Chapter 9 · Flashcards

Change Management Flashcards

16 cards covering the approval process, ownership, stakeholders, sandbox, and backout plans. Click to flip.

0 / 16 flipped

What is the purpose of change management?

To control and manage modifications to systems, applications, and infrastructure. Prevents downtime, reduces errors, ensures everyone is informed, and maintains system stability through a formal approval process.

What are the 8 steps of the change approval process?

1. Submit request form · 2. Define purpose · 3. Identify scope · 4. Schedule date/time · 5. Determine affected systems · 6. Analyze risk · 7. Get CCB approval · 8. End-user acceptance after change

What is the role of the owner in change management?

The owner is the department or individual who needs the change. They manage the process, receive updates, and verify completion. They do NOT usually perform the actual technical change — that's IT's job.

Who are stakeholders in a change?

Individuals or departments affected by the change — directly or indirectly. A shipping label upgrade affects not just Shipping, but also Accounting, Logistics, Customer Service, and even the CEO dashboard via revenue reporting.

What is an impact analysis?

An evaluation of the potential risks and consequences of a change. Assigns a risk level (High/Medium/Low). Must consider BOTH the risks of making the change AND the risks of NOT making it (security vulnerabilities, unsupported software, etc.).

What is a sandbox environment?

An isolated testing environment with no connection to production systems. Used to safely test changes, verify they work, and validate the backout plan before touching production. A "technological safe space."

What is a backout plan?

A documented procedure to revert systems to their previous state if a change fails. Must be written BEFORE the change, tested in sandbox, and have reliable backups. Some changes are difficult to reverse — plan carefully.

What is a maintenance window?

The scheduled time period for implementing a change. Chosen to minimize production impact — typically overnight, weekends, or off-peak hours. 24/7 operations may use primary/secondary failover strategies instead.

What is a change freeze?

A period during which no changes are permitted. Common in retail during Thanksgiving–New Year. Protects high-revenue periods from disruption. No exceptions except critical security emergencies.

What does CCB stand for, and what does it do?

Change Control Board. A formal committee that reviews all change requests, evaluates risk and scope, and approves or denies changes. Balances the risk of implementing vs. not implementing.

Why is change management called a "living document"?

Because the Standard Operating Procedures for change management are continuously updated as technology, business requirements, and processes evolve. They are never "finished" — always current.

What happens if a change is made without following process?

Risks include undocumented changes causing hard-to-diagnose failures, no backout plan if things go wrong, no notification to stakeholders, and inconsistency across systems. "It's just a quick fix" is the most dangerous phrase in IT.

How does a 24/7 organization handle change management?

Uses primary/secondary failover: switch users to a secondary system, upgrade the primary, then switch back. Often automated. Minimizes downtime without needing a traditional maintenance window.

What must be done after a change is implemented?

1. End-user acceptance testing (owner verifies functionality). 2. Update all documentation — diagrams, configurations, IP addresses, procedures. 3. Notify stakeholders of completion. 4. Close the change request formally.

What are the potential risks of a change?

The fix might not fix anything · The fix might break something else · Operating system failures · Data corruption · Disruption to dependent services. Risk is rated High/Medium/Low and must be weighed against risk of NOT changing.

What is the SOP in change management?

Standard Operating Procedure. Documented steps for making changes safely and consistently. Published on the intranet, accessible to all. Updated regularly as a living document. No one should make changes without referencing the SOP.