.
• Owing to the level of customization (billing, reporting, quotas, accounts, etc.) switching print management software solutions is also rare. The work you put into this software will remain with IT regardless of your hardware.
• Durability of print management software is also influenced by the hardware- and technology-agnostic nature of the solutions (e.g. swapping one vendor's devices for another does not trigger anything more than a configuration change in print management software.)

Include enterprise print management requirements in the RFP

Ask respondents to describe their managed services capabilities and an optional on-premises, financed solution with these high-level capabilities.

Select the appropriate type of print management software

Vendor-provided solutions are adequate control for small organizations with simple print environments

• Suitable for small organizations (<100 users).
• Software included with print devices can pool print jobs, secure access, and centralize job administration.
• Dealing with complex sales channels for third-party vendors is likely a waste of resources.

SMBs with greater print control needs can leverage mid-level solutions to manage behavior

• Suitable for mid-size organizations (<500 users).
• Mid-level software can track costs, generate reports, and centralize management.
• Solutions start at $500 but require additional per-device costs.

Full control solutions will only attract large organizations with a mature print strategy

• Full control solutions tend to be suitable for large organizations (>500 users) with complex print environments and advanced needs.
• Full control software allows for absolute enforcement of printing policies and full control of printing.
• Expect to spend thousands for a tailored solution that will save time and guide cost savings.

Enterprise print management software features

The feature set for these tools is long and comprehensive. The feature list below is not exhaustive, as specific tools may have additional product capabilities.

Get to the managed print services RFP quicker

Jumpstart your requirements process using these tools and exercises

Vendor Assessment Questions

Use Info-Tech's catalog of commonly used questions and requirements in successful acquisition processes for managed print services. Ask the right questions to secure an agreement that meets your needs. If you are already in a contract with managed print services, take the opportunity of contract renewal to improve the contract and service.

RFP Template and "Schedule 1" Attachment

Add your finalized assessment questions into this table, which you will attach to your RFP. The vendor answers questions in this "Schedule 1" attachment and returns it to you.

RFP Scoring Tool

Aggregate the RFP responses into this scoring tool to identify the frontrunners and candidates for elimination. Since the vendors are asked to respond in a standard format, it is easier to bring together all the responses to create a complete view of your options.

Define RFP requirement questions

Include the right requirements for your organization, and avoid leaving out important requirements that might have been overlooked.

1. Download the Managed Print Services Vendor Assessment Questions tool. Use this document as a "shopping list" to jumpstart an initial draft of the RFP and, more importantly, scoring requirements.
2. Review the questions in the context of your near- and long-term printer outsourcing needs. Consider your environment, your requirements, and goals. Include other viewpoints from the RACI chart from Phase 1.
3. Place an 'X' in the first column to retain the question. Edit the wording of the question if required, based on your organizational needs.
4. Use the second column to indicate which section of the RFP to include the question in.

Download the Managed Print Services Vendor Assessment Questions tool

Create RFP scoring tool and RFP

1. Enter the requirements questions into the scoring tool on Tabs 2 and 4.
2. Tab 2: Create scoring column for each vendor. You will paste in their responses here.
3. Edit Tabs 3 and 4 so they align with what you want the vendor to see. Copy and paste Tab 3 and Tab 4 into a new document, which will serve as a "Schedule 1" attachment to the RFP package the vendor receives.
4. Complete the RFP template. Describe your current state and current printer hardware (documented in the earlier current-state assessment). Explain the rules of how to respond and how to fill out the Schedule 1 document. Instruct each vendor to fill in their responses to each question along with any notes, and to reply with a zip file that includes the completed RFP package along with any marketing material needed to support their response.
5. Send a copy of the RFP and Schedule 1 to each vendor under consideration.

Download the Managed Print Services RFP Vendor Proposal Scoring Tool

Download the Managed Print Services RFP template

Score RFP responses

1. When the responses are returned, copy and paste each vendor's results from Schedule 1 into Tab 2 of the main scoring tool.
2. Evaluate each RFP response against the RFP criteria based on the scoring scale.
3. Send the completed scoring tool to the CIO.
4. Set up a meeting to discuss the scores and generate shortlist of vendors.
5. Conduct further interviews with shortlisted vendors for due diligence, pricing, and negotiation discussions.
6. Once a vendor is selected, review the SLAs and contract and develop a transition plan.

Info-Tech Insight:

The responses from the low-scoring vendors still have value: these providers will likely provide ideas that you can then leverage with your frontrunner, even if their overall proposal did not score highly.

Phase 3

Implementation & Operation

Re-Envision Enterprise Printing

This phase will walk you through the following activities:

• Update your enterprise printer policies
• Readminister end-user survey to measure project success

This phase involves the following participants:

• IT director/CIO
• Business operations manager
• Project manager

Modify your printer policies

Review and modify Info-Tech's Printer Policy Template to support your print reduction goals

Consider that your goal is to achieve printer reduction. Discuss with your team how strict it needs to be to truly reset behavior with printers. Many organizations struggle with policy enforcement. Firm language in the policy may be required to achieve this goal. For example,

• IT only supports the printers acquired through the managed print service. Personal desktop printers are not supported by IT. Expense statements will not be accepted for non-supported printers.
• Create a procurement policy where all device requests need justification and approval by department managers and IT. Have a debate over what the extreme exceptions would be. Legitimate exceptions must go through a review and approval process.
• Restrict color printing to external or customer-facing use cases.
• Encourage digital or electronic solutions in lieu of hard copies (e.g. e-signatures and approval workflows; scanning; use of integrated enterprise applications like SharePoint).

Download the Printer Policy template

Readminister the end-user survey

You have already run this survey during the requirements-gathering phase. Run it again to measure success.

The survey was run once prior to the changes being implemented to establish a baseline of user satisfaction and to gain insights into additional requirements.

Several months after the initial rollout (90 days is typical to let the dust settle), resurvey the end users and publish or report to the administration success metrics (the current costs vs. the actual costs prior to the change).

User satisfaction survey can be used to manage the vendor, especially if the users are less happy after the vendor touched their environment. Use this feedback to hold the provider to account for improvement.

Measure project success

Revisit the pre-project metrics and goals and compare with your current metrics

• Identify printers to consolidate or eliminate.
• Update asset management system (enter software and hardware serial numbers or identification tags into configuration management system).
• Reallocate/install printers across the organization.
• Develop ongoing printer usage and cost reports for each department.
• Review the end-user survey and compare against baseline.
• Operate, validate, and distribute usage metrics/chargeback to stakeholders.
• Audit and report on environmental performance and sustainability performance to internal and external bodies, as required.
• Write and manage knowledgebase articles.
• Monitor and analyze trends in company printing in order to make recommendations for the future and to identify areas for possible savings and/or asset optimization.

Metrics could include

• User satisfaction
• Print services net promoter model
• Total printing costs
• Printer availability (uptime)
• Printer reliability (mean time between failures)
• Total number of reported incidents
• Mean time for vendor to respond and repair

Support training and adoption

Train users on self-support

Prepare troubleshooting guides and step-by-step visual aid posters for the print areas that guide users to print, release, and find their print jobs and fix common incidents on their own. These may include:

• The name of this printer location and the names of the others on that floor.
• How to enter a PIN to release a print job.
• How to fix a paper jam.
• How to empty the paper tray.
• How to log a service ticket if all other steps are exhausted.

Educate users to use print area wisely

• Inform users what to do if other print jobs appear to be left behind in the printer area.
• Display guidelines on printer location alternatives in case of a long line.
• Display suggestions on maximum recommended time to spend on a job in the event other users are waiting.

Develop campaign to promote paperless culture

Ensure business leadership and end users remain committed to thinking before they print.

• Help your users avoid backsliding by soliciting feedback on the new printer areas.
• Ensure timely escalation of service tickets to the vendor.
• Support efforts by the business to seek out business process modernization opportunities whenever possible.

Plan persuasive communication strategies

Identify cost-saving opportunities and minimize complaints through persuasive communication

Implement a continual improvement plan to achieve long-term enterprise print goals

Implement a continual improvement plan for enterprise printing:

• Develop a vendor management plan:
  • In order to govern SLAs and manage the vendor, ensure that you can track printer-related tickets even if the device is now supported by managed print services.
  • Ensure that printer service tickets sent from the device to the vendor are also reconciled in your ITSM tool. Require the MSP to e-bond the ticket created within their own device and ticketing system back to you so you can track it in your own ITSM tool.
  • Every two months, validate service credits that can be returned to the vendor for exceeding SLA performance metrics.
  • Monitor the impact of their digital transformation strategies. Develop a cadence to review the vendor's suggestions for innovation opportunities.
• Operate, validate, and distribute usage and experience metrics/chargeback to stakeholders.
• Monitor and analyze trends in company printing.

Summary of Accomplishment

Problem Solved

You have now re-envisioned your enterprise print environment by documenting your current printer inventory and current cost and usage. You also have hard inventory and usage data benchmarks that you can use to measure the success of future initiatives around digitalization, going paperless, and reducing print cost.

You have also developed a plan to go to market and become a consumer of managed print services, rather than a provider yourself. You have established a reusable RFP and requirements framework to engage a managed print services vendor who will work with you to support your continuous improvement plans.

Return to the deliverables and advice in this blueprint to reinforce the organization's message to end users on when, where, and how to print. Ideally, this project has helped you go beyond a printer refresh – but rather served as a means to change the printing culture at your organization.

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

Contact your account representative for more information

workshops@infotech.com
1-888-670-8889

Bibliography

Fernandes, Louella. "Quocirca Managed Services Print Market, 2021." Quocirca, 25 Mar. 2021. Accessed 12 Oct. 2021.

McInnes, Angela. "No More Photocopies, No More Ink: Thames Valley Schools Run Out of Toner." CBC, 21 Oct. 2021. Web.

"Paper and Paperboard: Material-Specific Data." EPA, 15 Dec. 2020. Accessed 15 Oct. 2021.

State of Washington, House of Representatives. "State Agencies – Paper Conservation and Recycling." 61st Legislature, Substitute House Bill 2287, Passed 20 April 2009.

Sugihara, Azusa. "Pandemic Shreds Office Paper Demand as Global Telework Unfolds." Nikkei Asia, 18 July 2020. Accessed 29 Sept. 2021.

"Paper Reduction." University of Washington, n.d. Accessed 28 Oct. 2021.

"What is MPS?" University of Washington, n.d. Accessed 16 Mar. 2022.

Research contributors

Jarrod Brumm
Senior Digital Transformation Consultant

Jacques Lirette
President, Ditech Testing

3 anonymous contributors

Info-Tech Research Group Experts

Allison Kinnaird, Research Director & Research Lead
Frank Trovato, Research Director

Align Projects With the IT Change Lifecycle

Increase the success of your changes by integrating project touchpoints in the change lifecycle.

Analyst Perspective

Executive Summary

Info-Tech Insight

Improvement can be incremental. You do not have to adopt every recommended improvement right away. Ensure every process change you make will create value, and slowly add improvements to ease buy-in.

Info-Tech’s approach

Use the change lifecycle to identify touchpoints.

The Info-Tech difference:

1. Start with your change lifecycle to define how change control can align with project management.
2. Make improvements to project-change alignment to benefit the relationship between the two practices and the practices individually.
3. Scope the alignment to your organization. Take on the improvements to the left one by one instead of overhauling your current process.

Use this research to improve your current process

This deck is intended to align established processes. If you are just starting to build IT change processes, see the related research below.

Successful change management will provide benefits to both the business and IT

Respond to business requests faster while reducing the number of change-related disruptions.

IT satisfaction with change management will drive business satisfaction with IT. Once the process is working efficiently, staff will be more motivated to adhere to the process, reducing the number of unauthorized changes. As fewer changes bypass proper evaluation and testing, service disruptions will decrease and business satisfaction will increase.

Change management improves core benefits to the business: the four Cs

Most organizations have at least some form of change control in place, but formalizing change management leads to the four Cs of business benefits:

1. Alignment at intake

Define what is a change and what is a project.

Both changes and projects will end up in change control in the end. Here, we define the intake.

Changes and projects will both go to change control when ready to go live. However, defining the governance needed at intake is critical.

A change should be governed by change control from beginning to end. It would typically be less than a week’s worth of work for a SME to build and come in at a nominal cost (e.g. <$20k over operating costs).

Projects on the other hand, will be governed by project management in terms of scope, scheduling, resourcing, etc. Projects typically take over a week and/or cost more. However, the project, when ready to go live, should still be scheduled through change control to avoid any conflicts at implementation. At triage and intake, a project can be further scoped based on projected scale.

This initial touchpoint between change control and project management is crucial to ensure tasks and request are executed with the proper governance. To distinguish between changes and projects at intake, list examples of each and determine what resourcing separates changes from projects.

Need help scoping projects? Download the Project Intake Classification Matrix

Info-Tech Insight

While effort and cost are good indicators of changes and projects, consider evaluating risk and complexity too.

1 Define what constitutes a change

1. As a group, brainstorm examples of changes and projects. If you wish, you may choose to also separate out additional request types such as service requests (user), operational tasks (backend), and releases.
2. Have each participant write the examples on sticky notes and populate the following chart on the whiteboard/flip chart.
3. Use the examples to draw lines and determine what defines each category.

• What makes a change distinct from a project?
• What makes a change distinct from a service request?
• What makes a change distinct from an operational task?
• When do the category workflows cross over with other categories? (For example, when does a project interact with change management?

Download the Change Management Standard Operating Procedure (SOP).

2. Alignment at build and test

Keep communications open by pre-defining and communicating project milestones.

CAB touchpoints

Consistently communicate the plan and timeline for hitting these milestones so CAB can prioritize and plan changes around it. This will give change control advanced notice of altered timelines.

RFCs

Projects may have multiple associated RFCs. Keeping CAB appraised of the project RFC or RFCs gives them the ability to further plan changes.

Change Calendar

Query and fill the change calendar with project timelines and milestones to compliment the CAB touchpoints.

Leverage the RFC to record and communicate project details

The request for change (RFC) form does not have to be a burden to fill out. If designed with value in mind, it can be leveraged to set standards on all changes (from projects and otherwise).

When looking at the RFC during the Build and Test phase of a project, prioritize the following fields to ensure the implementation will be successful from a technical and user-adoption point of view.

Filling these fields of the RFC and communicating them to the CAB at go-live approval gives the approvers confidence that the project will be implemented successfully and measures are known for when that implementation is not successful.

