SIB Change Management Process Guide Updated
Uploaded by
Zakaria AlmamariSIB Change Management Process Guide Updated
Uploaded by
Zakaria AlmamariIT Change Management Procedure
Saba Islamic Bank (SIB)
IT Division
Change Management Process Guide
IT Operational Process
SABA ISLAMIC BANK Page 1
IT Change Management Procedure
IT Change Management Procedure
Summary
The purpose of this document is to draw the procedures that control the Change
Management processes of Saba Islamic Bank Information Technology. This
document describes how to use the procedures and provides a definition of the
management controls required and some of reasons for deploy those controls.
SABA ISLAMIC BANK Page 2
IT Change Management Procedure
SIB
SABA ISLAMIC BANK
IT Change Management Procedure
Table of Contents
Summary 2
Table of Contents ..............................................................................................................................................3
Objectives/Purpose .........................................................................................................................................5
Scope Inclusion..................................................................................................................................................6
Scope Exclusion ................................................................................................................................................6
Status of Changes ............................................................................................................................................8
Types of Changes .............................................................................................................................................9
Change Levels ................................................................................................................................................. 11
Change Level Summary Table .................................................................................................................. 17
Risk/Complexity Scoring .............................................................................................................................. 18
Risk/Complexity Scoring Grid...................................................................................................................... 19
Summary of the SIB Change Management Procedures........................................................ 20
Change Request Flows............................................................................................................................... 22
High Level Process Flow ............................................................................................................................. 22
1. Enter Change Request Flow .................................................................................................................. 23
2. Assign Change Implementer Flow ....................................................................................................... 26
3. Monitor Change Calendar Flow ............................................................................................................ 28
4. Perform Assessments Flow ................................................................................................................... 30
5. Approve Change Flow .............................................................................................................................. 33
6. Commit Change Schedule Flow ........................................................................................................... 35
7. Deploy Change Flow ................................................................................................................................ 37
8. Assure Change Quality Flow ................................................................................................................. 39
9. Close Change Flow .................................................................................................................................. 41
Change Request Form ................................................................................................................................ 43
Scheduled Change Windows .................................................................................................................. 47
Lead Times for Changes ............................................................................................................................ 48
Unsuccessful Changes............................................................................................................................... 49
Roles and Responsibilities ...................................................................................................................... 51
Change Review Board .................................................................................................................................. 51
Change Coordinator ...................................................................................................................................... 52
SABA ISLAMIC BANK Page 4
IT Change Management Procedure
Change Requester ......................................................................................................................................... 53
Change Implementer..................................................................................................................................... 54
Change Management Process Owner ..................................................................................................... 55
Service Center Administrator....................................................................................................................... 56
Change Controller .......................................................................................................................................... 57
Change Scheduler ......................................................................................................................................... 58
SIB Change Review Board ....................................................................................................................... 59
Change Review Definition ............................................................................................................................ 59
Change Approver Table ................................................................................................................................ 60
Meetings ............................................................................................................................................................ 61
SIB Change Review Board Meeting Agenda ........................................................................................ 62
Measurements.................................................................................................................................................. 64
Glossary............................................................................................................................................................... 65
SABA ISLAMIC BANK Page 5
IT Change Management Procedure
Objectives/Purpose
Change Management is the process of planning, coordinating, implementing and
monitoring changes affecting any production platform or application software within
Information Technology’s control. The objectives of the Change Management
process are to:
o Ensure that changes are made with minimum disruption to the services IT
has committed to its users.
o Support the efficient and prompt handling of all changes.
o Provide accurate and timely information about all changes.
o Ensure all changes are consistent with business and technical plans
and strategies.
o Ensure that a consistent approach is used.
o Provide additional functionality and performance enhancements to
systems while maintaining an acceptable level of user services.
o Reduce the ratio of changes that need to be backed out of the system
due to inadequate preparation.
o Ensure that the required level of technical and management
accountability is maintained for every change.
o Monitoring number, reason, type, and associated risk of the changes.
o Provide documentation that allows SIB IT management to understand, at
any point in time, the configuration of the IT environment.
Activities of the Change Management Process at Saba Islamic Bank include:
Receiving change requests from the Request for Service process
Determining whether or not the change is in the best interests of SIB
Assigning the change to resources within IT for solution identification,
sizing and risk analysis
Accepting or rejecting the requested change
Assigning the change to solution development resources
Reviewing the solution prior to implementation
Scheduling the change
Communicating change status as required to all interested parties
Closing the change
SABA ISLAMIC BANK Page 6
IT Change Management Procedure
Scope Inclusion
The management of any installation or alteration to the followings:-
Hardware and networks
Operating system, application and software system.
All automated services. Also, all software and application systems,
equipments and appliances used to provide automated services. As well as
all institutions and companies inside and outside Yemen associated with
providing electronic services relating to the bank's ATMs, electronic cards
and other electronic services.
All Software, hardware and HR relating to automate the bank's business and
its systems. As well as companies, institutions and individuals inside and
outside Yemen that the bank is in using their technical solutions.
Core Banking System and related systems, (Systems of HR, risk
management, administrative affairs , and other support systems to different
departments).
The systems or applications software, procedures or environmental facilities
which add to, delete from or modify the service delivery environment..
Scope Exclusion
-------
SABA ISLAMIC BANK Page 7
IT Change Management Procedure
Status of Changes
The following status codes are used to reflect the status of a change request:
Opened – The change has been received and accepted but has not been
assigned
Approved – The business and technical assessments have been completed
and the change has been approved and committed to the change scheduler.
In-Progress – The change has been received, acknowledged and assigned.
Work is in progress to fulfill the change request.
Rejected – The change has been rejected and will be routed back to the
requester with an explanation and a recommended course of action.
Closed – The change request has been closed.
Canceled – The change request has been canceled.
SABA ISLAMIC BANK Page 8
IT Change Management Procedure
Types of Changes
The Change Management Procedure applies to all types of changes related to the SIB
IT environment. The following is a description of each of the types of changes that can
take place and the rules that apply to each.
Application Changes (Core banking system , applications software, SWIFT,
Saba Online…etc)–
Changes to any application that is running on or linked to by any hardware or
software in the SIB IT environment . These changes are typically made to
enhance the functionalities or performance of or to fix known errors in the IT
application environment. These changes cannot be implemented without
approval of the concerned managers. Level of Risk should be assigned and the
actions to be followed. Changes should be approved by the concerned IT
Department Manager. Critical changes should be raised by the concerned IT
department manager and to be approved by the Head of IT Division.
All changes are controlled by the Change Management Procedure. The
concerned IT department manager is responsible and accountable of the
impacts of the changes made.
Hardware Changes All SIB IT support equipment installations, discontinuances
and relocations are controlled by the Change Management Procedure. Level of
Risk should be assigned and the actions to be followed. Those activities can be
requested by anyone but must have the approval of the Head of IT Division
(and/or) IT Infrastructure Manager.
Software Changes - The criteria for entering a software change into the
Change process are based upon the effect that the changes may have on the IT
support resources. If the changes affect the system, users or the support staff
there is a requirement to enter it into the Change Management Procedure. If the
change is made for the exclusive benefit of the requester and if failure could not
affect anyone else, that change would be exempt from the Change Process, but
should be approved by the concerned IT department manager. For example, a
change made by a programmer affecting a procedure or a program under
development on a test application requires no entry. However, when stand-
alone test time is required on a production system, a change request a form and
Change Management Procedure are required.
Typically, software changes would include changes to the OperatingSystem,
Vendor supplied Program Products, e.g., Oracle, Visual Studio, Java, etc. or
common application support modules. However, the required days to
emergency and critical necessities should be determined by the IT infrastructure
manager and should approved by the Head of IT Division. IT infrastructure
manager is responsible and accountable to coordinate with other departments
in the bank, and accountable of the impacts of the changes.
Network Changes - All installations, discontinuances and all relocations of
equipment used for IT teleprocessing communications are entered into the
change process. This includes all routers, switches and telephone lines as well
as Personal Computers if they are connected to the network. Critical changes
should raised by the IT department manager and should be approved by Head
of IT Division.
SABA ISLAMIC BANK Page 9
IT Change Management Procedure
Environmental Changes - Environmental changes normally involve the
facilities associated with the IT Installation. These facility changes include items
such as data center, air conditioning of computer and network rooms, raised
flooring, IT security, electricity affecting IT, and the telephony system for voice
and data. Minor changes should approved by IT infrastructure manager and
other concerned department(s) manager. Critical changes should also approved
by Head of IT Division.
Documentation Changes - All procedural changes to the standard
operating/development procedures will be implemented through the Change
process. Also, all permanent deviations from the committed documents for
running of applications should be implemented through the Change
Management Procedure.
SABA ISLAMIC BANK Page 10
IT Change Management Procedure
Change Levels
The following guidelines for definition of Change risk levels are provided for consideration
during the planning cycle. It must be clearly understood that these requirements are the
minimum for each of the defined levels. The Requester may wish to plan additional lead
times, documentation or reviews to ensure that targets can be met and planned
implementation schedules can be achieved.
All changes are tracked, correlated and used for management reporting, statistic
SIB, trending, etc., to identify when and where additional resources should be
provided. For any change that fails, the Change Requester must enter an
explanation in the comments section of the Change Record for that change and
notify the Change Coordinator. The Change Coordinator will then close the change
with the appropriate close status. If the change is to be attempted with an extra time,
the Change Requester should reenter the change with the new date.
