DoD industry partners follow stringent change control processes for configuration management minimizing risk to the government. CISCO, an important industry partner not only implements a CM program for themselves they share their processes and methods as another business offering.
Assess and Evaluate the RFC
The potential impact to services and service assets and configurations needs to be fully considered prior to the change. Generic questions (such as the "seven Rs") provide a good starting point.
• Who raised the change?
• What is the reason for the change?
• What is the return required from the change?
• What are the risks involved in the change?
• What resources are required to deliver the change?
• Who is responsible for the building, testing, and implementation of the change?
• What is …show more content…
Medium No severe impact, but rectification cannot be deferred until the next scheduled release or upgrade.
Low A change is justified and necessary, but can wait until the next scheduled release or upgrade.
Table 2
Authorize the Change
Formal authorization is obtained for each change from a change authority. Depending on the size of the organization and the volume of changes, the authorizer may be a single person, or a group of people – a board. The levels of authorization for a particular type of change should be judged by the type, size, or risk of the change; for example, changes in a large enterprise that affect several distributed sites may need to be authorized by a higher-level change authority such as a global Change Advisory Board, Change Control Board or even possibly the Approving Authority (AO). Table 2Change Authority Examples
Scope/Type of Change Change Authority
Standard change Local authorization
Minor change Change manager
Emergency change Emergency CAB
Normal change