Download the Request for Change Form Template

Provide clear definitions of what goes on the change calendar and who’s responsible

Inputs

• Freeze periods for individual business departments/applications (e.g. finance month-end periods, HR payroll cycle, etc. – all to be investigated)
• Maintenance windows and planned outage periods
• Project schedules, and upcoming major/medium changes
• Holidays
• Business hours (some departments work 9-5, others work different hours or in different time zones, and user acceptance testing may require business users to be available)

Guidelines

• Business-defined freeze periods are the top priority.
• No major or medium normal changes should occur during the week between Christmas and New Year’s Day.
• Vendor SLA support hours are the preferred time for implementing changes.
• The vacation calendar for IT will be considered for major changes.
• Change priority: High > Medium > Low.
• Minor changes and preapproved changes have the same priority and will be decided on a case-by-case basis.

Roles

• The Change Manager will be responsible for creating and maintaining a change calendar.
• Only the Change Manager can physically alter the calendar by adding a new change after the CAB has agreed upon a deployment date.
• All other CAB members, IT support staff, and other impacted stakeholders should have access to the calendar on a read-only basis to prevent people from making unauthorized changes to deployment dates.

Info-Tech Insight

Make the calendar visible to as many parties as necessary. However, limit the number of personnel who can make active changes to the calendar to limit calendar conflicts.

3. Alignment at approval

How can project management effectively contribute to CAB?

As optional CAB members

Project SMEs may attend when projects are ready to go live and when invited by the change manager. Optional members provide details on change cross-dependencies, high-level testing, rollback, communication plans, etc. to inform prioritization and scheduling decisions.

As project management representatives

Project management should also attend CAB meetings to report in on changes to ongoing projects, implementation timelines, and project milestones. Projects are typically high-priority changes when going live due to their impact. Advanced notice of timeline and milestone changes allow the rest of the CAB to properly manage other changes going into production.

As core CAB members

The core responsibilities of CAB must still be fulfilled:

1. Protect the live environment from poorly assessed, tested, and implemented changes.

2. Prioritize changes in a way that fairly reflects change impact, urgency, and likelihood.

3. Schedule deployments in a way the minimizes conflict and disruption.

If you need to define the authority and responsibilities of the CAB, see Activity 2.1.3 of the Optimize IT Change Management blueprint.

4. Alignment at implementation

At this stage, the project or project phase is treated as any other change.

If you need to define transitioning changes to production, download Transition Projects to the Service Desk

5. Alignment at post-implementation

Tackle the most neglected portion of change management to avoid making the same mistake twice.

1. Define RFC statuses that need a PIR

Conduct PIRs for failed changes. Successful changes can simply be noted and transitioned to operations.

2. Conduct a PIR for every failed change

It’s best to perform a PIR once a change-related incident is resolved.

3. Avoid making the same mistake twice

Include a root-cause analysis, mitigation actions/timeline, and lessons learned in the documentation.

4. Report to CAB

Socialize the findings of the PIR at the subsequent CAB meeting.

5. Circle back on previous PIRs

If a similar change is conducted, append the related PIR to avoid the same mistakes.

Info-Tech Insight

Include your PIR documentation right in the RFC for easy reference.

Download the RFC template for more details on post-implementation reviews

2 Implement your alignments stepwise

1. As a group, decide on which implementations you need to make to align change management and project management.
2. For each improvement, list a timeline for implementation.
3. Update section 3.5 in the Change Management Standard Operating Procedure (SOP). to outline the responsibilities of project management within IT Change Management.

Download the Change Management Standard Operating Procedure (SOP).

Related Info-Tech Research

Implement the Next-Generation IT Operating Model

The operating model for organizations embracing Exponential IT and transforming into technology-first enterprises.

Analyst Perspective

Be the organization that can thrive in an exponential IT world.

Carlene McCubbin Research Practice Lead CIO Organizational Transformation Practice Info-Tech Research Group	Brittany Lutes Research Director, CIO Organization Transformation Practice Info-Tech Research Group

IT leaders are increasingly expected to be responsible for understanding and delivering high-value customer experiences. This evolution depends on the distribution and oversight of IT capabilities that are embedded throughout the organizational structure.

Defining digital strategic objectives, establishing governance frameworks for an autonomous culture, and enabling the organization to act on insightful data are all impossible without a new way of operating that involves the oversight and accountability of advancing IT roles. Through exponential change, functional groups can lose clarity regarding their responsibilities, creating a sense of ambiguity and disorder.

But adopting a new way of working that supports an exponential IT organization does not have to be difficult. Leveraging Info-Tech Research Group's next-generation operating model, you can clearly demonstrate how the organization will collaborate to deliver on the various digital and IT services. This is no longer just an IT operating model, but a technology-first enterprise model.

Included in this blueprint:

Exponential IT Model

Defines how the Exponential IT model operates and delivers value to the organization.
This is done by exploring:

• Exponential IT cultural norms and behaviors
• Opportunities and risks of the Exponential IT model
• A breakdown of the embedded, integrated, and centralized aspects of the model
• Operating model value stream stages
• An assessment on whether the Exponential IT operating model is right for your organization

Changing Role of IT Leader

Defines how chief information officers (CIOs) can operate or elevate their role in this changing operating model.

• Identifies why the C-suite is changing – again
• How IT leaders should consider where they will add value in the new operating model
• Outlines examples of future organization-wide structures and where IT roles are positioned
• Supports IT leaders in developing themselves to operate in this structure

Executive Summary

Your Challenge

IT is challenged to change how it operates to better support evolving organizations. IT must:

• Consider the needs of customers, end users, and organization stakeholders simultaneously.
• Leverage resources strategically to support the various IT and digital services being offered.
• Create a digital services enablement office to design, monitor, and enhance services continuously.

While many organizations have projects that support a digital strategy, few have an operating model that supports this digital services strategy.

Common Obstacles

Organizations struggle to support the definition and ongoing maintenance of services because:

• The organization's Digital and IT services offerings are not clear.
• The functional team accountable to deliver on each IT or Digital service is ambiguous.
• There are insufficient resources to support all the IT and Digital services being offered.
• C-suite leaders required to support the services are missing or in the wrong role to effectively lead.
• Technology has not been standardized to ensure consistency and effectiveness.

Info-Tech's Approach

Embrace the IT operating model that focuses on the enablement and delivery of Digital and IT services by:

• Having technology stakeholders actively collaborate to decide on priorities and deliver on objectives.
• Leveraging data more effectively across the organization to understand and meet user needs.
• Ensuring technology architecture and security standards are well-established and followed by all throughout the organization.
• Allocating dedicated and skilled resources to ensure services can be continuously delivered.

Info-Tech Insight

The first IT operating model where customer engagement with IT and Digital Services is at the forefront.

What is an operating model?

An IT operating model is a visual representation of the way your IT organization will function using a clear and coherent blueprint. This visualization demonstrates how capabilities are organized and aligned to deliver on the business mission and strategic and technological objectives.

The should visualize the optimization and alignment of the IT organization to deliver the capabilities required to achieve business goals. Additionally, it should demonstrate the workflow so key stakeholders can understand where inputs flow in and outputs flow out of the IT organization. Investing time in the front-end to get the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and your model to change as the business changes.

From computerization to digitization to the new frontier in autonomization, IT has progressively matured, enabling it to actively lead this next stage of business transformation.

EXPONENTIAL RISK
Autonomous processes will integrate with human-led processes, creating risks to business continuity, information security, and quality of delivery. Supplier power will exacerbate business risks.

EXPONENTIAL REWARD
The efficiency gains and new value chains created through artificial intelligence (AI), robotics, and additive manufacturing will be very significant. Most of this value will be realized through the augmentation of human labor.

EXPONENTIAL DEMAND
Autonomous solutions for productivity and back-office applications will eventually become commoditized and provided by a handful of large vendors. There will, however, be a proliferation of in-house algorithms and workflows to autonomize the middle and front office, offered by a busy landscape of industry-centric capability vendors.

EXPONENTIAL IT

Exponential IT involves IT leading the cognitive re-engineering of the organization with evolved practices for:

• IT governance
• Asset management
• Vendor management
• Data management
• Business continuity management
• Information security management

To learn more about IT's journey into autonomization, check out Info-Tech Research Group's Adopt an Exponential IT Mindset blueprint.

The IT operating model must evolve to respond to exponential change

• Ensuring customers are not an afterthought to IT leaders. Customers inform how and where IT leaders invest resources to realize organizational objectives.
• Adopting a formalized approach to service definition and delivery to eliminate silos.
• Leveraging data throughout the organization to better inform and enable the various digital services in meeting customer demands.
• Responding to employee demands for development and training opportunities by applying skills in new settings.
• Having cross-collaboration mechanisms built into the ways of operating to reduce silos across the organization.
• Enabling services through a strong set of governance and risk mandates and practices.
• Eliminating the need for IT capabilities to only be within an IT department.

IT can no longer be just a service provider:

78% of IT leaders with established digital strategies and 45% of IT leaders with emerging digital strategies are driven by customer experiences.
Source: Foundry "Digital Business Study,"2023

40% - The number of CIOs that are responsible for creating new products or services to support revenue generation.
Source: Foundry, "The State of the CIO," 2023

This change requires a breakdown of traditional IT-business divisions

CIOs must recognize that separating IT from the business is restrictive

• Many organizations have recently completed or are in the process of completing a digital transformation focused on enhanced employee and customer experiences.
• Post-transformation organizations must change how they operate to continue to deliver on those enhanced experiences, especially for the customer.
• There must no longer be a wall between IT and the business, but a unified organization offering digital services that include IT components. Already, 81% of work is being performed across the functional boundaries created in an organization (Deloitte, 2023).
• Effectively designing, delivering, and maintaining these services depends on a Digital Services functional layer, expanding IT's involvement into how the business delivers worthwhile experiences to customers.
• This Digital Services functional layer will consider whether the new services are better owned by the IT group or another area of the organization.
• CIOs need to be prepared to adopt a new way of operating or be left to manage a smaller subset of IT functions.

"I think we've done the IT industry a disservice by constantly referring to IT and the business, artificially creating this wedge."
– David Vidoni, VP of IT at Pegasystems
Source: Dan Roberts, CIO, 2023

Four trends driving an Exponential IT organization include:

Emerging Technologies

• 67% of respondents to KPMG's 2022 Global Tech Survey indicated they intend to embrace emerging platforms by the end of 2024.(1)
• The technology landscape is constantly shifting with artificial intelligence (AI), quantum computing, 5G cellular networks, and next-generation robotics. Each of these technologies requires new capabilities and a new way in which those capabilities are organized.

Enhanced Customer Experiences

• 24% of CIOs have been tasked by their CEO to increase the customer experience.(3)
• Organizations realize that to gain and retain customers, it has become necessary to consistently evaluate service offerings and identify opportunities for enhancement or new services.

Digital Trust

• 1/3 of CISOs plan to increase their GRC focus during the next year and 36% have already begun to implement Zero Trust components.(2)
• Risk and security capabilities mature focusing on defined enterprise accountability, consideration of ethics and inclusivity and proactive security controls.

Embedded Technology & Skills

• Spending on embedded software is expected to increase to $21.5 billion by 2027.(4)
• The technology strategy no longer resides solely within IT. The organization must take ownership of this strategy while they define their digital strategies. Technology services are also embedded.

(1) "Global Tech Survey," KPMG, 2022
(2) "Global Digital Trust Insights Report," PwC, 2023
(3) "State of IT Report," Foundry, 2023
(4) "Global surge in embedded software demand; here is why," DAC Digital, 2023

Application of the Four Key Trends on your Exponential IT operating model:

Adopting an Exponential IT operating model is typically influenced by resonating with the following drivers:

Section 1: The Next-Generation Operating Model

The Technology Value Trinity

All three elements of the Technology Value Trinity work together to deliver business value and achieve strategic needs. As one changes, the others must change as well.
How do these three elements relate?

• I&T Operating Model aligns resources, processes, measures, stakeholders, value streams, and decision rights to enable the delivery of your strategy and priorities. This is done by strategically structuring IT capabilities in a way that enables the organization's vision and considers the context in which the model will operate.
• Digital and IT Strategy tells you what you must achieve to be successful. For an Exponential IT organization, customer demands and digital service offerings would drive strategic decisions.
• I&T Governance is the confirmation of IT's goals and strategy, which ensures the alignment of IT and business strategy. This is the mechanism by which you continuously prioritize work so that what is delivered aligns with the strategy.

Strategy, operating models, and governance are too often considered separate practices – strategies are defined without clarity on how to support. A significant change to your strategy necessitates a change to your operating model, which in turn necessitates a change to your governance and organizational structure.

The Exponential IT operating model delivers value across seven components

Organizations adopting the Exponential IT Model will experience new norms and behaviors

Customer-Centric
Dedicated to the customer experience and making sure that the end customer is considered first and foremost.

"Yes" Approach
The organization can say yes to emerging technology and customer desires because it has organized itself to be agile in its digital service offerings.

Digital Service Ownership
Digital service offerings are owned and managed across the organization ensuring the continuous delivery of value to customers.

Employee Development
Resources are organized into pods based on specific skills or functions increasing the likelihood of adopting new skills.

Autonomization
Centralized and accessible data provides service owners autonomy when making informed decisions that support enhanced customer experiences.

Exponential IT is an embedded model approach

Info-Tech has identified seven common IT operating model archetypes. Each model represents a different approach to who delivers technology services and how. Each model is designed to drive different outcomes, as the way your organization is structured will dictate the way it behaves. The Exponential IT model is an emerging archetype which capitalizes on embedded delivery.

Centralized	Shifted	Embedded
Owned and operated by leadership within IT. IT takes full responsibility of the functional areas and maintains control over the outcomes.	Can be owned/operated by a variety of leadership roles throughout the organization. This can shift from IT ownership to other organizational leadership. Decisions about ownership are often made to enable quick response or mitigate risks.	Owned/operated by leadership outside of traditional IT. Another area of the organization has taken authoritative power over the outcome of this functional area for a quicker response.

Even as an embedded IT operating model, shifted and centralized IT functions as support

1. Embedded functions required for scaled autonomation
   Definition and oversight of the organization's strategic direction demonstrated through a customer-first culture, data insights, and a well-defined risk appetite.
2. Integrated design and optimization of the digital service offering
   Actively considers the customer experience and designs the appropriate services to be delivered. Considers all aspects in the design and delivery of services by exploring opportunities to integrate components to enhance customer experiences or architecting new service offerings to eliminate gaps.
3. Centralized standards for IT technology, security & resources
   Technology functions continue to deliver exceptional services to the enterprise including clear standards for technology and solution architecture, application of security requirements, and resources to enable various service offerings.

Opportunities and risks of the Exponential IT model

The Exponential IT operating model blends embedded, shifted and centralized delivery to balance agility & risk

The Exponential IT model commands a new placement and significance of IT capabilities

Using capabilities for the operating model

• Capabilities are focused on the entire system that would be in place to satisfy a particular need. This not only includes the people who are able to complete a specific task, but the technology, processes, and resources required to deliver.
• Focusing on capabilities rather than the individuals in organizational redesign enables a more objective and holistic view of what your organization is striving toward.
• Capabilities deliver on specific need(s) and how they are organized changes the way those needs are delivered.

