Change Management Policy
The Change Management Policy is a set of management rules that set the parameters and limits of changes within the Service Provider environment. It typically includes policy statements about the following:
- Recording of Changes in a Change Log
- Categorising Changes
- Standard Changes
- Non-Standard Changes
- Emergency Changes
- Assessing the Impact of Changes
- Scheduling of Changes
- Communicating Changes
- Authorising Changes
- Rollback of failed changes
Examples of Policy Statements
- All Changes must be recorded in the Change Log
- All Changes must be classified according to a defined classification system
- All Standard Changes must follow a tested, documented procedure and may be pre-authorised by a Change Manager.
- All High Risk and Non-Standard Changes must be evaluated and authorised by a Change Advisory Board (CAB)
- All Changes shall be scheduled and communicated using a Change Schedule
ISO/IEC 20000-1:2018 Requirements
The Change Management Policy is a mandatory document for ISO/IEC 20000-1:2018, and it should define the service components and other items that are under the control of change management, as well as the different categories of change and how they are to be managed. Additionally, this document includes the criteria to determine the potential impact of changes on customers and services. The purpose of this policy is to ensure that operational changes within the Service Provider are managed through an established process.