Change Management in IT, ITIL, and ITSM

IT change management is a process designed to ensure “that standardized methods and procedures are used for efficient and prompt handling of all changes, in order to minimize the impact of change-related incidents upon service quality, and consequently improve the day-to-day operations of the organization." This definition comes from ITIL (formerly known as the Information Technology Infrastructure Library), the organization that first codified the IT change management process in 1989.

As in most areas of technology, the only constant in IT is change. ITIL’s work created a framework for IT change management designed to standardize processes and make sure that changes were conducted with the needs of the entire business in mind. Although businesses have relied on other frameworks such as COBITSix Sigma and TOGAF over the years, the ITIL framework remains the de facto standard for change management.

It’s important to note that IT change management, or organizational change management, is closely linked to IT service management (ITSM) and is usually considered a subset of ITSM. Both disciplines seek to ensure that changes to an organization’s IT infrastructure are executed in an effective, efficient, replicable fashion that can be documented and measured. ITSM adds an additional focus on the outcomes of change as experienced by the customer in terms of the service quality they receive.

In the following sections we’ll help you better understand IT change management, articulate the types of change, find ways to introduce change management in a rollout to your organization if you don’t already have a process, and provide guidance to evaluate your current process to make sure it’s working as effectively as possible.

The Importance of IT Change Management

IT pervades every aspect of the modern organization and is vital to ensuring the success of nearly every employee, department, organization and company. Without IT change management incorporated as a core discipline, it would be impossible for organizations to add new software, hardware and services, update, upgrade or streamline existing software and systems, maintain IT infrastructures and cooperate with other organizations — or even other parts of their own organization. While not a new technology, IT change management is an essential for every organization with more than a few employees. In new organizations, IT change management should be implemented as soon as possible to make sure a framework for growth is in place from the beginning.

Types of Change Management

A formal, well-documented change management process keeps all service providers and other stakeholders in the loop about initiatives and allows changes to be rolled back if they aren't implemented successfully.

The current iteration of the ITIL framework, ITIL 4, defines three types of changes:


 A solid change management process keeps all stakeholders in the loop, and includes standard, normal and emergency changes.

Standard changes: A low-risk, pre-authorized change often initiated as a service request that can also be an operational change. After creating or modifying the procedure for a standard change, a full risk assessment and authorization is required.

Normal changes: A change initiative that has to be scheduled, assessed and authorized following a stated process. A local team or supervisor can authorize low-risk normal changes, while major normal changes may require board-level authorization.

Emergency changes: A change implemented as soon as possible and not usually included in a change management plan, which often expedites the process for assessment and authorization so that the change can be implemented quickly. These changes should be subjected to the same testing, assessment and authorization as normal changes, when possible, but scheduling and documentation are deprioritized.

The Basic Change Management Process

IT change management is a process in which changes involving IT hardware, system software, application software and procedures are raised, evaluated and approved or denied. The ITIL change management process assesses “the impact, cost, benefit and risk of proposed changes, developing business justification and obtaining approval, managing and coordinating change implementation, monitoring and reporting on implementation, reviewing and closing change requests.”.

To manage these changes, teams follow a series of clearly defined steps designed to implement the changes without interrupting workflows or surprising users and management. Under ITIL guidelines, change management usually starts with a user-generated request for change (RFC). IT teams then evaluate the proposed changes to determine the type of change, its urgency and where it can be scheduled within other planned changes.

The change is then submitted to the appropriate decision-makers for authorization. Often this will include a change advisory board (CAB) that assesses, prioritizes and approves changes.

If the change isn’t approved, it can be updated and resubmitted for approval again at a later time. If the change receives full approval, the release management team then tests, integrates and deploys it. Once it’s implemented, the change management team follows up to make sure the change has the desired outcome.

What is a change advisory board (CAB)? 

A change advisory board (CAB) is a group of people who approve or deny change requests. A CAB is often made up of a core group of IT professionals inside an organization who may draw on the knowledge and expertise of others, either internally or externally, to enable change requests efficiently.

While a CAB ensures that change management fundamentals are followed, all potential effects of a change are considered and that all changes are documented, it can often represent a bottleneck to the change management process. In a large organization especially, CABs and the requirements and procedures they govern can grow to the point of being slow and unwieldy. Thus, the least risky answer to a proposed change is often “no.”