1. Embedded functions required for autonomization

Overview of the function:

• Focuses on a single strategy and roadmap for the organization that actively includes technology.
• Governance, risk, compliance, and general oversight are defined and embedded throughout the organization.
• Ensures that quality data is being generated to help inform the defined digital service offering.
• Readies the organization to adopt emerging technology quickly and with minimal disruption to other digital service offerings.
• A team of technical experts that decides what information should exist for operational efficiency or service innovation.

2. Integrated design and optimization of the digital service offering

Overview of the function:

• Analyzes and responds to insights about the customer experience.
• Maintains the portfolio of the organization's digital service offerings.
• Considers what is necessary to operate efficiently as an organization while simultaneously exploring emerging technology to optimize new or existing digital services.
• Requires the expertise and involvement of both business-minded and technology-skilled resources.
• The differentiating factor from other IT operating models is how it holistically considers all the components throughout the organization and how they are connected.

3. Centralized standards for IT technology, security & resources

Overview of the function:

• Compared with other IT operating model archetypes, the Exponential IT model has fewer capabilities that are centralized within the technology function of an organization.
• Architecture and standards are the foundation of successful embedded delivery, ensuring reuse, improved integration, and a unified experience. This includes technology, risk, data, AI and security architecture, models, and standards.
• Employee resources are also organized in pods to be leveraged based on greatest need and skills availability.
• This lets the organization be more agile when innovating and implementing new digital service offerings.

Exponential IT explores new value stream stages

Customer Perspective		The organization is continually anticipating their wants and needs and establishing mechanisms to vocalize those needs.	Customer receives the right IT and digital services to respond to their needs.	The service is easy to use and continuously responds to wants and needs.	The service is meeting expectations or exceeding them.	There is a dedicated service owner who can hear demands and feedback, then action desirable outcomes.
Value Stream Stages
Organizational Perspective	Expected Outcome	Customers' wants and needs are understood and at times anticipated before the customer requests them.	Assess needs to determine if service is already offered or needs to be created. Design services that will enhance the customer experience.	Look for opportunities to integrate processes and resources to increase the performance of IT and Digital Services.	Ensure that the right employees with the right skills are working to develop or enhance service offering.	The service owner manages the ongoing lifecycle of the service and establishes a roadmap on how value will continue to be delivered.
	Critical Processes	Customer experience Research and innovation Stakeholder management	Research and innovation Service design & portfolio management	Performance management Continuous improvement Integration planning	Service management Resource planning and allocation	Service strategy & roadmap Service governance Service performance management
	Metrics	Customer satisfaction score Service-to-need alignment	Gaps in service portfolio Speed to design services	Service performance Service adoption	Time to resolve customer demand Frequency by which service requires enhancements	Service satisfaction Alignment of service strategy to organization strategy

1.1 Assess if the Exponential IT operating model is right for your organization

1 hour

1. Begin by downloading the Exponential IT Operating Model Assessment.
2. Review the questions within each of the operating model components. For each question, use the drop-down menu to determine your level of agreement.
3. The more your organization agrees with the statements, the more likely your organization is prepared to implement an Exponential IT operating model.
4. The less your organization agrees with the statements, the more likely you should adopt a different IT operating model.
5. For support implementing the Exponential IT or another IT operating model, explore the Visualize Your IT Operating Model blueprint (coming soon).

Input

• Desire to change the organization's IT & Digital operating model

Output

• Desire to implement the IT & Digital Service Enablement operating model

Materials

• Exponential IT Operating Model Assessment

Participants

• Executive IT leadership
• Business leadership

Explore other Info-Tech research to support your organization transformation initiatives

Visualize the IT Operating Model blueprint (coming soon)

Redesign Your IT Organizational Structure

Section 2: Elevating the CIO Role

The next generation of IT C-suite roles are here

As the operating model changes and becomes increasingly embedded into the organization's delivery of IT and Digital Services, new C-suite roles are being defined

• One of the most critical roles being defined in this change is the Chief Digital Services Officer (CDSO) who focuses on all components of the digital experience from the lens of the customer.
• There are two directions from which the CDSO role is typically approached as it gains popularity:
• CIOs evolve beyond just information and technology—focusing on how IT & Digital Services enhance the customer experience
• Business leaders who have technical know-how increase their involvement and responsibility over IT related functions
• IT leaders need to consider where they would rather sit: focused only on technology and remaining a service provider to the organization, or embedding technology into the services, products, and organization in general?

Info-Tech Insight

This is not about making the CIO report to someone else but allowing the CIO to elevate their role into that of a CDSO.

Increasing IT leadership's span of control throughout the organization

As maturity increases so does span of control, ownership & executive influence

Organizations hoping to fully adopt the Exponential IT operating model require a shift in leadership expectations. Notably, these leaders will have oversight and accountability for functions beyond the traditional IT group.

As the organization matures its governance, security, and data management practices, increasing how it delivers high-impact experiences to customers, it would have one leader who owns all the components to ensure clear alignment with goals and business strategy.

Emerging Exponential IT organizations will have distributed authority

• Organizations beginning their transition toward an exponential model often continue to have distributed leaders providing oversight of distinct functional areas.
• Their spans of control are smaller, but very clearly defined, eliminating confusion through a transparent accountability framework.
• Each leader strives toward optimization and efficiency regarding IT capabilities, for which they are responsible.

1. Distributed Leadership
   Embedded functions required for scaled autonomation
   Distributed leaders identify the ways technology will enable them to advance enterprise objectives while maintaining autonomy over their own functions. They may oversee technology.
2. Experience Officer
   Integrated design and optimization of the digital service offering
   An Experience Officer will help consider the insights gained from enterprise data and make informed decisions around enterprise service offerings. They actively explore new ways to deliver high-value experiences.
3. Chief Technology Officer (CTO)
   Centralized standards for IT technology, security & resources
   A CTO will continue to oversee the core technology, including infrastructure and service management functions.

Established organizations will be driven by a digital transformation journey

• Organizations that have begun to deliver on their transformation journey will typically see two distinct C-suite leaders emerge—the CIO and the CDO.
• The Chief Digital Officer (CDO) often explores ways to optimize the integration and management of data to enable insightful decision making from the organization.
• The Chief Information Officer (CIO), however, considers mechanisms to standardize how new technologies can be integrated with the architecture.
• While both leaders have distinct responsibilities, their roles intersect at the customer experience.

Advanced organizations will be managed by a single emerging role

• A single leader will oversee all the functional areas where value is delivered and enabled by IT capabilities.
• Through a large span of control, this leader can holistically consider opportunities to optimize the customer experience and ensure recommendations are actioned to deliver on that enhanced experience.
• This leader's span of control will require a strong understanding of both strategic and operational functions to authoritatively oversee all aspects for which they are responsible.

CDSO – Chief Digital Service Officer

1. Embedded functions required for scaled autonomation
   The CDSO will set, oversee, and manage the delivery of an enterprise's digital strategy, ensuring accountability through good governance and data practices.
2. Integrated design and optimization of the digital service offering
   They ensure that the enterprise holistically considers the various services that could be offered to exceed customer expectations through high-impact experiences.
3. Centralized standards for IT technology, security & resources
   They also ensure stable and secure architecture standards to enable consistency across the organization and a seamless ability to integrate new technology to support service offerings.

Evolution of the IT C-suite now includes the CDSO

Examples of what the emerging organizational structure can look like

This is more than a new title for IT leaders

It's about establishing a business first perspective

• IT leaders exploring this new way of operating are not just adopting the new title of CDSO or CDIO.
• These leaders must change how information, technology, and digital experiences are consumed across the various stakeholders – especially the end customer.
• IT leaders who pursue this new IT operating model choose to be more than order takers for an organization.
• They are:
• Partners in defining the organization's digital service offerings
• Recognizing the benefits of distributing decision-making authority for IT-related aspects to others throughout the organization
• Prioritizing capabilities like portfolio management, architecture, vendor management, relationship management, cloud and user experience

"'For me, the IT portfolio for the next few years and the IT architecture have taken the place that IT strategy used to have,' he adds. This view doesn't position IT outside of the organization, but rather gives it central importance in the company."
– Bernd Rattey, Group CIO and CDO of Deutsche Bahn (DB), qtd. by Jens Dose, CIO, 2023

1.2 Plan your career move to CDSO

1-3 hours

• Create a roadmap on how to move from your current role to CDSO by identifying current strengths and opportunities to improve.
• Download the Career Vision Roadmap Tool from the website. An example of this is on the next slide.
• Document the tagline. This is your overarching career focus and goal – what is your passion? Think beyond titles to what you want to be doing, the atmosphere you want to be in, and what you want to add value to.
• Document the current role: what are the strengths, achievements and opportunities?
• Consider the CDSO role: how will you build stronger relationships and competencies to elevate your profile within the organization? What is an example of what someone would display in this role?
• Define specific roles or stakeholders that you should develop a stronger relationship with.

Download the Career Vision Roadmap Tool

Input

• Desire to implement the IT & Digital Service Enablement Operating Model

Output

• Roadmap to elevate from a CIO to a CDSO

Materials

• Career Vision Roadmap
• IT & Digital Services Enablement operating model archetype
• CDSO job profile

Participants

• CIO (or any other role aspiring to eventually become a CDSO)
• Individual activity

Career Vision Roadmap:
Executive Leader
Akbar K.

Sample

To provide customers with an exceptional experience by ensuring all IT and Digital Services consider and anticipate their needs or wants. Enable IT and Digital Services to be successful through clear leadership, strong collaboration, and continuous improvement or innovation.

CIO

1. Establish technology standards that enable the organization to consistently and securely integrate platforms or solutions.
2. Lead the project team that defined and standardized the organization's reference architecture.
3. Need to work on listening to a variety of stakeholder demands rather than only specific roles/titles.

Transition

• Strengths: Technology acumen, budget planning, allocating resources
• Enhance: Stakeholder relationship management.
• Work with current CDO to define and implement more digital transformation initiatives.

CDSO

• Being responsive to customer expectations and communicating clear and realistic timelines.
• Establish trust among the organization that services will deliver expected value.
• Empowering service owners to manage and oversee the delivery of their services.

Network Opportunities

• Connect with board members and understand each of their key areas of priority.
• Begin to interact with end customers and define ways that will enhance their customer experience.
• Chief Digital Officer

Actions now in line with aspiration

Appendix: Capabilities & Capability Model

IT and digital capabilities

Using capabilities for the operating model:

• Capabilities are focused on the entire system that would be in place to satisfy a particular need. This not only includes people who have skills to complete a specific task, but also the technology, processes, and resources required to deliver.
• Focusing on capabilities rather than the individuals in organizational redesign enables a more objective and holistic view of what your organization is striving toward.
• Capabilities deliver on specific need(s) and how they are organized changes the way those need(s) are delivered.

Research Contributors and Experts

Donna Bales
Principal Research Director
Info-Tech Research Group

Scott Bickley
Practice Lead – Vendor Management Practice
Info-Tech Research Group

Christine Coz
Executive Counselor – Executive Services
Info-Tech Research Group

Valence Howden
Principal Research Director
Info-Tech Research Group

Duraid Ibrahim
Executive Counselor – Executive Services
Info-Tech Research Group

Chris Goodhue
Managing Partner– Executive Services
Info-Tech Research Group

Carlene McCubbin
Practice Lead – CIO Practice
Info-Tech Research Group

Mike Tweedie
Practice Lead – CIO Practice
Info-Tech Research Group

Vicki van Alphen
Executive Counselor – Executive Services
Info-Tech Research Group

*Plus an additional 5 industry experts who anonymously contributed to this research piece.

Related Info-Tech Research

Adopt an Exponential IT Mindset

• To succeed in the coming business transformation, IT will have to adopt different priorities in its mission, governance, capabilities, and partnerships.
• CIOs will have to provide exceptionally mature services while owning business targets.

Become a Transformational CIO

• Business transformations are happening, but CIOs are often involved only when it comes time to implement change. This makes it difficult for the CIO to be perceived as an organizational leader.
• Elevate your stature as a business leader.
• Create a high-powered IT organization that is focused on driving lasting change, improving client experiences, and encouraging collaboration across the entire enterprise.

Define Your Digital Business Strategy

• Design a strategy that applies innovation to your business model, streamline and transform processes, and make use of technologies to enhance interactions with customers and employees.
• Pre-pandemic digital strategies have been primarily focused on automation. However, your post-pandemic digital strategy must focus on driving resilience for growth opportunities.

Bibliography

Bennet, Trevon. "What is a Chief Experience Officer (CXO)? And what do they do?" Indeed, 14 March 2023. https://www.indeed.com/career-advice/finding-a-job/what-is-chief-experience-officer#:~:text=A%20CXO%20plans%20strategies%20and,customer%20acquisition%20and%20retention%20strategies
Bishop, Carrie. "Five years of Digital Services in San Francisco." Medium, 20 January 2022. https://medium.com/san-francisco-digital-services/five-years-of-digital-services-in-san-francisco-805a758c2b83
DAC Digital and Chawla, Yash. "Global surge in embedded software demand; here is why." DAC Digital, 2023 <ttps://dac.digital/global-surge-in-embedded-software-demand-here-is-why/
Deloitte. "If you want your digital transformation to succeed, align your operating model to your strategy." Harvard Business Review, 31 January 2020. https://hbr.org/sponsored/2020/01/if-you-want-your-digital-transformation-to-succeed-align-your-operating-model-to-your-strategy.
Deloitte. "2023 Global Human Capital Trends Report." Deloitte, 2023. https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/human-capital/sea-cons-hc-trends-report-2023.pdf
Dose, Jens. "Deutsche Bahn CIO on track to decentralize IT." CIO, 19 April 2023. https://www.cio.com/article/473071/deutsche-bahn-cio-on-track-to-decentralize-it.html
Ehrlich, Oliver., Fanderl, Harald., Maldara, David., & Mittangunta, Divya. "How the operating model can unlock the power of customer experience." McKinsey, 28 June 2022. https://www.mckinsey.com/capabilities/growth-marketing-and-sales/our-insights/how-the-operating-model-can-unlock-the-full-power-of-customer-experience
FCW. "Digital Government Summit Agenda." FCW. 2021. https://events-archive.fcw.com/events/2021/digital-government-summit/index.html
Foundry. "State of the CIO." IDG, 25 January 2023. https://foundryco.com/tools-for-marketers/research-state-of-the-cio/
Foundry. "Digital Business Study 2023: IT Leaders are future-proofing their business with digital strategies." IDG, 2023. https://foundryco.com/tools-for-marketers/research-digital-business/
Indeed Editorial Team. "Centralized vs. Decentralized Structures: 7 Key Differences." Indeed, 10 March 2023. https://www.indeed.com/career-advice/career-development/centralized-vs-decentralized
Indeed Editorial Team. "What is process integration?." Indeed, 14 November 2022. https://ca.indeed.com/career-advice/career-development/process-integration#:~:text=Process%20integration%2C%20or%20business%20process,it%20reach%20its%20primary%20objectives
KPMG International. "Global Tech Report." KPMG, 2022.
McHugh, Brian. "Service orchestration is reshaping IT—Here's what to know." Active Batch, 8 November 2022. https://www.advsyscon.com/blog/service-orchestration-what-is/
Morris, Chris. "IDC FutureScape: Worldwide CIO Agenda 2023 Predictions."" IDC, January, 2023. https://www.idc.com/getdoc.jsp?containerId=AP49998523
PwC. "Global Digital Trust Insights Report." PwC, 2023
Roberts, Dan. "5 CIOs on building a service-oriented IT culture." CIO, 13 April 2023. https://www.cio.com/article/472805/5-cios-on-building-a-service-oriented-it-culture.html
Singh, Yashvendra. "CIOs must evolve to stave off existential threat to their role." CIO, 30 March 2023. https://www.cio.com/article/465612/cios-must-evolve-to-stave-off-existential-threat-to-their-role.html
Spacey, John. "16 Examples of IT Services." Simplicable, 28 January 2018. https://simplicable.com/IT/it-services

Optimize IT Change Management

Right-size IT change management practice to protect the live environment.

