We Are Intrepid
This document provides a statement of intent to direct and enforce the activities of the Change Management Process, in a controlled manner, to meet required levels of service. Any bespoke Change Control procedures implemented for specific Clients must still refer to and be based on this policy and be assessed and approved through the Intrepid Service Management team.
The purpose of this document is to establish a Change Management policy for the management of change control undertaken within Intrepid and its Clients.
This document is aimed to define Change Control and to outline the perquisite components, activities and responsibilities of those engaged in Change Control in Intrepid
This policy requires that Change Management is performed in accordance with established Change Management processes and procedures, and to ensure that controlled and stable baselines are established for assessing and controlling risk and impact in the implementation of changes within any Intrepid environment
This document applies to all users within Intrepid, including temporary users, visitors with temporary access to services and partners with limited or unlimited access to services. Compliance with policies in this document is mandatory for this constituency.
A change is an event that is:
approved by management
implemented with a minimised and accepted risk to existing IT infrastructure
results in a new status of one or more configuration items (CIs)
provides increased value to the business (increased revenue, avoided cost, or improved service) from the use of the new or enhanced IT systems.
The Intrepid Change Management policy shall govern and require that the Intrepid Change Management Process is followed along with all associated and referenced articles/components within the above.
The Intrepid Change Management policy is in place to ensure that regardless of the type of change:
Change Control shall be used in order to assess and manage the risk/impact of change
Used to plan for unexpected consequences both during and after a change is implemented
Is required to audit the care and attention to detail that we provide in managing/maintaining our Client infrastructures
That appropriate approvals are sought in order to audit and manage risk/impact
A detailed risk assessment of the change with a categorisation assigned to the change according to the determined risk/impact to the service
Change Requests at the medium and high risk level are Peer Reviewed not only to gauge risk/impact but as a technical “sense-check” of the proposed Change and its implementation steps
Change Requests of every risk level will require sign-off by the Account Manager
Please note that the remit of Change Management does not extend to:
Specifying how Account Managers should obtain approval from their Client
Recommending which changes the Account Manager should or should not seek explicit Client approval for
The Account Manager is responsible for:
Ensuring that Clients have suitable awareness of approved and scheduled changes
Notifying the Client if they need to provide consent before proceeding with the change
Obtaining Client consent where required
The above actions must take place before the Account Manager approves the change, which confirms that they have obtained Client consent or decided it is not required.
A detailed Technical Implementation Plan or Technical Specification is completed for all medium/high risk changes
Medium/high risk changes are always processed through a Change Advisory Board with the responsibility of approving and prioritising the change according to risk/impact and assessment of the level of detail within the Change Request for its accuracy
All Changes should be performed at an agreed time with appropriate notification to all affected parties in advance of the Change
All affected documentation/information is updated post-change to ensure consistency of information
Change Advisory Boards must consist of an agreed quorum of staff with the appropriate level of technical/management expertise in order to correctly assess the risk/impact of the change
By default, the Change Management Process should be followed. Where bespoke procedures are required for specific clients this Change Management Policy should be referenced and used as the benchmark for its implementation and it should be agreed with the Intrepid Service Management team before its implementation.
Roles | Responsibilities |
|---|---|
Peer Reviewer | “Sense Check” the risk, impact and technical implementation steps |
Change Advisory Board | Review, assessment and authorisation of Change Requests (CAB Escalations group for High Risk changes) |
Account Manager | Review and approval of all client changes and liaises with Clients for approval |
Service Management Team | Investigate failure to follow Change Control Procedures and identify scope for procedural improvements |
It is the responsibility of all Intrepid staff undertaking Change Management, and their Line Management, to understand, encourage and enforce responsibilities to work to Change Management procedures.
Failure to adhere to established processes and procedures will form a contributing factor to employee performance measurement. In extreme cases, such as when the performance of the business is negatively impacted by failure to do so, disciplinary action may result; for example:
Failure to follow the processes/procedures without prior approval of the Change Advisory Board
Failing to adequately write, review or update documentation in line with the defined responsibilities of staff roles (as defined in approved processes/procedures); or
Failing to ensure that any failure to meet standards is tracked for later rectification, by informing Service Management in each case, with justification (e.g. contradictory steering from Line Management)