Change Management
A structured process for controlling and managing modifications to systems, applications, and infrastructure. Ensures changes are reviewed, tested, approved, and documented before implementation to reduce risk and maintain stability.
Change Control Board (CCB)
A formal committee responsible for reviewing and approving change requests. Evaluates the risk, scope, timing, and impact of proposed changes before granting permission to proceed.
Change Request Form
The formal document submitted to initiate a change. Includes purpose, scope, schedule, affected systems, risk assessment, and backout plan. Required for all changes regardless of perceived size.
Owner
The individual or department that initiates and oversees a change request. The owner manages the process, receives updates, and verifies the change was completed successfully. The owner does not usually perform the technical implementation.
Stakeholders
Individuals or groups affected by a proposed change, directly or indirectly. Must be identified and consulted before implementation. A single change can have far-reaching stakeholders beyond the obvious department.
Impact Analysis
An assessment of the potential risks and consequences of a proposed change, including risk level (high/medium/low), possible failure modes, and crucially β the risks of NOT making the change (security vulnerabilities, application instability, etc.).
Sandbox Environment
An isolated testing environment with no connection to production systems. Used to test changes safely before deploying to production. Also used to validate the backout plan. A "technological safe space."
Backout Plan
A documented procedure to revert systems to their previous state if a change causes problems. Must be tested before deployment. Some changes are difficult to reverse, making backups essential. Every change must have one.
Maintenance Window
The scheduled time period during which a change will be implemented. Chosen to minimize impact on production β typically overnight, weekends, or other low-usage periods. Retail environments may impose change freezes during peak seasons.
Change Freeze
A period during which no changes are permitted to production systems. Commonly implemented during critical business periods (e.g., retail holiday season from Thanksgiving to New Year) to prevent disruptions.
Standard Operating Procedure (SOP)
Documented procedures that define how changes are performed consistently and safely across the organization. Published on the intranet and accessible to all employees. A "living document" updated as requirements evolve.
Living Document
Documentation that is continuously updated to reflect current procedures, configurations, and requirements. Change management SOPs are living documents because technology and business needs constantly evolve.
Risk of Change
The potential negative consequences of implementing a change: the fix might not work, might break something else, might cause OS failure, or corrupt data. Assessed during impact analysis with a risk value (high/medium/low).
Risk of NOT Changing
The potential negative consequences of delaying or refusing a change: unpatched security vulnerabilities, unsupported software, application instability, or missed business functionality. Must be weighed against the risk of making the change.
Post-Change Verification
End-user acceptance testing performed after a change is implemented to confirm that the change worked correctly and did not introduce new problems. The owner is typically responsible for this verification step.
Change Calendar
A centralized schedule of all approved changes. Allows all stakeholders to proactively view upcoming changes and potential maintenance windows. Prevents scheduling conflicts between simultaneous changes.