Changes that caused a Platform outage should be fixed immediately by the
department concerned and should be followed by the concerned IT department
manager . A detailed report about the changes that caused the outage of platform,
the correction actions, and the preventive actions suggested, should be reported
within two working days to the Head of IT Division by the development manager, by
the infrastructure manager or/and by the automated services manager.
A detailed and statistic reports should be prepared every two weeks to be reviewed
in a side meeting between the Head of IT division and IT department managers.
Recommendations, solutions, extra resources, ... etc should be documented at the
end of the meeting, and should be followed to be implemented if possible.
.
SABA ISLAMIC BANK Page 11
IT Change Management Procedure
Level E Changes
Emergency changes are those changes that are vital in order to ensure that IT’s
committed service levels are maintained. An Emergency change should not be used
in order to bypass the appropriate lead-time for a change that has been entered into
the system.
Exception changes are those changes that are a result of SIB business need and
must be installed prior to the required lead-time.
These types of changes proceed to the implementation phase when the requester's
manager acknowledge that an Emergency or an Exception situation exists. The
request will be forwarded to the concerned manager of the IT department, and who
should study and analyze the request. If he also acknowledges that an Emergency or
an Exception situation exists, as well as, the requested change is not critical or just of
adding new features or fixing bugs, then the concerned IT manager should take
decision of that change. If the change is critical and affecting the core
hardware/software/services or with a wide effect on business, services, or users, the
concerned IT manager should immediately raise the request to the Head of IT division
with the suggested solution or action that will be implemented, then the Head of the IT
should approve and confirm the request and confirm or amend the suggested
solution, or postponement/eliminate the requested change.
These changes will be post-reviewed to assure successful implementation, along with
identification of any external impacts or new requirements. Post-review will also
evaluate the reason for the Level E change request and try to determine a way of
eliminating this requirement in the future. The post-review will also evaluate if, in fact,
the change addressed a real or a perceived emergency condition. In all cases, the
review must determine if additional action is required, what that action should be and
who will be responsible for the action.
Documentation requirements for Emergency changes are the same as any
change. The Requester is responsible for meeting all requirements for the
change documentation within one week of the implementation.
SABA ISLAMIC BANK Page 12
IT Change Management Procedure
How do you know that the change falls under Level E?
For non-application changes:
o Is the change needed to restore immediate service to the end user?
o Is the change necessary to fix an existing problem immediately?
o Is this a change that must be installed immediately but the need for it
was not recognized early enough to be approved through the regular
process?
For software/services/hardware changes:
o Must this change be done immediately to fix critical problems in production
systems of the bank or other applications software?
o Must this change be done immediately to add new functions, restrictions,
updates or new reports in production systems of the bank or other applications
software, services, or hardware. These new or updated changes should be
assigned under level E under the responsibility of the concerned manager
mentioned down.
o Any change that impact on financial or customer services.
What types of management approval is required for Level E changes?
Approval of the request by one or more of the following individuals may be required:
• General Manager
• Assistant General Manger
• Head of Branches and International division, Head of IT division, or
Head of Investment division.
• Head and/or Manager of the user department requesting the change
• Change Review Board
Depending on the scope and impact of the proposed change the processes below
will be followed:-
1- The concerned manager/managers of the IT department should receive, study
and analyze the request. If he also acknowledges that an Emergency or an
Exception situation exists.
2- If the requested change is not critical or just of adding new features/reports or
fixing bugs, then the concerned IT manager should take decision of that
request of change.
3- If the change is critical and affecting the core hardware/software/services or
with a wide effect on business, services, or users, the concerned IT manager
should immediately raise the request to the Head of IT division with the
suggested solution or action that will be implemented, then the Head of the IT
should approve and confirm the request and also confirm or amend the
suggested solution, or postponement/eliminate the requested change.
SABA ISLAMIC BANK Page 13
IT Change Management Procedure
Level 4 Changes
A Level 4 Change would have a major impact on IT services if a problem occurs
during install. The install time is lengthy and the back out is very difficult or
impossible.
Level 4 Change Requests are to be entered into the Change Management Data Base
at least thirty (30) business days prior to the planned implementation date.
The Requester or representative for a Level 4 change is required to attend the Change
Communication meeting immediately prior to implementation so that any questions
or concerns may be addressed.
Whenever a Level 4 change must be expedited to address a critical timing situation, a
special meeting must be held and headed by the Head of IT Division. To expedite a
Level 4 change, all parties that may be affected by this change must present or be
represented at the special meeting. It is the responsibility of the concerned IT
manager (Development, Infrastructure or automated services) responsible
mainly about the change to arrange the meeting and assure attendance by the
required groups or individuals. If the required groups or individuals cannot be
assembled, the change cannot be expedited and an escalation will be required.
How do you know that the change falls under Level 4?
For non-application changes:
From the end user's eyes, is it possible for the change to have a major impact
on services if problems occur?
Is the change visible to all end users?
Is this a high-risk change?
Is this the first time this change has been done?
Is the change difficult or impossible to backout?
Is it extremely difficult to install the change?
Does the change involve a lengthy install time?
For software/services/hardware changes:
Would failure of the job being stop or wrongly affecting the flow of important jobs for
the critical hardware/software/service of the bank?
Important changes to be done to fix critical problems in production systems of the
bank or other applications software?
Important requirements to add new functions, restrictions, updates or new reports
in production systems of the bank or other applications software, hardware or
services. These new or updated changes should be assigned under level 4 under
the responsibility of the concerned manager mentioned down.
What types of management approval is required for Level 4 changes?
Approval of the request by one or more of the following individuals may be required:
• General Manager
SABA ISLAMIC BANK Page 14
IT Change Management Procedure
• Assistant General Manger
• Head of Branches and International division, Head of IT division, or
Head of Investment division.
• Head and/or Manager of the user department requesting the change
• Change Review Board
Depending on the scope and impact of the proposed change the processes below
will be followed:-
1- The concerned manager/managers of the IT department should receive, study
and analyze the request. If he also acknowledges that an Emergency or an
Exception situation exists.
2- If the requested change is not critical or just of adding new features/reports or
fixing bugs, then the concerned IT manager should take decision of that
request of change.
3- If the change is critical and affecting the core hardware/software/services or
with a wide effect on business, services, or users, the concerned IT manager
should immediately raise the request to the Head of IT division with the
suggested solution or action that will be implemented, then the Head of the IT
should approve and confirm the request and also confirm or amend the
suggested solution, or postponement/eliminate the requested change.
Level 3 Changes
A Level 3 Change may impact a large number of end users. It is a high-risk change that
requires a significant effort to backout.
Level 3 Change Requests must be entered into the Change Management
database fifteen (15) business days prior to implementation.
All Level 3 changes will be communicated via the Change Management
reporting system.
The requester or representative for a Level 3 change is required to attend the Change
Communication Meeting immediately prior to implementation so that any questions or
concerns may be addressed.
SABA ISLAMIC BANK Page 15
IT Change Management Procedure
How do you know that the change falls under Level 3?
For non-application changes:
Will the change be visible to a large number of end users?
Is this a high-risk change?
Has the change been done only infrequently?
Will a significant effort be required to backout the change?
Is it difficult to install the change?
For application changes:
Would failure of the job being changed stop the flow of jobs for non-
critical files or applications?
What types of management approval is required for Level 3 changes?
Approval of the request by one or more of the following individuals may be required:
• General Manager
• Assistant General Manger
• Head of Branches and International division, Head of IT division, or
Head of Investment division.
• Head and/or Manager of the user department requesting the
change
• Change Review Board
Depending on the scope and impact of the proposed change the processes
below will be followed:-
1- The concerned manager/managers of the IT department should receive,
study and analyze the request. If he also acknowledges that an
Emergency or an Exception situation exists.
2- If the requested change is not critical or just of adding new
features/reports or fixing bugs, then the concerned IT manager should
take decision of that request of change.
3- If the change is critical and affecting the core hardware/software/services
or with a wide effect on business, services, or users, the concerned IT
manager should immediately raise the request to the Head of IT division
with the suggested solution or action that will be implemented, then the
Head of the IT should approve and confirm the request and also confirm
or amend the suggested solution, or postponement/eliminate the
requested change.
SABA ISLAMIC BANK Page 16
IT Change Management Procedure
Level 2 Changes
A Level 2 Change is not transparent, but is minimal in risk and impact. It is the
responsibility of the Requester to notify any areas of a potential impact. The change is a
Level 2 if it requires an IPL (restarting) of a system (Initial Program Load),
subsystem or the restart of a critical component on a production system. Level 2
Change Requests must be entered into the Change Management database prior to the
Scheduled Change Window being requested.
The Requester or representative for a Level 2 change is required to attend the Change
Communication meeting immediately prior to planned implementation so that
any questions or concerns may be addressed.
All Level 2 changes will be communicated via the Change Management
reporting system and will be tracked and reported by the Change/Problem
Coordinator. Examples of Level 2 changes:
o Single fixes .
o Low usage program product upgrades, installations
o Updating the parameters which require an IPL to implement
o Regular maintenance updates to system or application libraries
o Hardware Preventative Maintenance
o Data management to critical volumes
SABA ISLAMIC BANK Page 17
IT Change Management Procedure
How do you know that the change falls under Level 2?