EXECUTIVE BRIEF

Analyst Perspective

Balance risk and efficiency to optimize IT change management.

Change management (change enablement, change control) is a balance of efficiency and risk. That is, pushing changes out in a timely manner while minimizing the risk of deployment. On the one hand, organizations can attempt to avoid all risk and drown the process in rubber stamps, red tape, and bureaucracy. On the other hand, organizations can ignore process and push out changes as quickly as possible, which will likely lead to change related incidents and debilitating outages.

Right-sizing the process does not mean adopting every recommendation from best-practice frameworks. It means balancing the efficiency of change request fulfillment with minimizing risk to your organization. Furthermore, creating a process that encourages adherence is key to avoid change implementers from skirting your process altogether.

Benedict Chang, Research Analyst, Infrastructure and Operations, Info-Tech Research Group

Executive Summary

Your Challenge

Infrastructure and application change occurs constantly and is driven by changing business needs, requests for new functionality, operational releases and patches, and resolution of incidents or problems detected by the service desk.

IT managers need to follow a standard change management process to ensure that rogue changes are never deployed while the organization remains responsive to demand.

Common Obstacles

IT system owners often resist change management because they see it as slow and bureaucratic.

At the same time, an increasingly interlinked technical environment may cause issues to appear in unexpected places. Configuration management systems are often not kept up-to-date and do not catch the potential linkages.

Infrastructure changes are often seen as “different” from application changes and two (or more) processes may exist.

Info-Tech’s Approach

Info-Tech’s approach will help you:

• Create a unified change management practice that balances risk and throughput of innovation.
• Categorize changes based on an industry-standard risk model with objective measures of impact and likelihood.
• Establish and empower a Change Manager and Change Advisory Board (CAB) with the authority to manage, approve, and prioritize changes.

Balance Risk and Efficiency to Optimize IT Change Management

Two goals of change management are to protect the live environment and deploying changes in a timely manner. These two may seem to sometimes be at odds against each other, but assessing risk at multiple points of a change’s lifecycle can help you achieve both.

Your challenge

This research is designed to help organizations who need to:

• Build a right-sized change management practice that encourages adherence and balances efficiency and risk.
• Integrate the change management practice with project management, service desk processes, configuration management, and other areas of IT and the business.
• Communicate the benefits and impact of change management to all the stakeholders affected by the process.

Change management is heavily reliant on organizational culture

Having a right-sized process is not enough. You need to build and communicate the process to gather adherence. The process is useless if stakeholders are not aware of it or do not follow it.

Increase the Effectiveness of Change Management in Your Organization

Of the eight infrastructure & operations processes measured in Info-Tech’s IT Management and Governance Diagnostic (MGD) program, change management has the second largest gap between importance and effectiveness of these processes.

Source: Info-Tech 2020; n=5,108 IT professionals from 620 organizations

Common obstacles

These barriers make this challenge difficult to address for many organizations:

• Gaining buy-in can be a challenge no matter how well the process is built.
• The complexity of the IT environment and culture of tacit knowledge for configuration makes it difficult to assess cross-dependencies of changes.
• Each silo or department may have their own change management workflows that they follow internally. This can make it difficult to create a unified process that works well for everyone.

“Why should I fill out an RFC when it only takes five minutes to push through my change?”

“We’ve been doing this for years. Why do we need more bureaucracy?”

“We don’t need change management if we’re Agile.”

“We don’t have the right tools to even start change management.”

“Why do I have to attend a CAB meeting when I don’t care what other departments are doing?”

Info-Tech’s approach

Build change management by implementing assessments and stage gates around appropriate levels of the change lifecycle.

The Info-Tech difference:

1. Create a unified change management process that balances risk and throughput of innovation.
2. Categorize changes based on an industry-standard risk model with objective measures of impact and likelihood.
3. Establish and empower a Change Manager and Change Advisory Board (CAB) with the authority to manage, approve, and prioritize changes.

IT change is constant and is driven by:

Change Management:

1. Operations - Operational releases, maintenance, vendor-driven updates, and security updates can all be key drivers of change. Example: ITSM version update
   • Major Release
   • Maintenance Release
   • Security Patch
2. Business - Business-driven changes may include requests from other business departments that require IT’s support. Examples: New ERP or HRIS implementation
   • New Application
   • New Version
3. Service desk → Incident & Problem - Some incident and problem tickets require a change to facilitate resolution of the incident. Examples: Outage necessitating update of an app (emergency change), a user request for new functionality to be added to an existing app
   • Workaround
   • Fix
4. Configuration Management Database (CMDB) ↔ Asset Management - In addition to software and hardware asset dependencies, a configuration management database (CMDB) is used to keep a record of changes and is queried to assess change requests.
   • Hardware
   • Software

Insight summary

“The scope of change management is defined by each organization…the purpose of change management is to maximize the number of successful service and product changes by ensuring that the risk have been properly assessed, authorizing changes to process, and managing the change schedule.” – ALEXOS Limited, ITIL 4

Build a unified change management process balancing risk and change throughput.

Building a unified process that oversees all changes to the technical environment doesn’t have to be burdensome to be effective. However, the process is a necessary starting point to identifying cross dependencies and avoiding change collisions and change-related incidents.

Use an objective framework for estimating risk

Simply asking, “What is the risk?” will result in subjective responses that will likely minimize the perceived risk. The level of due diligence should align to the criticality of the systems or departments potentially impacted by the proposed changes.

Integrate your change process with your IT service management system

Change management in isolation will provide some stability, but maturing the process through service integrations will enable data-driven decisions, decrease bureaucracy, and enable faster and more stable throughput.

Change management and DevOps can work together effectively

Change and DevOps tend to be at odds, but the framework does not have to change. Lower risk changes in DevOps are prime candidates for the pre-approved category. Much of the responsibility traditionally assigned to the CAB can be diffused throughout the software development lifecycle.

Change management and DevOps can coexist

Shift the responsibility and rigor to earlier in the process.

• If you are implementing change management in a DevOps environment, ensure you have a strong DevOps lifecycle. You may wish to refer to Info-Tech’s research Implementing DevOps Practices That Work.
• Consider starting in this blueprint by visiting Appendix II to frame your approach to change management. Follow the blueprint while paying attention to the DevOps Callouts.

DEVOPS CALLOUTS

Look for these DevOps callouts throughout this storyboard to guide you along the implementation.

Successful change management will provide benefits to both the business and IT

Respond to business requests faster while reducing the number of change-related disruptions.

IT Benefits

• Fewer change-related incidents and outages
• Faster change turnaround time
• Higher rate of change success
• Less change rework
• Fewer service desk calls related to poorly communicated changes

Business Benefits

• Fewer service disruptions
• Faster response to requests for new and enhanced functionalities
• Higher rate of benefits realization when changes are implemented
• Lower cost per change
• Fewer “surprise” changes disrupting productivity

IT satisfaction with change management will drive business satisfaction with IT. Once the process is working efficiently, staff will be more motivated to adhere to the process, reducing the number of unauthorized changes. As fewer changes bypass proper evaluation and testing, service disruptions will decrease and business satisfaction will increase.

Change management improves core benefits to the business: the four Cs

Most organizations have at least some form of change control in place, but formalizing change management leads to the four Cs of business benefits:

Control

Change management brings daily control over the IT environment, allowing you to review every relatively new change, eliminate changes that would have likely failed, and review all changes to improve the IT environment.

Collaboration

Change management planning brings increased communication and collaboration across groups by coordinating changes with business activities. The CAB brings a more formalized and centralized communication method for IT.

Consistency

Request for change templates and a structured process result in implementation, test, and backout plans being more consistent. Implementing processes for pre-approved changes also ensures these frequent changes are executed consistently and efficiently.

Confidence

Change management processes will give your organization more confidence through more accurate planning, improved execution of changes, less failure, and more control over the IT environment. This also leads to greater protection against audits.

You likely need to improve change management more than any other infrastructure & operations process

Source: Info-Tech 2020; n=5,108 IT Professionals from 620 organizations

Of the eight infrastructure and operations processes measured in Info-Tech’s IT Management and Governance Diagnostic (MGD) program, change management consistently has the second largest gap between importance and effectiveness of these processes.

Executives and directors recognize the importance of change management but feel theirs is currently ineffective

Info-Tech’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified change management as an area for immediate improvement.

Source: Info-Tech 2020; n=5,108 IT Professionals from 620 organizations

Importance Scores

No importance: 1.0-6.9

Limited importance: 7.0-7.9

Significant importance: 8.0-8.9

Critical importance: 9.0-10.0

Effectiveness Scores

Not in place: n/a

Not effective: 0.0-4.9

Somewhat Ineffective: 5.0-5.9

Somewhat effective: 6.0-6.9

Very effective: 7.0-10.0

There are several common misconceptions about change management

Which of these have you heard in your organization?

Overcome perceived challenges to implementing change management to reap measurable reward

Before: Informal Change Management

Change Approval:

• Changes do not pass through a formal review process before implementation.
• 10% of released changes are approved.
• Implementation challenge: Staff will resist having to submit formal change requests and assessments, frustrated at the prospect of having to wait longer to have changes approved.

Change Prioritization

• Changes are not prioritized according to urgency, risk, and impact.
• 60% of changes are urgent.
• Implementation challenge: Influential stakeholders accustomed to having changes approved and deployed might resist having to submit changes to a standard cost-benefit analysis.

Change Deployment

• Changes often negatively impact user productivity.
• 25% of changes are realized as planned.
• Implementation challenge: Engaging the business so that formal change freeze periods and regular maintenance windows can be established.

After: Right-Sized Change Management

Change Approval

• All changes pass through a formal review process. Once a change is repeatable and well-tested, it can be pre-approved to save time. Almost no unauthorized changes are deployed.
• 95% of changes are approved.
• KPI: Decrease in change-related incidents

Change Prioritization

• The CAB prioritizes changes so that the business is satisfied with the speed of change deployment.
• 35% of changes are urgent.
• KPI: Decrease in change turnaround time.

Change deployment

• Users are always aware of impending changes and changes don’t interrupt critical business activities.
• Over 80% of changes are realized as planned
• KPI: Decrease in the number of failed deployments.

Info-Tech’s methodology for change management optimization focuses on building standardized processes

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Change Management Process Library

Document your normal, pre-approved, and emergency change lifecycles with the core process workflows .

Change Management Risk Assessment Tool

Test Drive your impact and likelihood assessment questionnaires with the Change Management Risk Assessment Tool.

Project Summary Template

Summarize your efforts in the Optimize IT Change Management Improvement Initiative: Project Summary Template.

Change Management Roadmap Tool

Record your action items and roadmap your steps to a mature change management process.

Key Deliverable:

Change Management SOP

Document and formalize your process starting with the change management standard operating procedure (SOP).

These case studies illustrate the value of various phases of this project

Define Change Management

Establish Roles and Workflows

Define RFC and Post-Implementation Activities

Measure, Manage, and Maintain

A major technology company implemented change management to improve productivity by 40%. This case study illustrates the full scope of the project.

A large technology firm experienced a critical outage due to poor change management practices. This case study illustrates the scope of change management definition and strategy.

Ignorance of change management process led to a technology giant experiencing a critical cloud outage. This case study illustrates the scope of the process phase.

A manufacturing company created a makeshift CMDB in the absence of a CMDB to implement change management. This case study illustrates the scope of change intake.

A financial institution tracked and recorded metrics to aid in the success of their change management program. This case study illustrates the scope of the implementation phase.

Working through this project with Info-Tech can save you time and money

Engaging in a Guided Implementation doesn’t just offer valuable project advice, it also results in significant cost savings.

Case Study

Industry: Technology

Source: Daniel Grove, Intel

Intel implemented a robust change management program and experienced a 40% improvement in change efficiency.

Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.

ITIL Change Management Implementation

With close to 4,000 changes occurring each week, managing Intel’s environment is a formidable task. Before implementing change management within the organization, over 35% of all unscheduled downtime was due to errors resulting from change and release management. Processes were ad hoc or scattered across the organization and no standards were in place.

Results

After a robust implementation of change management, Intel experienced a number of improvements including automated approvals, the implementation of a formal change calendar, and an automated RFC form. As a result, Intel improved change productivity by 40% within the first year of the program’s implementation.

Define Change Management

↓

Establish Roles and Workflows

↓

Define RFC and Post-Implementation Activities

↓

Measure, Manage, and Maintain

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation

"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

Workshop

"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

Consulting

"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks are used throughout all four options.

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

Define Change Management

• Call #1: Introduce change concepts.
• Call #2: Assess current maturity.
• Call #3: Identify target-state capabilities.

Establish Roles and Workflows

• Call #4: Review roles and responsibilities.
• Call #5: Review core change processes.

Define RFC and Post- Implementation Activities

• Call #6: Define change intake process.
• Call #7: Create pre-implementation and post-implementation checklists.

