Types of change management for ITSM teams
Change management is an IT practice designed to minimize disruptions to IT services while making changes to critical systems and services. A change is defined as adding, modifying, or removing anything that could have a direct or indirect effect on services.
Standard changes are low-risk, commonly repeated, and pre-approved. They’re performed frequently and follow a documented, approved process.
These changes are common and follow a well-defined process. Because that process has already gone through the risk assessment and approval process, it doesn’t need to go through the process again every time there’s another instance of that activity.
These standard changes can be a great candidate for automation, freeing up teams to focus on normal and emergency changes. Some companies even report that as many as 70% of standard changes can be automated.
Examples of standard changes
Adding memory or storage
Replacing a failing router with an identical working router
Creating a new instance of a database
Normal changes are non-emergency changes without a defined, pre-approved process.
Some normal changes—like a data center switch—are still high-risk and may require risk assessment and approval from a change advisory board. Others may be low-risk and can be approved quickly by a designated change authority or through automated checks and peer review.
Examples of normal changes
Upgrading to a new content management system
Migrating to a new data center
These changes arise from an unexpected error or threat and need to be addressed immediately—usually to restore service for customers or employees or secure systems against a threat.
The urgency of emergency changes means they need to be handled on a much tighter timeline because the risk of a lengthy review process is higher than the risks involved with resolving the issue quickly.
How you categorize your changes depends on factors including your organization, processes, and risk tolerance. We advocate dropping the "one size fits all" approach, and treating each change differently based on risk assessment. As your organization learns more about previous incidents, particular systems, and incorporates other relevant data, it should be possible to designate a higher share of changes as standard and pre-approve them. Modern change management should make change requests as simple and streamlined as possible.
Examples of emergency changes
Implementing a security patch
Dealing with a server outage
Resolving a major incident
How should you categorize changes?
These categories are a useful framework, but we recommend teams use them as guardrails for evolving change practices that meet their own needs. How your team categorizes changes depends on factors including your organization, processes, and risk tolerance. As your organization learns more about previous incidents, particular systems, and incorporates other relevant data, it should be possible to designate a higher share of changes as standard and pre-approve them. Modern change management should make change requests as simple and streamlined as possible.