For non-application changes:
Will the change have only minor impact on banking services provided to the
end users if problems occur?
Will the change be visible only to a small group of end users?
Is this a moderate risk change?
Is the change relatively simple to install?
Has the change been implemented successfully a number of times before?
Does it require only a moderate effort to backout the change quickly?
Will it require only an IPL, recycle of major application or reloading of
Network devices to implement or backout?
For application changes:
o Is this the first time the job has been installed?
o Must this job be fixed to run tonight?
What types of management approval is required for Level 2 changes?
Approval required by at least by one of the following:
Head of IT division.
Development Manager
IT Infrastructure Manager
Automated Services Manager
Assistant Manager of Infrastructure department
Level 1 Changes
A Level 1 Change has little or no external visibility, no external dependencies or no
operator intervention. There is no associated risk or impact with the change, either to
the system if the change is incompatible or to the Requester if the change
implementation is delayed. The change does not require an IPL or recycle of an
application to implement or backout.
Level 1 changes are entered into the Change data base and will be communicated
daily to any affected areas where impact or interest can be identified outside of the
Requester's own area.
How do you know that the change falls under Level 1?
For non-application changes:
Will the change have only minimal or no impact on services provided to the end
users if a problem occurs?
Is the change familiar or common to those who will implement it?
Is the change reliable and low risk?
SABA ISLAMIC BANK Page 18
IT Change Management Procedure
Is the change easy to backout if a problem occurs?
Can it be backed out without an IPL, recycle of a major application, or
reloading of a Network devices?
For application changes:
o Would failure of the job stop just this job?
o Is this a low priority job (target within three days)?
What types of management approval is required for Level 1 changes?
Approval required by at least by one of the following:
IT Development Manager, IT Infrastructure Manager, or automated
services manager.
Head of IT division
SABA ISLAMIC BANK Page 19
IT Change Management Procedure
Change Level Summary Table
The following table is a guide for establishing the initial change level.
Considerations Level 1 Level 2 Level 3 Level 4
(Minimal Risk) (Low Risk) (Medium Risk) (High Risk)
Routine IT activity Visible to Directors Visible to the Board Visible to the Board
Organizational
or minimal financial or Principals or low level or medium level, high financial
Visibility of Change
exposure financial exposure financial exposure exposure or
or Financial negative external
Exposure publicity
None 1 other system or 2 - 3 other systems 4 or more systems
Impact to other
application related or applications or applications
Systems or
to change related to change related to change
Applications
Minimal Back out In place Back out possible, Back out difficult,
Back Out and easily executed though not easily impossible or
Effort executed undesirable
Minimal Little change Moderate changeConsiderable and
Business Process
required required by IT complex change
Change and/or customers required by IT
and/or customers
Single component, Two such Hardware & Hardware &
Scope of Change software & network & software & network &
such as hardware, components on one Services Services
software or network
or services platform on one platform across platforms
on one platform
Degree of Visibility Minimal Low Medium High
to IT Customers
Existing Existing New technology, New technology, no
Change
technology, technology, some limited experience experience
Experience considerable experience
experience
1 week or less 1 month or less 3 months or less Greater than 3
Expected Time to
months or
Complete
mandated due date
SABA ISLAMIC BANK Page 20
IT Change Management Procedure
Risk/Complexity Scoring
The following matrix is designed to assist the Change Sponsor, Change Implementer,
Change Requester and the Change Review Board in determining the appropriate
assignment of the change category. This is only a guideline, as changes may be
categorized at a different level based on management judgment of the
risk/complexity involved.
Factor: Points
Organizational Visibility of Change or Financial Exposure:
Visible to Executive Vice President level, high financial exposure or 1
negative external publicity
Visible to Senior Vice President level or medium financial exposure 2
Visible to First Vice President level or low financial exposure 3
Routine IT Activity or minimal financial exposure 4
Impact to other Systems or Applications:
4 or more systems or applications related to change 1
2 - 3 other systems or applications related to change 2
1 other system or application related to change 3
None 4
Back Out Effort:
Back out difficult, impossible or undesirable 1
Back out possible, through not easily executed 2
Back put in place and easily executed 3
Minimal 4
Business Process Change:
Considerable and complex change required by IT and/or the customers 1
2
Moderate change required by IT and/or the customers
3
Little change required
Minimal 4
Scope of Change:
Hardware & software & network & services across platforms 1
Hardware & software & network & services on one platform 2
Two components on one platform 3
SABA ISLAMIC BANK Page 21
IT Change Management Procedure
Factor: Points
Single component 4
Degree of Visibility to IT Customers:
High 1
Medium 2
Low 3
Minimal 4
Change Experience:
New technology, no experience 1
2
New technology, limited experience
3
Existing technology, some experience
Existing technology, considerable experience 4
Expected Time to Complete:
Greater than 3 months or mandated due date 1
3 months or less 2
1 month or less 3
1 week or less 4
Risk/Complexity Scoring Grid
If the Total Score Equals: Then Risk/Complexity Level Assigned is:
8 – 14 4(Maximum)
15 – 20 3
21 – 26 2
27 – 32 1(Minimum)
SABA ISLAMIC BANK Page 22
IT Change Management Procedure
Summary of the SIB Change Management Procedures
The following are the procedures to be used when implementing changes in the SIB
IT environment, applications software, or automated services. A more detailed
explanation of these procedures is contained in the followings:
A change request form will be filled in for all changes to be implemented.
This is done to ensure that all changes are sufficiently communicated to all
potentially impacted parties as well as for future reference. All changes
must have management approval commensurate with their risk
assessment levels (see Change Request Form section).
There is a group called the Change Review Board (CRB) that meets
periodically to review requests for change to the IT environment and
systems, change assessments and implementation of changes (see SIB
Change Review Board section).
All requested changes will be entered into the Change Management
System prior to implementation. This includes Emergency and Exception
Changes.
The requester will assign the appropriate risk assessment category (1, 2,
3, 4, or E), taking into account the impact to the user community in the
event of failure of the change upon implementation (see Change Level
section).
Once the request is submitted, a Technical Assessment will be scheduled.
This is a review of the request by appropriate parties to determine the
technical impact of the change to the environment, applications software,
or automated services. This review will encompass:
Technical Impact/Risk
analysis
Technical Adequacy of
plans
Dependencies and/or conflicts
Ensuring compliance with existing Strategies, Plans and Change
Management Standards
The resulting analysis of this assessment is a key input into the change
approval process.
A Business Assessment is then done to determine the business impact of
installing or not installing the change. The resulting analysis also becomes a
key input into the change approval process.
Once the Technical and Business Assessments are successfully completed,
change approval can be given. This is done at any one of the three Change
o Team meetings which take place weekly (see Meetings section). At this
time, the change team assigns a date and time for change
implementation. As part of the approval process, it is assumed that, as
one of the criteria for approval of the change request, the requester's
manager has ensured that the proper testing procedures have been
followed and that there was a successful test completed (see
Management Approval section).
SABA ISLAMIC BANK Page 23
IT Change Management Procedure
The change implementation is complete when the requester validates that the
acceptance criteria, defined prior to the change install, have been successfully
met.
Tracking of the change by the change team stops after the change has been
installed and is verified as successful.
SABA ISLAMIC BANK Page 24
IT Change Management Procedure
Change Request Flows
High Level Process Flow
1. Enter
Change
Request
2. Assign
Change
Implementer
3. Monitor
Change
Calendar
4. Perform
Assessments
5. Approve
Change
6. Commit
Change
Schedule
7. Deploy
Change
8. Change
Quality
Assurance
9. Document and
Close
Change
SABA ISLAMIC BANK Page 25
IT Change Management Procedure
1. Enter Change Request Flow
Description
The Enter Change Request flow begins when a change request is submitted. In this
activity, all required information about the change and supporting documentation is
entered into the Change Management system. The change request should be submitted
in accordance with the time frame required by the initial impact assessment.
Scope Inclusion
All changes, including software, hardware, automated services, control
mechanisms, configurations, environments, facilities, databases, business
applications, processes, and procedures.
Scope Exclusion
Development activities that produce the actual change content.
The coordination of sets of changes (i.e., project coordination).
Goal(s)
To introduce changes into the environment with minimal disruption to
information technology and its users.
To communicate such that all affected users are aware of changes.
To log all changes into the change management system.
To ensure all pertinent change information is collected.
To ensure all changes meet lead time criteria.
Start Trigger
Change Request
Stop Trigger
Fully documented and approved change request.
SABA ISLAMIC BANK Page 26
IT Change Management Procedure
Workflow Diagram for Enter Change Request
Document and Submit
Change Request
Valid No Notify Requester Change
Request rejected –
Request?
phone call or e-mail
Yes
Notify Requester Change
Request received –
email [Open CR]
Assign request
to IT analyst
Establish Initial Impact
Conduct Technical
Assessment
Complete Change Record
to Request Level
Valid No
Close Change
Request?
Yes
Workflow Details for Enter Change Request
Document and Submit Change Request
Collect system change request and begin preliminary review of the
change.
Valid Request?
SABA ISLAMIC BANK
IT Change Management Procedure
Determine whether or not to submit change request into change management
system based on whether the request form has a managers signature, it is
within IT responsibility, and filled in correctly.