Measure, Manage, and Maintain

• Call #8: Review metrics.
• Call #9: Create roadmap.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Phase 1

Define Change Management

Define Change Management

1.1 Assess Maturity

1.2 Categorize Changes and Build Your Risk Assessment

Establish Roles and Workflows

2.1 Determine Roles and Responsibilities

2.2 Build Core Workflows

Define the RFC and Post-Implementation Activities

3.1 Design the RFC

3.2 Establish Post-Implementation Activities

Measure, Manage, and Maintain

4.1 Identify Metrics and Build the Change Calendar

4.2 Implement the Project

This phase will guide you through the following steps:

• Assess Maturity
• Categorize Changes and Build Your Risk Assessment

This phase involves the following participants:

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

Step 1.1

Assess Maturity

Activities

1.1.1 Outline the Organization’s Strengths and Challenges

1.1.2 Complete a Maturity Assessment

This step involves the following participants:

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

Outcomes of this step

• An understanding of maturity change management processes and frameworks
• Identification of existing change management challenges and potential causes
• A framework for assessing change management maturity and an assessment of your existing change management processes

Define Change Management

Step 1.1: Assess Maturity → Step 1.2: Categorize Changes and Build Your Risk Assessment

Change management is often confused with release management, but they are distinct processes

Change

• Change management looks at software changes as well as hardware, database, integration, and network changes, with the focus on stability of the entire IT ecosystem for business continuity.
• Change management provides a holistic view of the IT environment, including dependencies, to ensure nothing is negatively affected by changes.
• Change documentation is more focused on process, ensuring dependencies are mapped, rollout plans exist, and the business is not at risk.

Release

• Release and deployment are the detailed plans that bundle patches, upgrades, and new features into deployment packages, with the intent to change them flawlessly into a production environment.
• Release management is one of many actions performed under change management’s governance.
• Release documentation includes technical specifications such as change schedule, package details, change checklist, configuration details, test plan, and rollout and rollback plans.

Info-Tech Insight

Ensure the Release Manager is present as part of your CAB. They can explain any change content or dependencies, communicate business approval, and advise the service desk of any defects.

Integrate change management with other IT processes

As seen in the context diagram, change management interacts closely with many other IT processes including release management and configuration management (seen below). Ensure you delineate when these interactions occur (e.g. RFC updates and CMDB queries) and which process owns each task.

Avoid the challenges of poor change management

1. Deployments
   • Too frequent: The need for frequent deployments results in reduced availability of critical business applications.
   • Failed deployments or rework is required: Deployments are not successful and have to be backed out of and then reworked to resolve issues with the installation.
   • High manual effort: A lack of automation results in high resource costs for deployments. Human error is likely, which adds to the risk of a failed deployment.
2. Incidents
   • Too many unauthorized changes: If the process is perceived as cumbersome and ineffective, people will bypass it or abuse the emergency designation to get their changes deployed faster.
   • Changes cause incidents: When new releases are deployed, they create problems with related systems or applications.
3. End Users
   • Low user satisfaction: Poor communication and training result in surprised and unhappy users and support staff.

“With no controls in place, IT gets the blame for embarrassing outages. Too much control, and IT is seen as a roadblock to innovation.” – Anonymous, VP IT of a federal credit union

1.1.1 Outline the Organization’s Strengths and Challenges

Input

• Current change documentation (workflows, SOP, change policy, etc.)
• Organizational chart(s)

Output

• List of strengths and challenges for change management

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Markers/pens
• Project Summary Template

Participants

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

1. As group, discuss and outline the change management challenges facing the organization. These may be challenges caused by poor change management processes or by a lack of process.
2. Use the pain points found on the previous slide to help guide the discussion.
3. As a group, also outline the strengths of change management and the strengths of the current organization. Use these strengths as a guide to know what practices to continue and what strengths you can leverage to improve the change management process.
4. Record the activity results in the Project Summary Template.

Download the Optimize IT Change Management Improvement Initiative: Project Summary Template

Assess current change management maturity to create a plan for improvement

Info-Tech Insight

Reaching an optimized level is not feasible for every organization. You may be able to run a very good change management process at the Proactive or even Controlled stage. Pay special attention to keeping your goals attainable.

1.1.2 Complete a Maturity Assessment

Input

• Current change documentation (workflows, SOP, change policy, etc.)

Output

• Assessment of current maturity level and goals to improve change management

Materials

• Change Management Maturity Assessment Tool

Participants

• Change Manager
• Service Desk Manager
• Operations (optional)

1. Use Info-Tech’s Change Management Maturity Assessment Tool to assess the maturity and completeness of your change process.
2. Significant gaps revealed in this assessment should be the focal points of your discussion when investigating root causes and brainstorming remediation activities:
   1. For each activity of each process area of change management, determine the degree of completeness of your current process.
   2. Review your maturity assessment results and discuss as a group potential reasons why you arrived at your maturity level. Identify areas where you should focus your initial attention for improvement.
   3. Regularly review the maturity of your change management practices by completing this maturity assessment tool periodically to identify other areas to optimize.

Download the Change Management Maturity Assessment Tool

Case Study

Even Google isn’t immune to change-related outages. Plan ahead and communicate to help avoid change-related incidents

Industry: Technology

Source: The Register

As part of a routine maintenance procedure, Google engineers moved App Engine applications between data centers in the Central US to balance out traffic.

Unfortunately, at the same time that applications were being rerouted, a software update was in progress on the traffic routers, which triggered a restart. This temporarily diminished router capacity, knocking out a sizeable portion of Google Cloud.

The server drain resulted in a huge spike in startup requests, and the routers simply couldn’t handle the traffic.

As a result, 21% of Google App Engine applications hosted in the Central US experienced error rates in excess of 10%, while an additional 16% of applications experienced latency, albeit at a lower rate.

Solution

Thankfully, engineers were actively monitoring the implementation of the change and were able to spring into action to halt the problem.

The change was rolled back after 11 minutes, but the configuration error still needed to be fixed. After about two hours, the change failure was resolved and the Google Cloud was fully functional.

One takeaway for the engineering team was to closely monitor how changes are scheduled. Ultimately, this was the result of miscommunication and a lack of transparency between change teams.

Step 1.2

Categorize Changes and Build Your Risk Assessment

Activities

1.2.1 Define What Constitutes a Change

1.2.2 Build a Change Categorization Scheme

1.2.3 Build a Classification Scheme to Assess Impact

1.2.4 Build a Classification Scheme to Define Likelihood

1.2.5 Evaluate and Adjust Your Risk Assessment Scheme

Define Change Management

Step 1.1: Assess Maturity → Step 1.2: Categorize Changes and Build Your Risk Assessment

This step involves the following participants:

• Infrastructure/Applications Manager
• Change Manager
• Members of the Change Advisory Board

Outcomes of this step

• A clear definition of what constitutes a change in your organization
• A defined categorization scheme to classify types of changes
• A risk assessment matrix and tool for evaluating and prioritizing change requests according to impact and likelihood of risk

Change must be managed to mitigate risk to the infrastructure

Change management is the gatekeeper protecting your live environment.

Successfully managed changes will optimize risk exposure, severity of impact, and disruption. This will result in the bottom-line business benefits of removal of risk, early realization of benefits, and savings of money and time.

• IT change is constant; change requests will be made both proactively and reactively to upgrade systems, acquire new functionality, and to prevent or resolve incidents.
• Every change to the infrastructure must pass through the change management process before being deployed to ensure that it has been properly assessed and tested, and to check that a backout /rollback plan is in place.
• It will be less expensive to invest in a rigorous change management process than to resolve incidents, service disruptions, and outages caused by the deployment of a bad change.
• Change management is what gives you control and visibility regarding what is introduced to the live environment, preventing incidents that threaten business continuity.

80%

In organizations without formal change management processes, about 80% (The Visible Ops Handbook) of IT service outage problems are caused by updates and changes to systems, applications, and infrastructure. It’s crucial to track and systematically manage change to fully understand and predict the risks and potential impact of the change.

Attributes of a change

Differentiate changes from other IT requests

Is this in the production environment of a business process?

The core business of the enterprise or supporting functions may be affected.

Does the task affect an enterprise managed system?

If it’s for a local application, it’s a service request

How many users are impacted?

It should usually impact more than a single user (in most cases).

Is there a configuration, or code, or workflow, or UI/UX change?

Any impact on a business process is a change; adding a user or a recipient to a report or mailing list is not a change.

Does the underlying service currently exist?

If it’s a new service, then it’s better described as a project.

Is this done/requested by IT?

It needs to be within the scope of IT for the change management process to apply.

Will this take longer than one week?

As a general rule, if it takes longer than 40 hours of work to complete, it’s likely a project.

Defining what constitutes a change

Every change request will initiate the change management process; don’t waste time reviewing requests that are out of scope.

Do not treat every IT request as a change!

• Many organizations make the mistake of calling a standard service request or operational task a “change.”
• Every change request will initiate the change management process; don’t waste time reviewing requests that are out of scope.
• While the overuse of RFCs for out-of-scope requests is better than a lack of process, this will slow the process and delay the approval of more critical changes.
• Requiring an RFC for something that should be considered day-to-day work will also discourage people from adhering to the process, because the RFC will be seen as meaningless paperwork.

1.2.1 Define What Constitutes a Change

Input

• List of examples of each category of the chart

Output

• Definitions for each category to be used at change intake

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Service catalog (if applicable)
• Sticky notes
• Markers/pens
• Change Management SOP

Participants

• Infrastructure Manager
• Change Manager
• Members of the Change Advisory Board

1. As a group, brainstorm examples of changes, projects, service requests (user), operational tasks (backend), and releases. You may add additional categories as needed (e.g. incidents).
2. Have each participant write the examples on sticky notes and populate the following chart on the whiteboard/flip chart.
3. Use the examples to draw lines and define what defines each category.
   • What makes a change distinct from a project?
   • What makes a change distinct from a service request?
   • What makes a change distinct from an operational task?
   • When do the category workflows cross over with other categories? (For example, when does a project interact with change management?)
4. Record the definitions of requests and results in section 2.3 of the Change Management Standard Operating Procedure (SOP).

Download the Change Management Standard Operating Procedure (SOP).

Each RFC should define resources needed to effect the change

In addition to assigning a category to each RFC based on risk assessment, each RFC should also be assigned a priority based on the impact of the change on the IT organization, in terms of the resources needed to effect the change.

Categories include

Normal

Emergency

Pre-Approved

The majority of changes will be pre-approved or normal changes. Definitions of each category are provided on the next slide.

Info-Tech uses the term pre-approved rather than the ITIL terminology of standard to more accurately define the type of change represented by this category.

A potential fourth change category of expedited may be employed if you are having issues with process adherence or if you experience changes driven from outside change management’s control (e.g. from the CIO, director, judiciary, etc.) See Appendix I for more details.

Info-Tech Best Practice

Do not rush to designate changes as pre-approved. You may have a good idea of which changes may be considered pre-approved, but make sure they are in fact low-risk and well-documented before moving them over from the normal category.

The category of the change determines the process it follows

Pay close attention to defining your pre-approved changes. They are going to be critical for running a smooth change management practice in a DevOps Environment

1.2.2 Build a Change Categorization Scheme

Input

• List of examples of each change category

Output

• Definitions for each change category

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Service catalog (if applicable)
• Sticky notes
• Markers
• Change Management SOP

Participants

• Infrastructure Manager
• Change Manager
• Members of the Change Advisory Board

1. Discuss the change categories on the previous slide and modify the types of descriptions to suit your organization.
2. Once the change categories or types are defined, identify several examples of change requests that would fall under each category.
3. Types of normal changes will be further defined in the next activity and can be left blank for now.
4. Examples are provided below. Capture your definitions in section 4 of your Change Management SOP.

Assess the risk for each normal change based on impact (severity) and likelihood (probability)

Create a change assessment risk matrix to standardize risk assessment for new changes. Formalizing this assessment should be one of the first priorities of change management.

The following slides guide you through the steps of formalizing a risk assessment according to impact and likelihood:

1. Define a risk matrix: Risk matrices can either be a 3x3 matrix (Minor, Medium, or High Risk as shown on the next slide) or a 4x4 matrix (Minor, Medium, High, or Critical Risk).
2. Build an impact assessment: Enable consistent measurement of impact for each change by incorporating a standardized questionnaire for each RFC.
3. Build a likelihood assessment: Enable the consistent measurement of impact for each change by incorporating a standardized questionnaire for each RFC.
4. Test drive your risk assessment and make necessary adjustments: Measure your newly formed risk assessment questionnaires against historical changes to test its accuracy.

Consider risk

1. Risk should be the primary consideration in classifying a normal change as Low, Medium, High. The extent of governance required, as well as minimum timeline to implement the change, will follow from the risk assessment.
2. The business benefit often matches the impact level of the risk – a change that will provide a significant benefit to a large number of users may likely carry an equally major downside if deviations occur.

Info-Tech Insight

All changes entail an additional level of risk. Risk is a function of impact and likelihood. Risk may be reduced, accepted, or neutralized through following best practices around training, testing, backout planning, redundancy, timing and sequencing of changes, etc.

Create a risk matrix to assign a risk rating to each RFC

Every normal RFC should be assigned a risk rating.

How is risk rating determined?

• Priority should be based on the business consequences of implementing or denying the change.
• Risk rating is assigned using the impact of the risk and likelihood/probability that the event may occur.

Who determines priority?

• Priority should be decided with the change requester and with the CAB, if necessary.
• Don’t let the change requester decide priority alone, as they will usually assign it a higher priority than is justified. Use a repeatable, standardized framework to assess each request.

How is risk rating used?

• Risk rating is used to determine which changes should be discussed and assessed first.
• Time frames and escalation processes should be defined for each risk level.

RFCs need to clearly identify the risk level of the proposed change. This can be done through statement of impact and likelihood (low/medium/high) or through pertinent questions linked with business rules to assess the risk.

Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

Risk Matrix

1.2.3 Build a Classification Scheme to Assess Impact

Input

• Current risk assessment (if available)

Output

• Tailored impact assessment

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Markers/pens
• Change Management SOP

Participants

• CIO
• Infrastructure Manager
• Change Manager
• Members of the Change Advisory Board

1. Define a set of questions to measure risk impact.
2. For each question, assign a weight that should be placed on that factor.
3. Define criteria for each question that would categorize the risk as high, medium, or low.
4. Capture your results in section 4.3.1 of your Change Management SOP.

1.2.4 Build a Classification Scheme to Define Likelihood

Input

• Current risk assessment (if available)

Output

• Tailored likelihood assessment

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Markers/pens
• Change Management SOP

Participants

• CIO
• Infrastructure Manager
• Change Manager
• Members of the Change Advisory Board

1. Define a set of questions to measure risk likelihood.
2. For each question, assign a weight that should be placed on that factor.
3. Define criteria for each question that would categorize the risk as high, medium, or low.
4. Capture your results in section 4.3.2 of your Change Management SOP.

1.2.5 Evaluate and Adjust Your Risk Assessment Scheme

Input

• Impact and likelihood assessments from previous two activities

Output

• Vetted risk assessment

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Markers/pens
• Change Management Risk Assessment Tool

Participants

• CIO
• Infrastructure Manager
• Change Manager
• Members of the Change Advisory Board

1. Draw your risk matrix on a whiteboard or flip chart.
2. As a group, identify up to 10 examples of requests for changes that would apply within your organization. Depending on the number of people participating, each person could identify one or two changes and write them on sticky notes.
3. Take turns bringing your sticky notes up to the risk matrix and placing each where it belongs, according to the assessment criteria you defined.
4. After each participant has taken a turn, discuss each change as a group and adjust the placement of any changes, if needed. Update the risk assessment weightings or questions, if needed.

