Posts
415
Comments
233
Trackbacks
42
Change Control Processes

The evolution of an IT department is always something interesting to observe.  The is especially the case when they move from small departmental IT groups to corporate level oversight.  It is usually painful for the people involved to give-up their ability to modify servers on the fly and conform to rigorous testing and documentation.  Having the keys to your environments taken away can really feel like getting stabbed in the back especially when the new deployment team is still working out there processes.  Unfortunately these are the evils of ensuring a stable system.

So what is really needed for a change control process?  This is meant to be an overview rather than a deep dive, but here we go.

A change control process needs to ensure the security and stability of your environments and data as well as compliance with regulations.  The main keys are limiting access, an approval process, separation of duties and keeping a history of changes.

Limiting access and the separation of duties go hand-in-hand.  Limiting access to your QA and production environments ensures that only approved individuals update software that could cause outage or effect data that may be sensitive or cause losses.

Approval and documentation are related to each other as well. You approval process will vary depending on the size of your company and the number of regulatory bodies that have oversight.  At the very least these process all affected system owners and stakeholders need to be aware that changes are going in to production. 

Exception processes also have to be put into place for emergencies.  These maintain the oversight, but allow changes to happen more quickly and off the normal schedules.  The last thing you want to have is a system down scenario and trying to figure out how to stay in compliance at the same time.

In the end the pain usually only lasts while the teams get accustomed to the processes.  Make sure that you document the process well and educate every new team member so that there are no misunderstandings and it will eventually become part of your culture.

posted on Thursday, November 3, 2011 5:16 AM Print
Comments
No comments posted yet.

Post Comment

Title *
Name *
Email
Comment *  
 

Tim Murphy

Tim is a Solutions Architect for PSC Group, LLC. He has been an IT consultant since 1999 specializing in Microsoft technologies. Along with running the Chicago Information Technology Architects Group and speaking on Microsoft and architecture topics he was also contributing author on "The Definitive Guide to the Microsoft Enterprise Library".



I review for the O'Reilly Blogger Review Program



Technorati Profile

www.flickr.com
Tag Cloud