Notify Requester Change Request rejected – phone call or e-mail
If change request is rejected, provide a form of notification.
Notify Requester Change Request received – email [Open CR]
If change request is approved for the change management system, a change
record is opened and a change number is assigned. A notification is auto-
sent to the change requester by Peregrine.
Assign request to IT analyst
Assign the change request to an initial analyst to review the change record.
Establish Initial Impact
Determine impact of the change to the customer community. This will
include times when service is not available, testing time, new procedures,
new support requirements, and any other impact that may occur as a result
of the change.
Conduct Technical Assessment
Determine the feasibility of the change from a technical perspective. This
assessment will include the amount of resources, level of knowledge, and
skills necessary for the change.
Complete Change Record to Request Level
Based on initial impact and technical assessment, determine the type and
category level of change, and complete all descriptive fields. Additionally, the
completeness of the change success criteria is validated.
Valid Request?
Based on the initial assessments, determine whether to perform this change.
This decision is based on the change conforming to the strategy, resources being
available, and whether or not it is already being worked on.
Close Change
Mark change record as closed when it doesn’t pass validation requirements.
SABA ISLAMIC BANK
Page 28
IT Change Management Procedure
2. Assign Change Implementer Flow
Description
The Assign Change Implementer flow begins once a change request has been
documented and selected for the change management process. During this workflow, a
change record is assigned to an appropriate owner (Development, Infrastructure, or
automated services departments), the change record is updated with this assignee
information, and the change is sent to the assignee.
Scope Inclusion
o All changes reviewed by the Change Review Board.
Scope Exclusion
• Changes not accepted by the Change Management process or Changes not
reviewed by the Change Review Board.
Goal(s)
To ensure that change requests are assigned to appropriate implementers.
To ensure that the change management workload is allocated by area of
expertise.
To balance workload within an area of expertise.
Start Trigger
Initial change record.
Stop Trigger
Initial change record is assigned to an owner (Development, Infrastructure, or
automated services departments).
SABA ISLAMIC BANK Page 29
IT Change Management Procedure
Workflow Diagram for Assign Change Implementer
Update Change
Record w/
Assignee
Send Change to
Assignee
Workflow Details for Assign Change Implementer
Update Change Record w/ Assignee
Assign the change an owner based on the classification of the change.
Send Change to Assignee
Place the assignee information into the change record and send an e-
mail notification to the assignee.
SABA ISLAMIC BANK Page 30
IT Change Management Procedure
3. Monitor Change Calendar Flow
Description
The Monitor Change Calendar flow determines the scheduling for changes to be
deployed. During this workflow, changes are penciled into a calendar, and the schedule
is monitored for changes that are completed or have run out of time in their scheduled
change deployment window. If time has expired for a change then it can be escalated
and rescheduled based on escalation standards.
Scope Inclusion
Changes that are formally put into the change calendar.
Scope Exclusion
Changes that are not formally put into the change calendar.
Goal(s)
Monitor the change calendar for changes that have not been completed and
have run out of time for the purpose of change escalation.
Allow for changes to be rescheduled.
Allow for changes to be removed from the change calendar upon completion.
Start Trigger
A change request has been assigned an owner (Development,
Infrastructure, or automated services departments) and has been sent
to that assignee.
Stop Trigger
A change is complete and removed from the calendar.
SABA ISLAMIC BANK Page 31
IT Change Management Procedure
Workflow Diagram for Monitor Change Calendar
2
Reschedule
No Change
Change Time
Escalate Change
Complete? No Expired?
Yes
Yes
Workflow Details for Monitor Change Calendar
Change Complete?
o Monitor the change calendar for change work that has been completed.
Time Expired?
o Determine whether a change record that is incomplete has run out of time.
Escalate Change
o Reclassify the change to a higher change category level if time has
expired.
Reschedule Change
o Update the calendar with a schedule for the change after it has been
escalated or if the change package is incomplete.
SABA ISLAMIC BANK Page 32
IT Change Management Procedure
4. Perform Assessments Flow
Description
The Perform Assessments flow involves conducting both a business and technical
review of the change package. The assessments determine if the change package is
complete and can therefore continue through the change management process.
Specifically, the perform business assessment flow involves validating the impact of the
proposed change on SIB from a business perspective, evaluating the completeness of
the success criteria and communication plan and reviewing the backup / backout /
recovery plans. The assessment looks at the proposed timing of the change and
ensures that the customer’s management has given the agreement necessary for the
change to be approved and scheduled. Standards, business requirements, and other
assessments required are reviewed and a recommendation is made to approve, reject,
or reschedule the change.
The perform technical assessment flow reviews the completeness of the change plan,
test plan, backup / backout / recovery plans, platform impact assessment, estimated
install time, etc. from a technical perspective. The change success criteria are validated
and the impact of the change to the environment is reviewed to ensure it has been
accurately evaluated. Technical standards are enforced and a decision is made to
approve, reject, or reschedule the change.
SABA ISLAMIC BANK Page 33
IT Change Management Procedure
Scope Inclusion
All documented changes with a change category that requires a formal
business or technical assessment.
Scope Exclusion
Changes with change categories that specifically do not require formal
business or technical assessments.
Goal(s)
To ensure that all factors have been taken into consideration in terms of the
business aspects of the change.
To ensure that all factors have been taken into consideration in terms of the
technical aspects of the change.
To ensure that everything required to deploy the change and to maintain service
is included in the change request.
Start Trigger
Fully documented change record.
Stop Trigger
Assessed (business or technical) change
Workflow Diagram for Perform Assessments
Business Review Technical Review
of Change of Change
Package Package
Package No
Return to Assignee
Complete?
Yes
SABA ISLAMIC BANK Page 34
IT Change Management Procedure
Workflow Details for Perform Assessments
Business Review of Change Package
Review the change package for the following points:
o Ensure that the business requirements will be met.
o Verify existence and completeness of backup / backout recovery plans.
o Verify existence of test plans, including the testers names and expected
results.
o Ensure that the change conforms to business standards and policies.
o Determine whether the change conforms to service level agreements.
o Review communication plan for change.
Technical Review of Change Package
Review the change package for the following points:
o Determine the impact on the technical environment.
o Ensure that the change conforms to technical standards.
o Verify the completeness of the change plan.
Package Complete?
Make a decision on whether the package is complete based on the results of the
business and technical reviews.
Return to Assignee
If the package is determined not complete than the change is returned to the
assignee and can be rescheduled.
SABA ISLAMIC BANK
Page 35
IT Change Management Procedure
5. Approve Change Flow
Description
The Approve Change flow is initiated as soon as both the business and technical
assessments have been completed. If the change is approved, it is passed on to the
next sub-process to finalize scheduling. If the change is rejected or determined to be
rescheduled, it may be sent back to the business or technical assessment sub-
processes once the necessary actions are taken. All parties that have been involved to
this point in the process should be notified of the approval, rejection or rescheduling.
Scope Inclusion
All changes that have been forwarded for approval from a business and
technical perspective and whose change categories indicate the requirement for
formal approval.
Scope Exclusion
Changes with change categories that specifically so not require formal approval.
Goal(s)
To ensure that appropriate approval is obtained for change requests.
To ensure that the change record is properly updated.
To minimize service interruption.
Start Trigger
Completed change record with business and technical review
including recommendation.
Stop Trigger
Approval for change deployment.
SABA ISLAMIC BANK Page 36
IT Change Management Procedure
IT Change Management Procedure
Workflow Diagram for Approve Change
Final Change
Review
Accept No Notify Requester Change
Change?
Close Change Request rejected –
phone call or e-mail
Yes
Workflow Details for Approve Change
Final Change Review
Final review of change prior to acceptance and scheduling.
Accept Change?
Based on the result of the final change review, determine whether to go ahead
with or close the change.
Close Change
If it is decided not to continue with change, then change record is closed by
change coordinator.
Notify Requester Change Request rejected – phone call or e-mail
SABA ISLAMIC BANK Page 37
IT Change Management Procedure
6. Commit Change Schedule Flow
Description
During this sub-process, a consolidated change schedule is compiled for all approved
changes for a particular period of time. Any conflicts between changes are resolved at
this point and a final schedule is produced. This sub-process is also responsible for
performing the activities needed to communicate the change schedule and gain
agreement from the Change Implementers and Requesters regarding implementation
dates. All affected parties are given final notification.
Scope Inclusion
Includes scheduling around resource constraints and backout times.
The combination of all approved changes to ensure there are no conflicts
during a given period of time.
Negotiation of schedule changes due to conflicts.
Scope Exclusion
Emergency changes.
Changes not requiring scheduling (i.e., those changes which have no impact
on business / users – adding printers, adding users)
Assignment of personnel or resources
Goal(s)
To ensure all changes are properly scheduled for a particular period of time.
To ensure those responsible for service delivery are informed about the
final change.
Start Trigger
Approved change record with completed technical and business reviews.
Current consolidated change schedule.
Stop Trigger
Scheduled change.
SABA ISLAMIC BANK Page 38
IT Change Management Procedure
Workflow Diagram for Commit Change Schedule
Schedule Change
Workflow Details for Commit Change Schedule
Schedule Change
Commit the change to the change schedule.