Download the Change Management Rick Assessment Tool.

Case Study

A CMDB is not a prerequisite of change management. Don’t let the absence of a configuration management database (CMDB) prevent you from implementing change management.

Industry: Manufacturing

Source: Anonymous Info-Tech member

Challenge

The company was planning to implement a CMDB; however, full implementation was still one year away and subject to budget constraints.

Without a CMDB, it would be difficult to understand the interdependencies between systems and therefore be able to provide notifications to potentially affected user groups prior to implementing technical changes.

This could have derailed the change management project.

Solution

An Excel template was set up as a stopgap measure until the full implementation of the CMDB. The template included all identified dependencies between systems, along with a “dependency tier” for each IT service.

Tier 1: The dependent system would not operate if the upstream system change resulted in an outage.

Tier 2: The dependent system would suffer severe degradation of performance and/or features.

Tier 3: The dependent system would see minor performance degradation or minor feature unavailability.

Results

As a stopgap measure, the solution worked well. When changes ran the risk of degrading downstream dependent systems, the impacted business system owner’s authorization was sought and end users were informed in advance.

The primary takeaway was that a system to manage configuration linkages and system dependencies was key.

While a CMDB is ideal for this use case, IT organizations shouldn’t let the lack of such a system stop progress on change management.

Case Study (part 1 of 4)

Intel used a maturity assessment to kick-start its new change management program.

Industry: Technology

Source: Daniel Grove, Intel

Challenge

Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.

Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.

Intel’s change management program is responsible for over 4,000 changes each week.

Solution

Due to the sheer volume of change management activities present at Intel, over 35% of unscheduled outages were the result of changes.

Ineffective change management was identified as the top contributor of incidents with unscheduled downtime.

One of the major issues highlighted was a lack of process ownership. The change management process at Intel was very fragmented, and that needed to change.

Results

Daniel Grove, Senior Release & Change Manager at Intel, identified that clarifying tasks for the Change Manager and the CAB would improve process efficiency by reducing decision lag time. Roles and responsibilities were reworked and clarified.

Intel conducted a maturity assessment of the overall change management process to identify key areas for improvement.

Phase 2

Establish Roles and Workflows

For running change management in DevOps environment, see Appendix II.

Define Change Management

1.1 Assess Maturity

1.2 Categorize Changes and Build Your Risk Assessment

Establish Roles and Workflows

2.1 Determine Roles and Responsibilities

2.2 Build Core Workflows

Define RFC and Post-Implementation Activities

3.1 Design the RFC

3.2 Establish Post-Implementation Activities

Measure, Manage, and Maintain

4.1 Identify Metrics and Build the Change Calendar

4.2 Implement the Project

This phase will guide you through the following steps:

• Determine Roles and Responsibilities
• Build Core Workflows

This phase involves the following participants:

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

Step 2.1

Determine Roles and Responsibilities

Activities

2.1.1 Capture Roles and Responsibilities Using a RACI Chart

2.1.2 Determine Your Change Manager’s Responsibilities

2.1.3 Define the Authority and Responsibilities of Your CAB

2.1.4 Determine an E-CAB Protocol for Your Organization

Establish Roles and Workflows

Step 2.1: Determine Roles and Responsibilities → Step 2.2: Build Core Workflows

This step involves the following participants:

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

Outcomes of this step

• Clearly defined responsibilities to form the job description for a Change Manager
• Clearly defined roles and responsibilities for the change management team, including the business system owner, technical SME, and CAB members
• Defined responsibilities and authority of the CAB
• Protocol for an emergency CAB (E-CAB) meeting

Identify roles and responsibilities for your change management team

Business System Owner

• Provides downtime window(s)
• Advises on need for change (prior to creation of RFC)
• Validates change (through UAT or other validation as necessary)
• Provides approval for expedited changes (needs to be at executive level)

Technical Subject Matter Expert (SME)

• Advises on proposed changes prior to RFC submission
• Reviews draft RFC for technical soundness
• Assesses backout/rollback plan
• Checks if knowledgebase has been consulted for prior lessons learned
• Participates in the PIR, if necessary
• Ensures that the service desk is trained on the change

CAB

• Approves/rejects RFCs for normal changes
• Reviews lessons learned from PIRs
• Decides on the scope of change management
• Reviews metrics and decides on remedial actions
• Considers changes to be added to list of pre-approved changes
• Communicates to organization about upcoming changes

Change Manager

• Reviews RFCs for completeness
• Ensures RFCs brought to the CAB have a high chance of approval
• Chairs CAB meetings, including scheduling, agenda preparation, reporting, and follow-ups
• Manages post-implementation reviews and reporting
• Organizes internal communications (within IT)

2.1.1 Capture Roles and Responsibilities Using a RACI Chart

Input

• Current SOP

Output

• Documented roles and responsibilities in change management in a RACI chart

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Sticky notes
• Markers/pens
• Project Summary Template
• Change Management SOP

Participants

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

1. As a group, work through developing a RACI chart to determine the roles and responsibilities of individuals involved in the change management practice based on the following criteria:
   • Responsible (performs the work)
   • Accountable (ensures the work is done)
   • Consulted (two-way communication)
   • Informed (one-way communication)
2. Record your results in slide 14 of the Project Summary Template and section 3.1 of your Change Management SOP.

Designate a Change Manager to own the process, change templates, and tools

The Change Manager will be the point of contact for all process questions related to change management.

• The Change Manager needs the authority to reject change requests, regardless of the seniority of the requester.
• The Change Manager needs the authority to enforce compliance to a standard process.
• The Change Manager needs enough cross-functional subject-matter expertise to accurately evaluate the impact of change from both an IT and business perspective.

Info-Tech Best Practice

Some organizations will not be able to assign a dedicated Change Manager, but they must still task an individual with change review authority and with ownership of the risk assessment and other key parts of the process.

Responsibilities

1. The Change Manager is your first stop for change approval. Both the change management and release and deployment management processes rely on the Change Manager to function.
2. Every single change that is applied to the live environment, from a single patch to a major change, must originate with a request for change (RFC), which is then approved by the Change Manager to proceed to the CAB for full approval.
3. Change templates and tools, such as the change calendar, list of preapproved changes, and risk assessment template are controlled by the Change Manager.
4. The Change Manager also needs to have ownership over gathering metrics and reports surrounding deployed changes. A skilled Change Manager needs to have an aptitude for applying metrics for continual improvement activities.

2.1.2 Document Your Change Manager’s Responsibilities

Input

• Current Change Manager job description (if available)

Output

• Change Manager job description and list of responsibilities

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Markers/pens
• Info-Tech’s Change Manager Job Description
• Change Management SOP

Participants

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

1.Using the previous slide, Info-Tech’s Change Manager Job Description, and the examples below, brainstorm responsibilities for the Change Manager.

2.Record the responsibilities in Section 3.2 of your Change Management SOP.

Example:

Change Manager: James Corey

Responsibilities

1. Own the process, tools, and templates.
2. Control the Change Management SOP.
3. Provide standard RFC forms.
4. Distribute RFCs for CAB review.
5. Receive all initial RFCs and check them for completion.
6. Approve initial RFCs.
7. Approve pre-approved changes.
8. Approve the conversion of normal changes to pre-approved changes.
9. Assemble the Emergency CAB (E-CAB) when emergency change requests are received.
10. Approve submission of RFCs for CAB review.
11. Chair the CAB:
    • Set the CAB agenda and distribute it at least 24 hours before the meeting.
    • Ensure the agenda is adhered to.
    • Make the final approval/prioritization decision regarding a change if the CAB is deadlocked and cannot come to an agreement.
    • Distribute CAB meeting minutes to all members and relevant stakeholders.

Download the Change Manager Job Description

Create a Change Advisory Board (CAB) to provide process governance

The primary functions of the CAB are to:

1. Protect the live environment from poorly assessed, tested, and implemented changes.
   • CAB approval is required for all normal and emergency changes.
   • If a change results in an incident or outage, the CAB is effectively responsible; it’s the responsibility of the CAB to assess and accept the potential impact of every change.
2. Prioritize changes in a way that fairly reflects change impact and urgency.
   • Change requests will originate from multiple stakeholders, some of whom have competing interests.
   • It’s up to the CAB to prioritize these requests effectively so that business need is balanced with any potential risk to the infrastructure.
   • The CAB should seek to reduce the number of emergency/expedited changes.
3. Schedule deployments in a way that minimizes conflict and disruption.
   • The CAB uses a change calendar populated with project work, upcoming organizational initiatives, and change freeze periods. They will schedule changes around these blocks to avoid disrupting user productivity.
   • The CAB should work closely with the release and deployment management teams to coordinate change/release scheduling.

See what responsibilities in the CAB’s process are already performed by the DevOps lifecycle (e.g. authorization, deconfliction etc.). Do not duplicate efforts.

Use diverse representation from the business to form an effective CAB

The CAB needs insight into all areas of the business to avoid approving a high-risk change.

Based on the core responsibilities you have defined, the CAB needs to be composed of a diverse set of individuals who provide quality:

• Change need assessments – identifying the value and purpose of a proposed change.
• Change risk assessments – confirmation of the technical impact and likelihood assessments that lead to a risk score, based on the inputs in RFC.
• Change scheduling – offer a variety of perspectives and responsibilities and will be able to identify potential scheduling conflicts.

Info-Tech Best Practice

Form a core CAB (members attend every week) and an optional CAB (members who attend only when a change impacts them or when they can provide value in discussions about a change). This way, members can have their voice heard without spending every week in a meeting where they do not contribute.

2.1.3 Define the Authority and Responsibilities of Your CAB

Input

• Current SOP or CAB charter (if available)

Output

• Documented list of CAB authorities and responsibilities

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Markers/pens
• Change Management SOP
• Project Summary Template

Participants

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

1.Using the previous slide and the examples below, list the authorities and responsibilities of your CAB.

2.Record the responsibilities in section 3.3.2 of your Change Management SOP and the Project Summary Template.

Example:

Establish an emergency CAB (E-CAB) protocol

• When an emergency change request is received, you will not be able to wait until the regularly scheduled CAB meeting.
• As a group, decide who will sit on the E-CAB and what their protocol will be when assessing and approving emergency changes.

Change owner conferences with E-CAB (best efforts to reach them) through email or messaging.

E-CAB members and business system owners are provided with change details. No decision is made without feedback from at least one E-CAB member.

If business continuity is being affected, the Change Manager has authority to approve change.

Full documentation of the change (a retroactive RFC) is done after the change and is then reviewed by the CAB.

Info-Tech Best Practice

Members of the E-CAB should be a subset of the CAB who are typically quick to respond to their messages, even at odd hours of the night.

2.1.4 Determine an E-CAB Protocol for Your Organization

Input

• Current SOP or CAB charter (if available)

Output

• E-CAB protocol

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Markers/pens
• Change Management SOP

Participants

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

1. Gather the members of the E-CAB and other necessary representatives from the change management team.
2. Determine the order of operations for the E-CAB in the event that an emergency change is needed.
3. Consult the example emergency protocol below. Determine what roles and responsibilities are involved at each stage of the emergency change’s implementation.
4. Document the E-CAB protocol in section 3.4 of your Change Management SOP.

Example

Assemble E-CAB

Assess Change

Test (if Applicable)

Deploy Change

Create Retroactive RFC

Review With CAB

Step 2.2

Build Core Workflows

Activities

2.2.1 Build a CMDB-lite as a Reference for Requested Changes

2.2.2 Create a Normal Change Process

2.2.3 Create a Pre-Approved Change Process

2.2.4 Create an Emergency Change Process

Establish Roles and Workflows

Step 2.1: Determine Roles and Responsibilities → Step 2.2: Build Core Workflows

This step involves the following participants:

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

Outcomes of this step

• Emergency change workflow
• Normal process workflow
• Pre-approved change workflow

Establishing Workflows: Change Management Lifecycle

Improve

• A post-implementation review assesses the value of the actual change measured against the proposed change in terms of benefits, costs, and impact.
• Results recorded in the change log.
• Accountability: Change Manager Change Implementer

Request

• A change request (RFC) can be submitted via paper form, phone, email, or web portal.
• Accountability: Change requester/Initiator

Assess

• The request is screened to ensure it meets an agreed-upon set of business criteria.
• Changes are assessed on:
  • Impact of change
  • Risks or interdependencies
  • Resourcing and costs
• Accountability: Change Manager

Plan

• Tasks are assigned, planned, and executed.
• Change schedule is consulted and necessary resources are identified.
• Accountability: Change Manager

Approve

• Approved requests are sent to the most efficient channel based on risk, urgency, and complexity.
• Change is sent to CAB members for final review and approval
• Accountability: Change Manager
  • Change Advisory Board

Implement

• Approved changes are deployed.
• A rollback plan is created to mitigate risk.
• Accountability: Change Manager Change Implementer

Establishing workflows: employ a SIPOC model for process definition

A good SIPOC (supplier, input, process, output, customer) model helps establish the boundaries of each process step and provides a concise definition of the expected outcomes and required inputs. It’s a useful and recommended next step for every workflow diagram.

For change management, employ a SIPOC model to outline your CAB process:

Supplier

• Who or what organization provides the inputs to the process? The supplier can be internal or external.

Input

• What goes into the process step? This can be a document, data, information, or a decision.

Process

• Activities that occur in the process step that’s being analyzed.

Output

• What does the process step produce? This can be a document, data, information, or a decision.

Customer

• Who or what organization(s) takes the output of the process? The customer can be internal or external.

Optional Fields

Metrics

• Top-level indicators that usually relate to the input and output, e.g. turnaround time, risk matrix completeness.

Controls

• Checkpoints to ensure process step quality.

Dependencies

• Other process steps that require the output.

RACI

• Those who are Responsible, Accountable, Consulted, or Informed (RACI) about the input, output, and/or process.

Establish change workflows: assess requested changes to identify impact and dependencies

An effective change assessment workflow is a holistic process that leaves no stone unturned in an effort to mitigate risk before any change reaches the approval stage. The four crucial areas of risk in a change workflow are:

Dependencies

Identify all components of the change.

Ask how changes will affect:

• Services on the same infrastructure?
• Applications?
• Infrastructure/app architecture?
• Security?
• Ability to support critical systems?

Business Impact

Frame the change from a business point of view to identify potential disruptions to business activities.

Your assessment should cover:

• Business processes
• User productivity
• Customer service
• BCPs

SLA Impact

Each new change can impact the level of service available.

Examine the impact on:

• Availability of critical systems
• Infrastructure and app performance
• Infrastructure and app capacity
• Existing disaster recovery plans and procedures

Required Resources

Once risk has been assessed, resources need to be identified to ensure the change can be executed.