As a result, the concept and composition of CABs is changing in many organizations, restricting the scope of their authority to the change requests with the most potential risk while providing IT organizations more freedom to implement changes they deems necessary. The CAB can often be more effective by providing an organizational-wide understanding of IT changes requested and in progress, and serving in an advisory rather than regulatory capacity. For organizations, having an effective communications plan can go a long way in relaying the most critical change requests and resulting change impacts to a CAB so that everyone is on the same page.

Benefits of IT Change Management

According to ITIL, the benefits of IT change management include:

  • Standardized service delivery, increasing overall efficiency.
  • Better paths to meeting regulatory compliance requirements.
  • Elimination of repetitive, manual tasks, allowing IT to focus on creating more innovative, value-adding services.
  • Consideration of all a service’s stakeholders, not just the end users.
  • An iterative approach to delivering value that allows services to be improved over time.

Drawbacks of IT Change Management Processes

As with all processes, no matter how well designed, the inclusion of the human element can sometimes create hurdles. For any process, service or business owner in an organization hoping to drive growth, the idea of submitting to a bureaucratized review process can represent a major bottleneck to progress. But there is a definite risk/reward equation when implementing changes quickly to jump on an opportunity. An effective change management process needs to consider the balance between quick action to make progress and careful action that avoids risk. In fact, many organizations are decentralizing their change management process in order to better address these two competing objectives.

IT change management as a part of IT services management (ITSM)

IT service management (ITSM) is a strategy for delivering IT services and support to an organization, its employees, customers and business partners. ITSM focuses on understanding end users’ expectations and improving the quality of both IT services and their delivery.

IT service management is not the same as IT change management, but the two concepts are closely related. In fact, IT change management is considered one of the building blocks of a comprehensive ITSM strategy.

The ITSM framework:

  • Request fulfillment: Manages the life cycle of all service requests from users.
  • Incident management: Responds to help requests and fixes issues to restore normal service while minimizing their business impact.
  • Change management: Standardizes the procedures for managing all the changes made in IT services.
  • Knowledge management: Addresses how to organize information about IT products and services and makes it available to users.
  • Availability management: Details how to optimize IT infrastructure services, capabilities and support to minimize service outages.
  • Service-level management: Outlines how to improve and maintain a high level of service for clients and meet service-level agreements (SLAs).

Change Management in a DevOps Environment


IT change management principles strengthen the DevOps culture of collaboration, experimentation and learning around a shared vision.

IT change management is one element of a comprehensive ITSM strategy. ITSM employs repeatable frameworks and clearly defined roles and responsibilities to bring standardization and governance to the delivery life cycle, including IT change management. DevOps emphasizes speed, agility and the breaking down of silos in software delivery. Although DevOps adheres to core values like collaboration, transparency and open communication, there is no official methodology or document of best practices to guide it.

  • IT change management and DevOps are complimentary: Some organizations mistakenly believe that ITSM and DevOps are mutually exclusive methodologies, or that ITSM is irrelevant in the world of DevOps. In fact, effective IT change management processes and best practices are not addressed by DevOps, largely because the mode of operation around objectives and applications vs. end users is vastly different. The influence of policy also greatly differs between IT and DevOps environments.
  • IT change management strengthens the core principles of DevOps: DevOps is about fostering a culture of collaboration, experimentation, learning and blamelessness around a shared goal. IT change management puts a framework in place to help achieve those goals.
  • IT change management helps make teams more agile when implemented properly: Standardizes the procedures for managing all the changes made in IT services.
  • You don’t have to choose between IT change management and DevOps: Organizations should view IT change management, ITSM and DevOps as complementary practices that deliver business value equally and can have a multiplier effect when used together.
  • Availability management: Details how to optimize IT infrastructure services, capabilities and support to minimize service outages.

How do you know if IT change management is working?


Most IT tools track dozens of metrics, but data should serve to help IT service managers understand how well their teams are performing. To that end, these metrics are among the most important when evaluating an IT change and the entire IT change management process. (These metrics can also be used to track the effectiveness of an organization’s overall ITSM process.)

Cost per ticket: This metric helps understand the efficiency of IT service and support. Just divide the service desk’s total monthly operating expenses (salaries, tech and facility expenses, office supplies, etc.) by the number of tickets per month.