SABA ISLAMIC BANK Page 39
IT Change Management Procedure
7. Deploy Change Flow
Description
The deploy change flow is where the change is actually implemented. Upon the
completion of the implementation, a user acceptance test is conducted to determine
whether or not the change was successfully installed. If the change implementation is
not successful, then it is determined if it can be fixed. If it can be, then it is re-
implemented and acceptance tested.
Scope Inclusion
Change requests that require a formal implementation and user
acceptance testing process.
Scope Exclusion
Change requests that do not require formal implementation and user
acceptance testing processes.
Goal(s)
To determine whether the deployed change was successful or not.
Allow for the unsuccessful change installations to be fixed and re-tested.
Start Trigger
A change request has been scheduled for deployment.
Stop Trigger
A change request has been successfully deployed.
SABA ISLAMIC BANK Page 40
IT Change Management Procedure
Workflow Diagram for Deploy Change
Implement Change
Conduct User
Acceptance Test
No Yes
Successful Can be fixed
Fix change
Change? during install?
Yes No
8 Reject change and
remove from install
Workflow Details for Deploy Change
Implement Change
Deploy the change and execute the test plan.
Conduct User Acceptance Test
Perform a user acceptance test to determine whether or not the change was
deployed successfully.
Successful Change?
Can be fixed during install?
Determine whether or not a change can be fixed during install or if it needs to be
rejected and removed.
Fix change
Modify the change record to record any change fixing activity. Perform the fixes
and then re-deploy and re-test.
Reject change and remove from install
Send out notifications to requester that the change has been rejected.
Determine whether or not the change will be rescheduled or restarted.
SABA ISLAMIC BANK Page 41
IT Change Management Procedure
8. Assure Change Quality Flow
Description
The Assure Change Quality flow is a post-change workflow that reviews the
change request process. During this workflow, the change management process
can be updated and lessons learned are collected. This information is used to
make continuous improvements on the change management process.
Scope Inclusion
Changes that formally go through the change management process.
Scope Exclusion
Changes that do not formally go through the change management process.
Goal(s)
Ensure that the change management process is continuously improved.
Allow a mechanism to collect lessons learned for future change management
updates.
Start Trigger
A change is deployed or cancelled.
Stop Trigger
A post-change review has been conducted and process improvements
and lessons learned have been extracted.
SABA ISLAMIC BANK Page 42
IT Change Management Procedure
Workflow Diagram for Assure Change Quality
Conduct Post-
Change Review
Yes
Process Update Change
Changes? Process
No
Yes
Lessons Document Lessons
Learned? Learned
No
Workflow Details for Assure Change Quality
Conduct Post-Change Review
Conduct a review of the change management process to determine what went
wrong, what went right, and what changes to make to the process.
Process Changes?
Updated Change Process
If changes to the process are identified, then recommend these changes be
made to improve the process.
Lessons Learned?
Document Lessons Learned
Document any lessons learned that were uncovered during the post-change
review. Use the lessons learned to recommend changes to procedures.
SABA ISLAMIC BANK Page 43
IT Change Management Procedure
9. Close Change Flow
Description
The Close Change flow is used to close changes that have been deployed or cancelled
following a post-change review. After a change is closed, the problem management
system is notified of change activity and requesters are notified of change closure.
Scope Inclusion
All deployed changes
All cancelled changes
Scope Exclusion
None
Goal(s)
To close change records with all required information.
Start Trigger
Change record where deployment has been indicated as complete.
Cancelled change record.
Stop Trigger
Closed change request.
SABA ISLAMIC BANK Page 44
IT Change Management Procedure
Workflow Diagram for Close Change
Update Change
Records
Close Changes
Notify Problem Notify Requesters of
Management Change Closure
system of Change
activity
Workflow Details for Close Change
Update Change Records
Update the change records with emergency change
documentation, implementation activity, and problem activity.
Close Changes
Change coordinator changes the status of the change record to closed.
Notify Problem Management system of Change activity
The problem management system is notified of changes so that the help
desk can notify appropriate backout / recovery personnel if needed.
Notify Requestors of Change Closure
Send an automated e-mail to the change requester to inform them of change
closure.
SABA ISLAMIC BANK Page 45
IT Change Management Procedure
Change Request Form
The following contains the Request for Change form. The following is a description of what should be
entered into each section of that form:
DATE REQUESTED - The date the request was submitted to the Change Review Board
(MM/DD/YY)
DATE PLANNED - The date the requester would like to implement the change (DD/MM/YYYY)
PEREGRINE NUMBER - The unique Change Request number assigned by the Change
Management System. This number should be used in all communications pertaining to this
change.
REASON FOR CHANGE - The business and/or technical justification for the change.
DESCRIPTION OF CHANGE - A detailed description of what the requester wishes to change and
what is to be accomplished as a result of the change.
REQUEST CATEGORY – The scope of the change, i.e., to which environment it applies
CHANGE TYPE – Whether the change applies to the Administrative environment or the
Instructional environment. (IT Development, IT infrastructure, Automated Services);
RISK ASSESSMENT CATEGORY - The category of risk that the requester has determined the
change should be assigned.
USER ACCEPTANCE CRITERIA DEFINED AND AGREED TO? – This YES or NO question is to
insure that the individual responsible for accepting the change on behalf of the users has defined
the means for IT to judge the quality of the installation.
CHANGE REQUESTED BY - The name of the person requesting the change.
LOCATION – Location of the requester or location of the change (system)?
CHANGE AUTHORIZED BY - (For applications or systems changes where there is an owner -
The signature of the Owner of the system or application.
CHANGE APPROVED BY - The signature of the approver(s) of the change. This may be singular
or multiple based on the risk category of the change.
DISPOSITION – The status of the change after review by the approver. Can be approved,
conditionally approved or rejected.
INDIVIDUAL RESPONSIBLE FOR IMPLEMENTATION - The name of the person responsible for
actually implementing the change. This is, quite often, different than the requester.
INDIVIDUALS RESPONSIBLE FOR TEST - The name(s) of the person responsible for the unit and
systems test as well as the name of the user responsible for user acceptance test.
TEST SCHEDULE - The end dates the unit, system and user acceptance testing will be completed
(DD/MM/YYYY).
COMMUNICATION PLAN - The plan to notify all potentially affected users of the change.
USER MANUALS AND OPERATING INSTRUCTIONS UPDATED - The manuals and instructions
which have to be updated as a result of the change and the target completion date for those
updates.
FALLBACK PROCEDURE - The actions to be taken by the operations staff in case of unsuccessful
implementation of the change.
SABA ISLAMIC BANK Page 46
IT Change Management Procedure
DATE IMPLEMENTED - The date that the change was implemented or tried to be implemented
(DD/MM/YYYY).
TIME IMPLEMENTED - The start time of the implementation (HH:MM).
CHANGE IMPLEMENTED BY - The person who performed the implementation.
CHANGE ACCEPTED BY – The person accepting the change on behalf of the change requester.
DATE CHANGE RECORD CLOSED – The date that the Change Request was closed in the
Change Management system and the person closing the change request.
SABA ISLAMIC BANK Page 47
IT Change Management Procedure
Scheduled Change Windows
To maintain 7x24 stability and achieve IT Service Level Commitments, Information
Technology has established predetermined dates and times for implementing changes.
These dates and times are as follows:
Working days Change Window
14:00 - 08:00 (next day)
Thursday through Sunday Morning Change Windows
Thursday 16:00 - Friday 08:00
Friday 08:00 - Saturday 08:00
Saturday 08:00 - Sunday 08:00
Holidays from 08:00 to 08:00
When requesting a stand-alone window, please notify the Change/Problem
Coordinator at least two weeks prior to the requirement.
SABA ISLAMIC BANK Page 48
IT Change Management Procedure
Lead Times for Changes
The following guidelines for entering a change request allow time for changes to be
coordinated more efficiently. These guidelines highlight the number of days from initial
request until installation. The earlier a change is entered into the system, the better
communication it will receive through the Change Process. Coordination with other
affected departments and notification of users remains a responsibility of the requester.
Level 4 - 1 workday
Level 3 - 3 workdays
Level 2 - 15 workdays
Level 1 - 30 workdays
SABA ISLAMIC BANK Page 49
IT Change Management Procedure
Unsuccessful Changes
The following guidelines will be used to determine if a change has been
unsuccessful (CU) or caused an outage (CO) to service.
Expected results did not occur.
Change caused an impact to the User or Operations.
Change must be backed out.
Incomplete instructions or inaccurate documentation provided to
Operations.
Change could not be installed in requested time period.
Problem opened as a direct result of the change
Level E Change - problem severity 1,2,3,4
Level 1 Change - problem severity 1,2,3
Level 2 Change - problem severity 1,2,3
Level 3 Change - problem severity 1,2
Level 4 Change - problem severity 1,2
Unsuccessful Changes
For any change that is closed CU (Change Unsuccessful), the Change Requester
must enter into the Change Request the reason(s) why the change was unsuccessful.
The requester must also enter another change request into the system before the
change will be attempted or scheduled again. The level of the new change request will
be the same as the original; however, the new change request will have to cycle
through the complete approval process again.