These include:

• People (SMEs, tech support, work effort/duration)
• System time for scheduled implementation
• Hardware or software (new or existing, as well as tools)

Establishing workflows: pinpoint dependencies to identify the need for additional changes

An assessment of each change and a query of the CMDB needs to be performed as part of the change planning process to mitigate outage risk.

• A version upgrade on one piece of software may require another component to be upgraded as well. For example, an upgrade to the database management system requires that an application that uses the database be upgraded or modified.
• The sequence of the release must also be determined, as certain components may need to be upgraded before others. For example, if you upgrade the Exchange Server, a Windows update must be installed prior to the Exchange upgrade.
• If you do not have a CMDB, consider building a CMDB-lite, which consists of a listing of systems, primary users, SMEs, business owners, and system dependencies (see next slide).

Services Impacted

• Have affected services been identified?
• Have supporting services been identified?
• Has someone checked the CMDB to ensure all dependencies have been accounted for?
• Have we referenced the service catalog so the business approves what they’re authorizing?

Technical Teams Impacted

• Who will support the change throughout testing and implementation?
• Will additional support be needed?
• Do we need outside support from eternal suppliers?
• Has someone checked the contract to ensure any additional costs have been approved?

Build a dependency matrix to avoid change related collisions (optional)

A CMDB-lite does not replace a CMDB but can be a valuable tool to leverage when requesting changes if you do not currently have configuration management. Consider the following inputs when building your own CMDB-lite.

• System
  • To build a CMDB-lite, start with the top 10 systems in your environment that experience changes. This list can always be populated iteratively.
• Primary Users
  • Listing the primary users will give a change requester a first glance at the impact of the change.
  • You can also use this information when looking at the change communication and training after the change is implemented.
• SME/Backup
  • These are the staff that will likely build and implement the change. The backup is listed in case the primary is on holiday.
• Business System Owner
  • The owner of the system is one of the people needed to sign off on the change. Having their support from the beginning of a change is necessary to build and implement it successfully.
• Tier 1 Dependency
  • If the primary system experiences and outage, Tier 1 dependency functionality is also lost. To request a change, include the business system owner signoffs of the Tier 1 dependencies of the primary system.
• Tier 2 Dependency
  • If the primary system experiences an outage, Tier 2 dependency functionality is lost, but there is an available workaround. As with Tier 1, this information can help you build a backout plan in case there is a change-related collision.
• Tier 3 Dependency
  • Tier 3 functionality is not lost if the primary system experiences an outage, but nice-to-haves such as aesthetics are affected.

2.2.1 Build a CMDB-lite as a Reference for Requested Changes

Input

• Current system ownership documentation

Output

• Documented reference for change requests (CMDB-lite)

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Sticky notes
• Markers/pens

Participants

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

1. Start with a list of your top 10-15 systems/services with the highest volume of changes.
2. Using a whiteboard, flip chart, or shared screen, complete the table below by filling the corresponding Primary Users, SMEs, Business System Owner, and Dependencies as shown below. It may help to use sticky notes.
3. Iteratively populate the table as you notice gaps with incoming changes.

Establishing workflows: create standards for change approvals to improve efficiency

• Not all changes are created equal, and not all changes require the same degree of approval. As part of the change management process, it’s important to define who is the authority for each type of change.
• Failure to do so can create bureaucratic bottlenecks if each change is held to an unnecessary high level of scrutiny, or unplanned outages may occur due to changes circumventing the formal approval process.
• A balance must be met and defined to ensure the process is not bypassed or bottlenecked.

Info-Tech Best Practice

Define a list pre-approved changes and automate them (if possible) using your ITSM solution. This will save valuable time for more important changes in the queue.

Example:

Example process: Normal Change – Change Initiation

Change initiation allows for assurance that the request is in scope for change management and acts as a filter for out-of-scope changes to be redirected to the proper workflow. Initiation also assesses who may be assigned to the change and the proper category of the change, and results in an RFC to be populated before the change reaches the build and test phase.

The change trigger assessment is critical in the DevOps lifecycle. This can take a more formal role of a technical review board (TRB) or, with enough maturity, may be automated. Responsibilities such as deconfliction, dependency identification, calendar query, and authorization identification can be done early in the lifecycle to decrease or eliminate the burden on CAB.

For the full process, refer to the Change Management Process Library.

Example process: Normal Change – Technical Build and Test

The technical build and test stage includes all technical prerequisites and testing needed for a change to pass before proceeding to approval and implementation. In addition to a technical review, a solution consisting of the implementation, rollback, communications, and training plan are also built and included in the RFC before passing it to the CAB.

For the full process, refer to the Change Management Process Library.

Example process: Normal Change – Change Approval (CAB)

Change approval can start with the Change Manager reviewing all incoming RFCs to filter them for completeness and check them for red flags before passing them to the CAB. This saves the CAB from discussing incomplete changes and allows the Change Manager to set a CAB agenda before the CAB meeting. If need be, change approval can also set vendor communications necessary for changes, as well as the final implementation date of the change. The CAB and Change Manager may follow up with the appropriate parties notifying them of the approval decision (accepted, rescheduled, or rejected).

For the full process, refer to the Change Management Process Library.

Example process: Normal Change – Change Implementation

Changes should not end at implementation. Ensure you define post-implementation activities (documentation, communication, training etc.) and a post-implementation review in case the change does not go according to plan.

For the full process, refer to the Change Management Process Library.

2.2.2 Create a Normal Change Process

Input

• Current SOP/workflow library

Output

• Normal change process

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Pens/markers
• Sticky notes
• Change Management Process Library
• Change Management SOP

Participants

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

1. Gather representatives from the change management team.
2. Using the examples shown on the previous few slides, work as a group to determine the workflow for a normal change, with particular attention to the following sub-processes:
   1. Request
   2. Assessment
   3. Plan
   4. Approve
   5. Implementation and Post-Implementation Activities
3. Optionally, you may create variations of the workflow for minor, medium, and major changes (e.g. there will be fewer authorizations for minor changes).
4. For further documentation, you may choose to run the SIPOC activity for your CAB as outlined on this slide.
5. Document the resulting workflows in the Change Management Process Library and section 11 of your Change Management SOP.

Download the Change Management Process Library.

Identify and convert low-risk normal changes to pre-approved once the process is established

As your process matures, begin creating a list of normal changes that might qualify for pre-approval. The most potential for value in gains from change management comes from re-engineering and automating of high-volume changes. Pre-approved changes should save you time without threatening the live environment.

IT should flag changes they would like pre-approved:

• Once your change management process is firmly established, hold a meeting with all staff that make change requests and build changes.
• Run a training session detailing the traits of pre-approved changes and ask these individuals to identify changes that might qualify.
• These changes should be submitted to the Change Manager and reviewed, with the help of the CAB, to decide whether or not they qualify for pre-approval.

Pre-approved changes are not exempt from due diligence:

• Once a change is designated as pre-approved, the deployment team should create and compile all relevant documentation:
  • An RFC detailing the change, dependencies, risk, and impact.
  • Detailed procedures and required resources.
  • Implementation and backout plan.
  • Test results.
• When templating the RFC for pre-approved changes, aim to write the documentation as if another SME were to implement it. This reduces confusion, especially if there’s staff turnover.
• The CAB must approve, sign off, and keep a record of all documents.
• Pre-approved changes must still be documented and recorded in the CMDB and change log after each deployment.

Info-Tech Best Practice

At the beginning of a change management process, there should be few active pre-approved changes. However, prior to launch, you may have IT flag changes for conversion.

Example process: Pre-Approved Change Process

For the full process, refer to the Change Management Process Library.

Review the pre-approved change list regularly to ensure the list of changes are still low-risk and repeatable.

IT environments change. Don’t be caught by surprise.

• Changes which were once low-risk and repeatable may cause unforeseen incidents if they are not reviewed regularly.
• Dependencies change as the IT environment changes. Ensure that the changes on the pre-approved change list are still low-risk and repeatable, and that the documentation is up to date.
• If dependencies have changed, then move the change back to the normal category for reassessment. It may be redesignated as a pre-approved change once the documentation is updated.

Info-Tech Best Practice

Other reasons for moving a pre-approved change back to the normal category is if the change led to an incident during implementation or if there was an issue during implementation.

Seek new pre-approved change submissions. → Re-evaluate the pre-approved change list every 4-6 months.

For the full process, refer to the Change Management Process Library.

2.2.3 Create a Pre-Approved Change Process

Input

• Current SOP/workflow library

Output

• Pre-approved change process

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Pens/markers
• Sticky notes
• Change Management Process Library
• Change Management SOP

Participants

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

1. Gather representatives from the change management team.
2. Using the examples shown on the previous few slides, work as a group to determine the workflow for a pre-approved change, with particular attention to the following sub-processes:
   1. Request
   2. Assessment
   3. Plan
   4. Approve
3. Document the process of a converting a normal change to pre-approved. Include the steps from flagging a low-risk change to creating the related RFC template.
4. Document the resulting workflows in the Change Management Process Library and sections 4.2 and 13 of your Change Management SOP.

Reserve the emergency designation for real emergencies

• Emergency changes have one of the following triggers:
  • A critical incident is impacting user productivity.
  • An imminent critical incident will impact user productivity.
• Unless a critical incident is being resolved or prevented, the change should be categorized as normal.
• An emergency change differs from a normal change in the following key aspects:
  • An emergency change is required to recover from a major outage – there must be a validated service desk critical incident ticket.
  • An urgent business requirement is not an “emergency.”
  • An RFC is created after the change is implemented and the outage is over.
  • A review by the full CAB occurs after the change is implemented.
  • The first responder and/or the person implementing the change may not be the subject matter expert for that system.
• In all cases, an RFC must be created and the change must be reviewed by the full CAB. The review should occur within two business days of the event.

Info-Tech Best Practice

Change requesters should be made aware that senior management will be informed if an emergency RFC is submitted inappropriately. Emergency requests trigger urgent CAB meetings, are riskier to deploy, and delay other changes waiting in the queue.

Example process: Emergency Change Process

When building your emergency change process, have your E-CAB protocol from activity 2.1.4 handy.

• Focus on the following requirements for an emergency process:
  • E-CAB protocol and scope: Does the SME need authorization first before working on the change or can the SME proceed if no E-CAB members respond?
  • Documentation and communication to stakeholders and CAB after the emergency change is completed.
  • Input from incident management.

For the full process, refer to the Change Management Process Library.

2.2.4 Create an Emergency Change Process

Input

• Current SOP/workflow library

Output

• Emergency change process

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Pens/markers
• Sticky notes
• Change Management Process Library
• Change Management SOP

Participants

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

1. Gather representatives from the change management team.
2. Using the examples shown on the previous few slides, work as a group to determine the workflow for an emergency change, with particular attention to the following sub-processes:
   1. Request
   2. Assessment
   3. Plan
   4. Approve
3. Ensure that the E-CAB protocol from activity 2.1.4 is considered when building your process.
4. Document the resulting workflows in the Change Management Process Library and section 12 of your Change Management SOP.

Case Study (part 2 of 4)

Intel implemented a robust change management process.

Industry: Technology

Source: Daniel Grove, Intel

Challenge

Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.

Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.

Intel’s change management program is responsible for over 4,000 changes each week.

Solution

Intel identified 37 different change processes and 25 change management systems of record with little integration.

Software and infrastructure groups were also very siloed, and this no doubt contributed to the high number of changes that caused outages.

The task was simple: standards needed to be put in place and communication had to improve.

Results

Once process ownership was assigned and the role of the Change Manager and CAB clarified, it was a simple task to streamline and simplify processes among groups.

Intel designed a new, unified change management workflow that all groups would adopt.

Automation was also brought into play to improve how RFCs were generated and submitted.

Phase 3

Define the RFC and Post-Implementation Activities

Define Change Management

1.1 Assess Maturity

1.2 Categorize Changes and Build Your Risk Assessment

Establish Roles and Workflows

2.1 Determine Roles and Responsibilities

2.2 Build Core Workflows

Define the RFC and Post-Implementation Activities

3.1 Design the RFC

3.2 Establish Post-Implementation Activities

Measure, Manage, and Maintain

4.1 Identify Metrics and Build the Change Calendar

4.2 Implement the Project

This phase will guide you through the following activities:

• Design the RFC
• Establish Post-Implementation Activities

This phase involves the following participants:

• IT Director
• Infrastructure Manager
• Change Manager
• Members of the Change Advisory Board

Step 3.1

Design the RFC

Activities

3.1.1 Evaluate Your Existing RFC Process

3.1.2 Build the RFC Form

Define the RFC and Post-Implementation Activities

Step 3.1: Design the RFC

Step 3.2: Establish Post-Implementation Activities

This step involves the following participants:

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

Outcomes of this step

• A full RFC template and process that compliments the workflows for the three change categories

A request for change (RFC) should be submitted for every non-standard change

An RFC should be submitted through the formal change management practice for every change that is not a standard, pre-approved change (a change which does not require submission to the change management practice).

• The RFC should contain all the information required to approve a change. Some information will be recorded when the change request is first initiated, but not everything will be known at that time.
• Further information can be added as the change progresses through its lifecycle.
• The level of detail that goes into the RFC will vary depending on the type of change, the size, and the likely impact of the change.
• Other details of the change may be recorded in other documents and referenced in the RFC.

Info-Tech Insight

Keep the RFC form simple, especially when first implementing change management, to encourage the adoption of and compliance with the process.

RFCs should contain the following information, at a minimum:

1. Contact information for requester
2. Description of change
3. References to external documentation
4. Items to be changed, reason for the change, and impact of both implementing and not implementing the change
5. Change type and category
6. Priority and risk assessment
7. Predicted time frame, resources, and cost
8. Backout or remediation plan
9. Proposed approvers
10. Scheduled implementation time
11. Communications plan and post-implementation review

3.1.1 Evaluate Your Existing RFC Process

Input

• Current RFC form or stock ITSM RFC
• Current SOP (if available)

Output

• List of changes to the current RFC form and RFC process

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Projector
• Markers/pens
• Laptop with ITSM admin access
• Request for Change Form Template
• Change Management SOP

Participants

• IT Director
• Infrastructure Manager
• Change Manager
• Members of the Change Advisory Board

1. If the organization is already using an RFC form, review it as a group now and discuss its contents:
   • Does this RFC provide adequate information for the Change Manager and/or CAB to review?
   • Should any additional fields be added?
2. Show the participants Info-Tech’s Request for Change Form Template and compare it to the one the organization is currently using.
3. As a group, finalize an RFC table of contents that will be used to formalize a new or improved RFC.
4. Decide which fields should be filled out by the requester before the initial RFC is submitted to the Change Manager:
   • Many sections of the RFC are relevant for change assessment and review. What information does the Change Manager need when they first receive a request?
   • The Change Manager needs enough information to ensure that the change is in scope and has been properly categorized.
5. Decide how the RFC form should be submitted and reviewed; this can be documented in section 5 of your Change Management SOP.

