Aalto ITS Change Advisory Board - CAB
- CAB meeting is arranged every Wednesday at 10:00 (if needed).
- New change requests should be done by 12:00 on the Friday of the previous week.
What is Change Advisory Board (CAB)?
CAB – known officially as the Change Advisory Board, is a cluster of people who are tasked with assessing changes to the IT setting. It can be as modest as an email distribution list, or as strict as a Chairman-led, take-minute, raise-your-hand-to-speak board. The culture and the occupational needs of the organization regulate what’s appropriate.
In Aalto University Aalto IT Services has a Change Advisory Board which is tasked to assessing changes mainly concerning services which ITS is providing.
Emergency Change Advisory Board (ECAB)
A sub-set of the Change Advisory Board who makes decisions about high impact Emergency Changes. Membership of the ECAB may be decided at the time a meeting is called, and depends on the nature of the Emergency Change.
The addition, modification or removal of anything that could have an effect on IT services. The scope should include changes to all architectures, processes, tools, metrics and documentation, as well as changes to IT services and other configuration items.
A Normal change is a non-emergency proposed change that needs to be reviewed by Change Management.
Standard changes, sometimes called Routine changes, tend to be pre-authorized changes that are considered to have little to no risk associated with them. They are fairly common occurrences that have specific guidelines and procedures which they follow. Standard changes are implemented often with repeatable steps that seldomly require modifications. Standard change must have a documented process that's been reviewed and approved by Change Management.
Emergency changes are changes that are more pressing and sensitive and are handled by the Emergency Change Advisory Board (ECAB) which is typically a subset of the CAB.
These changes typically represent a crisis or an opportunity that must be addressed without undue risk. An acceptable level of risk is therefore expected and specific procedures are followed as a risk mitigation strategy. Specific approvals and authorization is also required before implementation of an Emergency Change.
- How the change is going to be implemented?
- Who are affected by the change?
Security, information protection, continuity
- Have you discussed with information security?
- How the data is protected?
- How service is protected if something fails?
- What is required to re-create the service?
- Identify the potential consequences of a change and estimate what needs to be modified to accomplish a change
- Try to answer following questions
- Who will be affected?
- What will be affected?
- What information needs to be collected?
- What are the consequences of not making the change?
- Who will the information be shared with in your organization?
- Will there be existing or new integrations to other systems?
- If so:
- To which systems have integrations?
- Where is the documentation of integrations?
- Add links to documentations
- Who to inform about the change?
- Who will be responsible of communication?
- Whch channels are used to communicate the change?
- If the planned implementation fails what is the rollback plan?
- Who will be responsible of the decision to cancel planned change?
All change requests are done at eSupport.
Notice! Because change management is currently Aalto ITS internal process you have to have enough rights to create a new change request.