Changes Causing Outages
A change that was attempted or implemented and caused a disruption of committed
service delivered by Information Technology to the user will be closed as causing an
outage (CO). For any change which is closed as CO, the Change Requester must enter
into the Change Request the reason(s) why and how the outage occurred. The
requester must enter another change request into the system before it will be attempted
or scheduled again. The level of the new change request will be the same as the
original; however, the new change request will have to cycle through the approval
process again.
Changes Causing Intervention
The Closed Intervention (CI) status will be used to indicate a change that was
installed successfully but required unplanned intervention from applications
programmers, systems programmers, users, analysts or operations personnel after
normal business hours.
SABA ISLAMIC BANK Page 50
IT Change Management Procedure
Canceled Changes
A change that was entered and later canceled will be closed as Change Canceled
(CC). For any change that is closed CC, the Change Requester must enter into the
Change Request the reason(s) why the change was canceled. The Requester must
enter another change in the system before it is attempted again. The level of the new
change request will be the same as the original. The resubmission requirements for
the new change will be negotiated between the Change Coordinator and the Change
Requester.
Postponed Changes
A change that was scheduled but during the installation process could not be safely
promoted (ran out of time, potential scheduling impact found, etc.) will be coded as a
Postponed Change (PC). The change will be automatically rescheduled for the next
Change Window.
SABA ISLAMIC BANK Page 51
IT Change Management Procedure
Roles and Responsibilities
Change Review Board
The Change Review Board (CRB) is a team of people made up of IT management,
representatives from banking operations departments and financial department, and
subject matter experts, members of the user community. It is chaired by the Change
Coordinator.
Board members :
For SIB the suggested change review board members are:
Branches Manager (Change Coordinator)
IT development Manager
Deputy Financial Manager
Automatic services department Manager
Deputy IT Infrastructure Manager
Change Controller & Secretary
Subject matter experts (call them when needed)
The mission of the Change Review Board is to plan and monitor all changes introduced
into the IT environment. Responsibilities include ensuring the following things are
present for every change:
The Change Request has been submitted with the required information
There is a business reason for the change
A user has been identified who is totally accountable for the change
A viable Change Plan exists
A viable Recovery Plan exists
A viable User Acceptance Plan exists
A Technical Impact Assessment has been done
A Business Impact Assessment has been done
A Communications Plan has been developed ensuring communication to
the IT and user communities of the intended change and the potential
impact to them in case of failure of the implementation.
Appropriate management approval has been obtained based on the
risk assessment category.
A post installation review of the completed change to ensure proper
and successful implementation.
SABA ISLAMIC BANK Page 52
IT Change Management Procedure
Change Coordinator
The Change Coordinator acts as the user’s primary interface into the change process
and represents their interests and the IT requirement to meet service commitments. The
Change Coordinator’s responsibilities for specific changes include:
Owns, maintains and ensures accuracy and timeliness of the consolidated
change schedule
Ensures that all changes are appropriately planned and communicated
Reviews change requests for procedural compliance, information quality
and completeness
Ensures that accurate priority and impact are assigned to change requests
Coordinates and owns the change approval and rejection process which
incorporates routing to reviewers, receiving reviewer responses and
relaying appropriate information to requesters. This also includes
negotiation with both parties and final ruling
Undertakes post change reviews and owns the sign off mechanism
Schedules and attends all meetings concerning the Change Management
process
Ensures that asset and configuration updates are only permanently applied
as a result of successful and signed-off changes
Participates in project meetings with applications development teams and
the business where the subject is change impact analysis,
implementation and scheduling of large changes
Responsible for owning efficient and quality problem resolution, where
Change Management service expertise is required
Responsible for escalation and exception reporting to the Change Management
Process Owner
Complies with Change Management service standards, process and
procedures as required
Provides input to Change Management service improvement
Provides and is responsible for the accuracy of appropriate Change
Management service input to knowledge bases as a result of changes and
problem resolution
Responsible for contract management and day to day maintenance
management of third party technology suppliers as a result of Change
Management issues with the service
Initiates and is a technical resource to the IMAC service where
Change Management service expertise is required
Captures and reports appropriate Change Management service measurement
data
Attends appropriate problem escalation / resolution, project development and
service support reviews, where Change Management service expertise is
required
SABA ISLAMIC BANK Page 53
IT Change Management Procedure
Change Requester
The Change Requester initiates and completes the Change Management process and
has overall responsibility for accepting changes. Standards dictate who can act as a
change requester. Change Requester responsibilities for given changes include:
Owns individual changes requested and is ultimately responsible for the
success of the change
Review change request with department manager for approval
Assess the change for risk/impact and ensure the appropriate risk category
has been applied.
Ensure that the change request is complete with accurate information at a
sufficient level of detail to implement the change without intervention.
Ensure Proper lead-time for changes is allowed. (See "Lead Time for
Changes" section in this document).
Conduct User Acceptance testing of change.
Convene the Level 1 Expedite meeting as required.
Communicate intention of change to all potentially affected parties.
Notify the Change Coordinator of any change in date or time of implementation
before the target date is reached. Initiates the Change Control service by
completing and distributing a completed change request
Responsible for obtaining appropriate resource for all change tasks
requiring completion for change success
Co-ordinates task documentation within a change request with other
participating staff as appropriate
Ensures that pre and co-requisites for the change are considered and completed
Ensures completeness of reviewer distribution list as much as possible
Attends change assessment, scheduling and review meetings, as appropriate
Responsible for accurate representation of priority, impact and change window /
time requirements
Ensures all owned rejected changes are placed into a ‘fit state’ for re-submission
Co-ordinates implementation tasks where appropriate and is responsible for
any backout decisions for owned changes in conjunction with Change
Control
Updates owned change requests as required and requested
Responsible for undertaking change tasks within the change
implementation as required
Participates in change task co-ordination meetings as part of change
implementation planning
SABA ISLAMIC BANK Page 54
IT Change Management Procedure
Change Implementer
The Change Management Implementer has overall responsibility for understanding the
requested change; documenting its implications on both the business and the IT
environments; creating, with other resources as required, the coding, system, procedure
and/or process modifications required to implement the change; with the Change
Requester, representing the change to the Change Review Board; monitoring and/or
testing the change prior to final promotion into production and requesting change
closure by the Review Board. Specific Change Implementer responsibilities include:
Monitoring the Change Assignment process for assigned Changes
Meeting with the Change Requester to understand the requested change
and to complete the Change Request documentation
As required, assisting the Change Requester in the preparation of a business
case for the change
With the Change Requester, presenting the Change to the Change Review
Board from a technology and IT architecture perspective for approval to
proceed
Developing technology and operations impact statements
Developing backup and/or back out plans
Identifying and assembling the team required to create the change
Designing and creating the code, procedures or process modifications
required to effect the change
Designing and developing the tests required to demonstrate the quality
and usefulness of the change
With the Change Requester, presenting the completed change to the Change
Review Board for approval to promote into production
Monitoring the promotion (on site or remotely) of the change into production
Resolving issues associated with promoting the change into production,
where possible
With the Change Requester (as appropriate), participating in the review of
the promotion of the change
Requesting closure of the successful change from the Board
SABA ISLAMIC BANK Page 55
IT Change Management Procedure
Change Management Process Owner
The Change Management Process Owner has overall responsibility for ensuring
the quality of the Change Management process. Specific Change Management
Owner responsibilities include:
Is responsible for and owns the Change Management service
Is responsible for development and implementation of Change Management
mission and strategy, in line with SABA ISLAMIC BANK and IT strategies
Escalates to senior management exceptions as appropriate
Ultimately responsible for resolving Change Management service dissatisfaction
Ensures compliance with Change Management process standards and
procedures
Has a nominated deputy to cover for service owner absence
Sponsors and/or manages internal improvement projects to implement
new technology and process improvement
Communicates Change Management service procedures and working practices
and changes to internal standards, processes, procedures and technology
Coordinates and sets annual service requirements, objectives and targets for
the Change Management service in conjunction with other IT Process
Owners
Finalizes annual service requirements, objectives and targets with the Service
Request, Call Center and Problem Management Process Owners
Attends appropriate senior management level service support and
development reviews
Involved in development of and subsequent agreement on service level targets
and target improvements related to the Change Management service
Develops requirements for Change Management standards, procedures,
measurements, tools and technology in conjunction with other IT Process
Owners
Approves and sponsors Change Management improvement ideas
SABA ISLAMIC BANK Page 56
IT Change Management Procedure
Change Controller
The Change Controller is responsible for scheduling and overseeing all changes
introduced into the IT production environments and service delivery infrastructure to
ensure that the risk of impacting the availability of services is minimized. Specific
responsibilities include:
Monitoring Change Categories and Service Risks
Ensuring that all Information Technology customer and Company interests
are protected
Building and maintaining the Consolidated Change Schedule:
Integrating new changes into the existing change schedule
Identifying conflicts in the schedule, and negotiating adjustments with the
relevant parties
Notifying affected parties that changes are scheduled and ready for
implementation
Monitoring the implementation of changes
Handling schedule slips and escalating the appropriate parties to
recover the schedule
Identifying and resolving change assignment issues
Managing change approval
Facilitating the Change Review Board meetings
Managing exceptions of rejected records
Resolving day-to-day change coordination actions
Accepting and managing external change input
Monitoring regular change control measurements
Creating, coordinating, consolidating, and monitoring the change schedule.