Download the Request for Change Form Template.

Design the RFC to encourage process buy-in

• When building the RFC, split the form up into sections that follow the normal workflow (e.g. Intake, Assessment and Build, Approval, Implementation/PIR). This way the form walks the requester through what needs to be filled and when.
• Revisit the form periodically and solicit feedback to continually improve the user experience. If there’s information missing on the RFC that the CAB would like to know, add the fields. If there are sections that are not used or not needed for documentation, remove them.
• Make sure the user experience surrounding your RFC form is a top priority – make it accessible, otherwise change requesters simply will not use it.
• Take advantage of your ITSM’s dropdown lists, automated notifications, CMDB integrations, and auto-generated fields to ease the process of filling the RFC

Draft:

• Change requester
• Requested date of deployment
• Change risk: low/medium/high
• Risk assessment
• Description of change
• Reason for change
• Change components

Technical Build:

• Assess change:
  • Dependencies
  • Business impact
  • SLA impact
  • Required resources
  • Query the CMS
• Plan and test changes:
  • Test plan
  • Test results
  • Implementation plan
  • Backout plan
  • Backout plan test results

CAB:

• Approve and schedule changes:
  • Final CAB review
  • Communications plan

Complete:

• Deploy changes:
  • Post-implementation review

Designing your RFC: RFC draft

• Change requester – link your change module to the active directory to pull the change requester’s contact information automatically to save time.
• A requested date of deployment gives approvers information on timeline and can be used to query the change calendar for possible conflicts
• Information about risk assessment based on impact and likelihood questionnaires are quick to fill out but provide a lot of information to the CAB. The risk assessment may not be complete at the draft stage but can be updated as the change is built. Ensure this field is up-to- date before it reaches CAB.
• If you have a technical review stage where changes are directed to the proper workflow and resourcing is assessed, the description, reason, and change components are high-level descriptors of the change that will aid in discovery and lining the change up with the business vision (viability from both a technical and business standpoint).

• Change requester
• Requested date of deployment
• Change Risk: low/medium/high
• Risk assessment
• Description of change
• Reason for change
• Change components

Use the RFC to point to documentation already gathered in the DevOps lifecycle to cut down on unnecessary manual work while maintaining compliance.

Designing your RFC: technical build

• Dependencies and CMDB query, along with the proposed implementation date, are included to aid in calendar deconfliction and change scheduling. If there’s a conflict, it’s easier to reschedule the proposed change early in the lifecycle.
• Business, SLA impact, and required resources can be tracked to provide the CAB with information on the business resources required. This can also be used to prioritize the change if conflicts arise.
• Implementation, test, and backout plans must be included and assessed to increase the probability that a change will be implemented without failure. It’s also useful in the case of PIRs to determine root causes of change-related incidents.

• Assess change:
  • Dependencies
  • Business impact
  • SLA impact
  • Required resources
  • Query the CMS
• Plan and test changes:
  • Test plan
  • Test results
  • Implementation plan
  • Backout plan
  • Backout plan test results

Designing your RFC: approval and deployment

• Documenting approval, rejection, and rescheduling gives the change requester the go-ahead to proceed with the change, rationale on why it was prioritized lower than another change (rescheduled), or rationale on rejection.
• Communications plans for appropriate stakeholders can also be modified and forwarded to the communications team (e.g. service desk or business system owners) before deployment.
• Post-implementation activities and reviews can be conducted if need be before a change is closed. The PIR, if filled out, should then be appended to any subsequent changes of the same nature to avoid making the same mistake twice.

• Approve and schedule changes:
  • Final CAB review
  • Communications plan
• Deploy changes:
  • Post-implementation review

Standardize the request for change protocol

1. Submission Standards
   • Electronic submission will make it easier for CAB members to review the documentation.
   • As the change goes through the assessment, plan, and test phase, new documentation (assessments, backout plans, test results, etc.) can be attached to the digital RFC for review by CAB members prior to the CAB meeting.
   • Change management software won’t be necessary to facilitate the RFC submission and review; a content repository system, such as SharePoint, will suffice.
2. Designate the first control point
   • All RFCs should be submitted to a single point of contact.
   • Ideally, the Change Manager or Technical Review Board should fill this role.
   • Whoever is tasked with this role needs the subject matter expertise to ensure that the change has been categorized correctly, to reject out-of-scope requests, or to ask that missing information be provided before the RFC moves through the full change management practice.

Info-Tech Best Practice

Technical and SME contacts should be noted in each RFC so they can be easily consulted during the RFC review.

3.1.2 Build the RFC Form

Input

• Current RFC form or stock ITSM RFC
• Current SOP (if available)

Output

• List of changes to the current RFC and RFC process

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Projector
• Markers/pens
• Laptop with ITSM admin access
• Request for Change Form Template

Participants

• IT Director
• Infrastructure Manager
• Change Manager
• Members of the Change Advisory Board

1. Use Info-Tech’s Request for Change Form Template as a basis for your RFC form.
2. Use this template to standardize your change request process and ensure that the appropriate information is documented effectively each time a request is made. The change requester and Change Manager should consolidate all information associated with a given change request in this form. This form will be submitted by the change requester and reviewed by the Change Manager.

Case Study (part 3 of 4)

Intel implemented automated RFC form generation.

Industry: Technology

Source: Daniel Grove, Intel

Challenge

Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.

Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.

Intel’s change management program is responsible for over 4,000 changes each week.

Solution

One of the crucial factors that was impacting Intel’s change management efficiency was a cumbersome RFC process.

A lack of RFC usage was contributing to increased ad hoc changes being put through the CAB, and rescheduled changes were quite high.

Additionally, ad hoc changes were also contributing heavily to unscheduled downtime within the organization.

Results

Intel designed and implemented an automated RFC form generator to encourage end users to increase RFC usage.

As we’ve seen with RFC form design, the UX/UI of the form needs to be top notch, otherwise end users will simply circumvent the process. This will contribute to the problems you are seeking to correct.

Thanks to increased RFC usage, Intel decreased emergency changes by 50% and reduced change-caused unscheduled downtime by 82%.

Step 3.2

Establish Post-Implementation Activities

Activities

3.2.1 Determine When the CAB Would Reject Tested Changes

3.2.2 Create a Post-Implementation Activity Checklist

Define the RFC and Post-Implementation Activities

Step 3.1: Design RFC

Step 3.2: Establish Post-Implementation Activities

This step involves the following participants:

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

Outcomes of this step

• A formalized post-implementation process for continual improvement

Why would the CAB reject a change that has been properly assessed and tested?

Possible reasons the CAB would reject a change include:

• The product being changed is approaching its end of life.
• The change is too costly.
• The timing of the change conflicts with other changes.
• There could be compliance issues.
• The change is actually a project.
• The risk is too high.
• There could be regulatory issues.
• The peripherals (test, backout, communication, and training plans) are incomplete.

Info-Tech Best Practice

Many reasons for rejection (listed above) can be caught early on in the process during the technical review or change build portion of the change. The earlier you catch these reasons for rejection, the less wasted effort there will be per change.

Determine When the CAB Would Reject Tested Changes

Input

• Current SOP (if available)

Output

• List of reasons to reject tested changes

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Projector
• Markers/pens
• Laptop with ITSM admin access
• Project Summary Template

Participants

• IT Director
• Infrastructure Manager
• Change Manager
• Members of the Change Advisory Board

Avoid hand-offs to ensure a smooth implementation process

The implementation phase is the final checkpoint before releasing the new change into your live environment. Once the final checks have been made to the change, it’s paramount that teams work together to transition the change effectively rather than doing an abrupt hand-off. This could cause a potential outage.

1.

• Deployment resources identified, allocated, and scheduled
• Documentation complete
• Support team trained
• Users trained
• Business sign-off
• Target systems identified and ready to receive changes
• Target systems available for installation maintenance window scheduled
• Technical checks:
  • Disk space available
  • Pre-requisites met
  • Components/Services to be updated are stopped
  • All users disconnected
• Download Info-Tech’sChange Management Pre-Implementation Checklist

Implement change →

2.

1. Verification – once the change has been implemented, verify that all requirements are fulfilled.
2. Review – ensure that all affected systems and applications are operating as predicted. Update change log.
3. Transition – a crucial phase of implementation that’s often overlooked. Once the change implementation is complete from a technical point of view, it’s imperative that the team involved with the change inform and train the group responsible for managing the new change.

Create a backout plan to reduce the risk of a failed change

Every change process needs to plan for the potential for failure and how to address it effectively. Change management’s solution to this problem is a backout plan.

A backout plan needs to contain a record of the steps that need to be taken to restore the live environment back to its previous state and maintain business continuity. A good backout plan asks the following questions:

1. How will failure be determined? Who will make the determination to back out of a change be made and when?
2. Do we fix on fail or do we rollback to the previous configuration?
3. Is the service desk aware of the impending change? Do they have proper training?

Notify the Service Desk

• Notify the Service Desk about backout plan initiation.

Disable Access

• Disable user access to affected system(s).

Conduct Checks

• Conduct checks to all affected components.

Enable User Access

• Enable user access to affected systems.

Notify the Service Desk

• Notify the service desk that the backout plan was successful.

Info-Tech Best Practice

As part of the backout plan, consider the turnback point in the change window. That is, the point within the change window where you still have time to fully back out of the change.

Ensure the following post-implementation review activities are completed

Service Catalog

Update the service catalog with new information as a result of the implemented change.

CMDB

Update new dependencies present as a result of the new change.

Asset DB

Add notes about any assets newly affected by changes.

Architecture Map

Update your map based on the new change.

Technical Documentation

Update your technical documentation to reflect the changes present because of the new change.

Training Documentation

Update your training documentation to reflect any information about how users interact with the change.

Use a post-implementation review process to promote continual improvement

The post-implementation review (PIR) is the most neglected change management activity.

• All changes should be reviewed to understand the reason behind them, appropriateness, and recommendations for next steps.
• The Change Manager manages the completion of information PIRs and invites RFC originators to present their findings and document the lessons learned.

Info-Tech Best Practice

Review PIR reports at CAB meetings to highlight the root causes of issues, action items to close identified gaps, and back-up documentation required. Attach the PIR report to the relevant RFC to prevent similar changes from facing the same issues in the future.

1. Why do a post-implementation review?
   • Changes that don’t fail but don’t perform well are rarely reviewed.
   • Changes may fail subtly and still need review.
   • Changes that cause serious failures (i.e. unplanned downtime) receive analysis that is unnecessarily in-depth.
2. What are the benefits?
   • A proactive, post-implementation review actually uses less resources than reactionary change reviews.
   • Root-cause analysis of failed changes, no matter what the impact.
   • Insight into changes that took longer than projected.
   • Identification of previously unidentified risks affecting changes.

Determine the strategy for your PIR to establish a standardized process

Capture the details of your PIR process in a table similar to the one below.

3.2.2 Create a Post-Implementation Activity Checklist

Input

• Current SOP (if available)

Output

• List of reasons to reject tested changes

Materials

• Whiteboard/flip charts (or shared screen if working remotely)
• Projector
• Markers/pens
• Laptop with ITSM admin access
• Change Management Post-Implementation Checklist

Participants

• CIO
• IT Managers
• Change Manager
• Members of the Change Advisory Board

1. Gather representatives from the change management team.
2. Brainstorm duties to perform following the deployment of a change. Below is a sample list:
   • Example:
     • Was the deployment successful?
       • If no, was the backout plan executed successfully?
     • List change-related incidents
     • Change assessment
       • Missed dependencies
       • Inaccurate business impact
       • Incorrect SLA impact
       • Inaccurate resources
         • Time
         • Staff
         • Hardware
     • System testing
     • Integration testing
     • User acceptance testing
     • No backout plan
     • Backout plan failure
     • Deployment issues
3. Record your results in the Change Management Post-Implementation Checklist.

Download the Change Management Post-Implementation Checklist

Case Study

Microsoft used post-implementation review activities to mitigate the risk of a critical Azure outage.

Industry: Technology

Source: Jason Zander, Microsoft

Challenge

In November 2014, Microsoft deployed a change intended to improve Azure storage performance by reducing CPU footprint of the Azure Table Front-Ends.

The deployment method was an incremental approach called “flighting,” where software and configuration deployments are deployed incrementally to Azure infrastructure in small batches.

Unfortunately, this software deployment caused a service interruption in multiple regions.

Solution

Before the software was deployed, Microsoft engineers followed proper protocol by testing the proposed update. All test results pointed to a successful implementation.

Unfortunately, engineers pushed the change out to the entire infrastructure instead of adhering to the traditional flighting protocol.

Additionally, the configuration switch was incorrectly enabled for the Azure Blob storage Front-Ends.

A combination of the two mistakes exposed a bug that caused the outage.

Results

Thankfully, Microsoft had a backout plan. Within 30 minutes, the change was rolled back on a global scale.

It was determined that policy enforcement was not integrated across the deployment system. An update to the system shifted the process of policy enforcement from human-based decisions and protocol to automation via the deployment platform.

Defined PIR activities enabled Microsoft to take swift action against the outage and mitigate the risk of a serious outage.

Phase 4

Measure, Manage, and Maintain

Define Change Management

1.1 Assess Maturity

1.2 Categorize Changes and Build Risk Assessment

Establish Roles and Workflows

2.1 Determine Roles and Responsibilities

2.2 Build Core Workflows

Define RFC and Post-Implementation Activities

3.1 Design RFC

3.2 Establish post-implementation activities

Measure, Manage, and Maintain

4.1 Identify Metrics and Build the Change Calendar

4.2 Implement the Project

This phase will guide you through the following activities:

• Identify Metrics and Build the Change Calendar
• Implement the Project

This phase involves the following participants:

• CIO/IT Director
• IT Managers
• Change Manager

Step 4.1

Identify Metrics and Build the Change Calendar

Activities

4.1.1 Create an Outline for Your Change Calendar

4.1.2 Determine Metrics, Key Performance Indicators (KPIs), and Critical Success Factors (CSFs)

4.1.3 Track and Record Metrics Using the Change Management Metrics Tool

Measure, Manage, and Maintain

Step 4.1: Identify Metrics and Build the Change Calendar

Step 4.2: Implement the Project

This step involves the following participants:

• CIO/IT Director
• IT Managers
• Change Manager

Outcomes of this step

• Clear definitions of change calendar content
• Guidelines for change calendar scheduling
• Defined metrics to measure the success of change management with associated reports, KPIs, and CSFs

Enforce a standard method of prioritizing and scheduling changes

The impact of not deploying the change and the benefit of deploying it should determine its priority.

Risk of Not Deploying