Member-only story
I have written before that managing IT has been done well and how to do it is written down. To me, the two most accessible codes are ISO 27001 and COBIT. I say that these methodologies are accessible, actually they tend to be behind paywalls.
One of the most frequent causes of failure, is a failed or faulty change to the IT systems. A lot has been written about Change and Release Management, some of it by me and so I thought I’d write this blog and collect my thoughts.
Good change management requires an explicit change management process, requiring an impact analysis including a data privacy impact analysis, testing records, including that the requirements have been met, the business case is still valid and that the proposed systems meet their non-functional requirements. It requires that all changes have a rollback plan. Also that any documentation including configuration records and any knowledge management artefacts are available. A training and communications plan is also required. If the change requires permission from regulators, that too needs to be acquired.
Changes need to be appropriately authorised, often by committee and these decisions recorded together with the presence or absence of any mandatory artefacts. The absence of key artefacts is a reason for withholding permission for the change. As noted above, some changes…