SABA ISLAMIC BANK Page 57
IT Change Management Procedure
Change Approver Table ( ال يوجد ما يخص
التطوير
Category
Change Category Definition Approver(s)
Wiring for servers, Change management board with IT
desktops, director
Cable / Facilities – Major telephony, networks
Cable / Facilities – Minor Any minor cablin IT Infrastructure manager
(servers, Coe Network
devices)Engineering changes to
a device IT Infrastructure manager
Firmware Upgrade – Major Chip
Firmware Upgrade – Minor PC Desktop, Printers
Oracle 10g Change management board with IT
Mainframe servers Application director
Software – Major
Change management board with IT
System Applications -Major House Banking system director
Mainframe Application
Mainframe servers Operating
System
Change management board with IT
Upgrade – Major Sun Solaris 10 , director
Network System Software –
CiscoWorks, ,CSC ATM Change management board with IT
Major Monitor (NMI) director
Network System Software – IT Infrastructure manager
Minor OpManager
Change to use new Change management board with IT
brand or new series director
Network Hardware – Major
Network Hardware – Minor Upgrade devices IT Infrastructure manager
Firewalls, authentications Change management board with IT
Network Security – Major devices and algorithms director
IT Infrastructure manager & IT
Network Security – Minor Authentication & permissions director
Server Application Software 2X APP server,
Change management board with IT
Rollout – Major director
Change management board with IT
Server Application Software – director
Major 2X APP server,
Server Application Software –
Minor
IT Infrastructure manager & IT
Netfinity, disk drives, director
Server Hardware – Major communication adapters,
memory, CPU, CD drive
IT Infrastructure manager & IT
Server Hardware – Minor director
IT Infrastructure manager & IT
Server Hardware Rollout – Spare parts HP servers director
Major
Windows 2008 server & Change management board with IT
Server O. System Software Major– windows 2003 Server director
SABA ISLAMIC BANK Page 58
IT Change Management Procedure
Major
IT Infrastructure manager & IT
Server O. System Software – director
Minor
Internet banking , SMS,
System application (Delivery ISO interface, Mobile Change management board with IT
channels APP) Major banking . SWIFT WU. director
Anti viruse, EMAIL
EXCHANGE , Backup
servers, file Change management board with IT
Other application services major server,service Desk director
System & network Administrator Change management board with IT
servers-major DC server, WSUS, director
IT Infrastructure manager & IT
HP products desktop director
Desktop – Major software and hardware
Desktop – Minor
changes on core banking system Change management board with IT
Major) Financial Impact director
IT development manager with IT
Changes on core banking system No financial director
Changes on system that serve back
office Change management board with IT
Financial Impact director
Changes on system that serve back
office IT development manager with IT
No financial director
Changes on second level
systems(HR, payroll, Stores and
asset system …etc) Change management board with IT
Financial Impact director
Changes on second level systems
(HR, payroll, Stores and asset system
…etc) IT development manager with IT
No financial director
Changes on Middleware system Change management board with IT
Interfaced with financial services Financial and customer services director
Changes on internal Middleware IT development manager with IT
system No Financial and customer services director
Change management board with IT
Add new banking system (major) All director
Change management board with IT
Add new back office system director
Add new delivery channels and Change management board with IT
customer services systems director
Add new Middleware system with Change management board with IT
financial and customer interfaces director
Add new Middleware system with no IT development manager with IT
financial and customer interfaces director
Change management board with IT
Urgent systems problems case Financial Impact director
IT development manager with IT
Urgent systems problems case No financial Impact director
SABA ISLAMIC BANK Page 59
IT Change Management Procedure
Meetings
The major scheduled meetings of the Change Management Process are the Change
Review Board meetings.
These meetings are held when there is a need for a meeting and there are
requests to be discussed and approved. Change Coordinator (Head of Change
Review Board) is responsible for inviting the Change Review Board members for
a meeting before 1 working days in normal cases.
SABA ISLAMIC BANK Page 60
IT Change Management Procedure
SIB Change Review Board Meeting Agenda
1. Review of most recent promotion into production activity
The planned promotion activity is compared to the actual activity and deviations are
noted and discussed. When issues or concerns are identified that have not already
been documented this activity will document them. Process quality issues are raised
here.
2. Review of outstanding issues (including E-Change issues)
Issues that have been raised by the above review, the most recent promotion into
production, and previous Review Board meetings are reviewed for relevance,
progress toward resolution and escalation.
3. Assignment of issues or resolution of issues
Issues are assigned to individual board members for resolution. Issues that can be
resolved by the Board without further assignment are resolved and documented. Issues
that have been resolved are approved for closure.
4. Review of E-Change activity since last promotion
All E-Change activity since the last scheduled promotion into production window are
reviewed to determine if the Emergency or Expedite status was warranted, if the
packages prepared in support of the changes are complete and if the quality associated
with the E-Changes is in line with the quality of Board scheduled changes.
5. Identification and assignment of issues related to recent E-Change activity
Issues with either the work done in support of individual changes or the E-
Change process itself are raised, documented and assigned for resolution.
6. Review changes proposed for inclusion in the next Change Window
The changes proposed by the Change Management system are reviewed for
completeness, sponsorship, business impact and technical feasibility. Together,
Implementers and Change Requesters present their proposed changes to the Board
for approval to proceed.
7. Review the proposed Change Schedule for potential impacts to service
Examine, with the help of technical staff, the proposed implementation schedule for the
proposed changes.
SABA ISLAMIC BANK Page 61
IT Change Management Procedure
8. Approve, reject or reschedule changes
Where business or technical impacts are likely to occur, evaluate the business case for
proceeding and, if the risks are acceptable, approve the promotion. Authorize
communication to all affected parties to apprise them of the potential impact. If the risk
is not acceptable, remove the change from the promotion package. Where no business
or technical impact is anticipated approve the Change for promotion.
9. Review the Change Calendar to assess its integrity
Receive requests to formally enter changes into the Change Management system.
Examine the requests for completeness, business justification and technical feasibility.
Review the Change Calendar for potential impacts with either the customer environment or
planned change activity. Schedule a preliminary promotion date on the calendar.
10. Review the Change productivity and quality measurements
Review the document for the most recent promotion activity including, number of
changes promoted, number of successful changes promoted, number of changed
promoted with modification, number of changes backed out of the promotion schedule
and number of incident records associated with changes promoted.
11. Identify and assign for resolution issues associated with the Change Process
Evaluate the trends and, as required, modify the documents , the measurements,
the procedures or the Change Process.
12. Review communications planned as a result of the meeting (rejections,
approvals, concerns and issues)
Review with the Change Coordinator, the communications that will proceed from the
meeting to ensure that all issues are communicated, all parties are included and what is
being communicated is the intent of the Board.
SABA ISLAMIC BANK Page 62
IT Change Management Procedure
Measurements
A number of standard reports on all changes activity are available from the Change
Control Coordinator. These reports are available to anyone who has a need for the
information. If interested in seeing what is available, please contact the Change
Coordinator.
In addition to the standard reports available, all change activity is reported on a monthly
basis in the standard Information Technology Periodical Measurement Meeting
(preferred monthly). These measurements include, at minimum, the following:
Changes logged versus not logged
Changes with incomplete information
Types of changes by category
Number of approved, rejected or rescheduled changes by type
Number of changes by risk / impact
Number of unsuccessful changes by failure type
Number of changes with inadequate information
Number of successful changes by category
Hours of outage caused by changes
Number of rescheduled changes
Other measurements periodically appear in the Periodical Measurements based
on management requests.
SABA ISLAMIC BANK Page 63
IT Change Management Procedure
Glossary
This section contains definitions of terms relevant to the Change Management process.
Term Definition
Information about the result of change activation activities (that is,
Activation Status status and level of success / completeness of the activation).
Approval Lead
Times See Lead Times.
Approved Change A change request that has been accepted, assessed and approved,
Request and scheduled for execution.
Authorized Change An individual authorized to the Peregrine Service Center to enter
Initiator changes into the system.
Back out Execution
Status Information about the result of back out procedures.
For failed changes, a plan that restores service to previously existing
Back out Plan levels.
Back out Problem Defect information created and sent to the Problem Management
Notification process as a result of executing back out procedures.
A request to execute appropriate back out procedures, as defined in
Back out Request the change back out plan. This request is issued when the completion
criteria of an implementation step has not been met.
Business considerations and rules that may influence the way
Business Policy processes are managed and executed.
A Change consists of any installation or alteration of hardware, system
or application software, procedures, or environmental facilities, which
adds to, deletes from or modifies the Information Technology
environment or its attached network.
Change Reasons for making changes could be:
Addition of a new function
Performance improvement
Growth
Technology change
Problem resolution or prevention
The change calendar is a list of accepted changes and their proposed
Change Calendar implementation dates.
Change levels define the importance of the change being handled
within the process. Different levels receive different treatment. There
are five levels which represent the implementation complexity and
risk:
1 Major
Change Level
2 Medium
3 Minor
4 Business as Usual
5 Emergency or Exception (E-Change)
Changed The Information Technology managed resources and environment
Environment modified as the result of the change implementation.
Information about the change implementation activities, including
Change Status problem resolution status.
A change flow shows the activities and the order that those activities
Change Flow must be completed within the change management process.
SABA ISLAMIC BANK Page 64
IT Change Management Procedure
Term Definition
Principles, rules, specifications and prescribed steps to plan, control
Change Standards and execute changes.