Customer satisfaction: There often is no better indicator of how well an organization’s IT service and support is performing than the happiness of its users.

First-contact resolution: This measures the percentage of tickets resolved during the initial contact with the user. Higher first-contact resolution rates strongly correlate to high customer satisfaction.

Technician utilization: This measures labor efficiency and is tightly bound to cost per ticket. High technician utilization usually leads to low cost per ticket, and low tech utilization results in a higher cost per ticket.

First-level resolution: An indicator of total cost of ownership (TCO), this helps reveal the true efficiency of IT support. A Level 1 service desk, for example, may have a low cost per ticket because it is escalating issues to higher support levels, creating the impression that the service desk is very efficient when it’s also increasing TCO.

Technician job satisfaction: Not surprisingly, high technician job satisfaction translates to lower turnover and absenteeism, but it also correlates to higher first-contact resolution rates and lower handling times. The net result is lower cost per ticket and higher customer satisfaction.

Mean time to resolve/repair (MTTR): This service-level metric measures in business hours how long it takes on average to resolve an issue from the time a ticket is opened until it’s closed.

How to Implement IT change management

Implementing an IT change management process is similar to implementing any kind of major initiative in an organization. A few best practices for implementing these new processes include:

  1. Communicating the intent to implement the process with all relevant stakeholders.
  2. Holding information-gathering sessions with stakeholders to discuss their needs and wants from the process, plus any concerns that arise.
  3. Documenting the discussions and making the findings available to all stakeholders.
  4. Creating and communicating a change management strategy.
  5. Designating a team to lead the process.
  6. Evaluating the available methods to implement an IT change management process.
  7. Selecting and implementing the best available method.

It should be noted that IT professionals can also take advantage of various change management tools, including configuration management databases (CMDBs), which provide a common place to store information about IT assets and other configuration items accessible to users. Among other things, CMDBs enable IT professionals to load a wide array of applications, which they can then deploy to another department, as well as track how the company deploys hardware, software, licenses and other assets throughout their entire life cycle.

Best Practices for IT Change Management

An IT change management process is just that: a process. As a management system, it should meet both the short-term and long-term needs of the organization by effectively managing IT changes in a way that works for all stakeholders and doesn’t create new bottlenecks or exacerbate existing ones. Unless you’re starting a new company or work for a small startup, your company probably already has an IT change management process in place. Here are some best practices that can help you build or refine yours.

Communicate with stakeholders: Do they feel your current IT change management process is working for them? Or do they have to address bottlenecks and other inefficiencies frequently?

Simplicity is key: If it takes more than a few minutes to grasp how your organization’s change management process works, it may be too complicated. Where can you simplify?

Ensure your CAB has strategic focus: The concept of a CAB was once core to IT change management, but many successful organizations are seeing success by ensuring their CAB considers both the technological and business rationale for requested changes — or decentralizing the process altogether.

Make it measurable: The old adage “If you can’t measure it, you can’t manage it” still rings true.

Automate the process: The ITIL guidelines have been continuously updated, but they’ve been around for more than two decades. Automated ITSM tools are readily available to help the change management process scale in a way that human-driven processes simply aren’t able to.

Know that DevOps doesn’t replace IT change management: Some organizations mistakenly believe that ITSM and DevOps are mutually exclusive methodologies. In actuality, support, governance, budgeting and other ITSM functions are requirements of every modern business that DevOps doesn’t address.

The Bottom Line: IT change management is an essential tool for any IT organization

While many technology topics require a detailed explanation and a compelling value proposition, an effective IT change management process is a core necessity inside any organization of more than a few employees. Corporations have spent untold billions of dollars undoing and redoing poorly planned IT changes, often in a hurry. An effective IT change management process is the simplest, easiest and most cost-effective way to ensure your organization keeps its technology infrastructure up-to-date with minimal impact on your revenue, employees, customers and reputation.

What is Splunk?

This posting does not necessarily represent Splunk's position, strategies or opinion.

Stephen Watts
Posted by

Stephen Watts

Stephen Watts works in growth marketing at Splunk. Stephen holds a degree in Philosophy from Auburn University and is an MSIS candidate at UC Denver. He contributes to a variety of publications including CIO.com, Search Engine Journal, ITSM.Tools, IT Chronicles, DZone, and CompTIA.