The formal document within the change management system that
Change Record displays change details and the status of the change.
Formatted information about the result of change planning and
implementation activities, communicated to users and customers of
the process. This includes information about the progress of change
Change Reports requests (for example, approval status), change plans (for example,
Consolidated Change Schedule), change results (for example,
problem resolution), process health, etc.
A request identifying the IT resource(s) to be changed and a
Change Request description of the change. Change requests may be submitted by any
authorized change initiator.
Change Request To A change request which was not approved because the proposed
Be Rescheduled schedule cannot be accepted.
A validation of the impact of the proposed change on SIB from a
Business business perspective, an evaluation of the completeness of the
Assessment success criteria and communication plan and a review of the backup /
backout / recovery plans.
A review of the completeness of the change plan, test plan, backup /
Technical
backout / recovery plans, platform impact assessment, estimated
Assessment install time, etc. from a technical perspective.
There are three change types:
Emergency: Changes that are vital to meeting a business
need
and cannot conform to the normal change process, particularly the
assessment and approval phases.
Change Type Exception: Changes that are vital to meeting a business
need but
cannot conform to the normal change process, particularly
lead
times.
Normal: Changes that follow the change process to the
letter.
Scheduled time periods established for implementing changes so as
to minimize the impact to services and their users. Change windows
Change Window may vary, depending on the account, on the services, and on the
technical environment. The change windows are documented and
made available to all individuals involved in the change process.
A report of all changes to be implemented during a given period of
time (for example, a week or month), specifying the date and time
Consolidated
when each change is scheduled be implemented. The Consolidated
Change Schedule Change Schedule also contains information about change
dependencies and interactions.
A change that is vital to meeting a business need and cannot conform
to the normal change process, particularly the assessment and
Emergency Change approval phases. Emergency changes must be approved or endorsed
by either the Director of Information Technology or the Change
Management Process Owner prior to implementation.
The endorsement of a change may be necessary where exceptional
circumstances dictate that the normal change process cannot be
followed. Endorsement includes the authorization to proceed for
Endorsement changes that are not fully approved, and the authorization to stop a
scheduled change from proceeding, pending rescheduling. Who is
authorized to endorse must be documented and must be reachable at
all times.
Referring unresolved issues that arise during process activities to
Escalation appropriate and increasing levels of authority to obtain resolution.
SABA ISLAMIC BANK
Page 65
IT Change Management Procedure
Term Definition
Changes that are vital to meeting a business need but cannot conform
Exception Change to the normal change process, usually lead times.
Information Technology standards that may influence the way
IT Change Standard changes are introduced and managed in the Information Technology
environment.
A change request which has been accepted by the Change
Coordinator. Acceptance includes checking that all required data
Initial Change
elements, as defined by the Information Technology change policy for
Request administration, have been completed. Acceptance also commits this
request to the change process and all associated activities.
The Change Requesters documentation of the potential impact of the
Initial Impact change on SIB.
The time intervals required to allow proper analysis and approval of
changes prior to their scheduled implementation. There are two lead
times, which must be defined for each Change Category to meet
Information Technology Requirements.:
Analysis Times are based on the category of the change and
reflect the time interval from when the change request is submitted to
Lead Times when it is available for review. This lead time is to ensure that there
is sufficient time between raising and accepting a change request to
allow the organization to properly analyze its implications.
Approval Lead Times shows the time before the scheduled
activation date that changes should be approved. This period is to
allow the proper management and control of the change activation to
be set up.
Normal Change A change that follows the change process to the letter.
Operating The environment in which an organization performs day-to-day
Environment operating activities.
Original The Information Technology managed resources and environment
Environment before the change is implemented.
Outage A disruption of service in a system.
A problem is any deviation from an expected norm. That is, a problem
is any event resulting in a loss or potential loss of the availability or
performance to a service delivery resource and / or its supporting
environment. This includes errors related to systems, networks,
Problem workstations and their connectivity; hardware, software, and
applications. The recognition of problems can come from any point in
the environment and can be identified using a variety of automated
and non-automated methods.
Defect information about a failing IT resource or service sent to the
Problem Notification Problem Management process for resolution.
A non-approved deviation from a formally documented Information
Process Compliance
Technology process. Process compliance issues are documented in
Issue detail and submitted to the Change Review Board for resolution.
A required improvement to one or more related processes associated
with delivery of contracted services or support of the Information
Process
Technology infrastructure environment. Required process
Improvement improvements are documented in detail and submitted to the Change
Review Board for further handling.
Any process tendency, positive or negative, discovered as a result of
Process Trend analyzing completed requests and reviewing process measurements
and reports.
A system or component of a system that is responsible for the actual
Production Platform running of a business function.
SABA ISLAMIC BANK
Page 66
IT Change Management Procedure
Term Definition
The process of determining whether a process, product, or service
Quality Assurance met its requirements within the given constraints in the most efficient
manner possible.
Rejected Change Notification that the request does not comply with change process
Request criteria and, therefore, was rejected.
A request for action issued by the Change Management process to
Request (To
another process (for example, to the Problem Management process to
Another Process) log and handle Change related problems).
Requester Information identifying the requester of the change (for example,
Information requester’s name, area / department, phone, e-mail address, etc.).
The Information Technology managed resources and environment
Restored
that are returned to their original condition as the result of the
Environment execution of change back out procedures.
A change request proposed for execution at a certain date and time.
The date and time need to be assessed and approved before
Scheduled Change
execution can actually start. If the proposed date and time are
Request rejected during the approval step, then the request must be
rescheduled.
Service Delivery The hardware, software, network, procedures required for IT to deliver
Environment services to end-users.
Service Level Thresholds and service windows that may influence the way
Commitments Information Technology processes are managed and executed.
Target Lead Times See Lead Times.
Technical
Principles, rules, and specifications that must be taken into account
Assessment
Standards when considering the technical impact of a change.
Technical documentation about products involved in the change, as
Technical provided by the product supplier / manufacturer. This includes
Information information about the resources to be changed and information about
the tools used to implement the change.
Analysis of process behavior to discover both positive and negative
Trend Analysis patterns.
Trigger An event that initiates another event.
SABA ISLAMIC BANK
Page 67
You might also like
- T24 Data Migration Tool - DMIG T24 - Reference Guide V1.3100% (7)T24 Data Migration Tool - DMIG T24 - Reference Guide V1.3165 pages
- T24 Directory Structure and Core Parameter Files in T24100% (3)T24 Directory Structure and Core Parameter Files in T248 pages
- DFE - Interview Questions and Answers: T24 System - Work File - Output File (.CSV, XML, Etc)100% (1)DFE - Interview Questions and Answers: T24 System - Work File - Output File (.CSV, XML, Etc)15 pages
- Consolidated List of All UniversitiesPDF - 250309 - 121935No ratings yetConsolidated List of All UniversitiesPDF - 250309 - 12193547 pages
- Authentication - What's New: Channels TechnologyNo ratings yetAuthentication - What's New: Channels Technology7 pages
- Shelby Data Center Final Report April 2017No ratings yetShelby Data Center Final Report April 201716 pages
- 1 - Transact Cheque and Draft Management Foundation (R22)No ratings yet1 - Transact Cheque and Draft Management Foundation (R22)62 pages
- How To Connect and Extract Data From T24 Oracle XMLNo ratings yetHow To Connect and Extract Data From T24 Oracle XML4 pages
- Report Control - User Guide: Release - R18AMR100% (2)Report Control - User Guide: Release - R18AMR15 pages
- SABA Migration RunBook v1.0 20210818xlsxNo ratings yetSABA Migration RunBook v1.0 20210818xlsx50 pages
- Image Management - User Guide: Release: R18 AMR100% (2)Image Management - User Guide: Release: R18 AMR43 pages
- AwashBank Annualreport25 2019.20 2 CompressedNo ratings yetAwashBank Annualreport25 2019.20 2 Compressed152 pages
- Islamic vs. Conventional Banking ProductsNo ratings yetIslamic vs. Conventional Banking Products5 pages
- Conventional vs. Islamic Project FinancingNo ratings yetConventional vs. Islamic Project Financing11 pages
- Kepuasan Nasabah Dan Pengukurannya Di Sektor Perbankan SyariahNo ratings yetKepuasan Nasabah Dan Pengukurannya Di Sektor Perbankan Syariah24 pages
- Major Differences Between Conventional and Islamic BankingNo ratings yetMajor Differences Between Conventional and Islamic Banking8 pages
- Mohammad Ali Jinnah University Karachi: (Course Outline)No ratings yetMohammad Ali Jinnah University Karachi: (Course Outline)3 pages
- Beyond Capitalism: Islamic Economic Models For Justice and Stability100% (1)Beyond Capitalism: Islamic Economic Models For Justice and Stability15 pages
- Prepared By: BIL Member'S Name Matric NoNo ratings yetPrepared By: BIL Member'S Name Matric No24 pages
- MCQ For Chapter 11: Risk Management of Islamic Financial InstitutionsNo ratings yetMCQ For Chapter 11: Risk Management of Islamic Financial Institutions3 pages
- Al Baraka Bank Pakistan: Islamic Banking ServicesNo ratings yetAl Baraka Bank Pakistan: Islamic Banking Services9 pages
