Change-advisory board

Last updated

A change-advisory board (CAB) delivers support to a change-management team by advising on requested changes, assisting in the assessment and prioritization of changes. This body is generally made up of IT and Business representatives that include: a change manager, user managers and groups, product owners, technical experts, and possible third parties and customers (if required). [1]

Contents

Membership

The CAB members should selectively be chosen to ensure that the requested changes are thoroughly checked and assessed from both a technical and business perspective. The considered change will dictate the required personnel to convene in a CAB meeting. These entities are not required to meet face-to-face on each requested change, but rather use electronic support and communication tools as a medium. It is however advised that a quarterly meeting is scheduled to review outstanding changes, sign off on approved changes and discuss any future major changes.

A CAB offers multiple perspectives necessary to ensure proper decision-making. For example, a decision made solely by IT may fail to recognize the concerns of accounting. The CAB is tasked with reviewing and prioritizing requested changes, monitoring the change process and providing managerial feedback.

Role

A CAB is an integral part of a defined change-management process designed to balance the need for change with the need to minimize inherent risks. For example, the CAB is responsible for oversight of all changes in the production environment. As such, it has requests coming in from management, customers, users and IT. Plus the changes may involve hardware, software, configuration settings, patches, etc.

This is defined as part of the change control process within ITIL.

The CAB concept can also be used outside of the IT world as the change process at a high level can be applied to any system.

Emergency Change Advisory Board (ECAB)

In ITIL if an incident demands an emergency change, selected members of the above Change Advisory Board come together and decide. Their composition and particular authority is defined before it comes to action within the change process.

Criticism

DevOps practitioners have criticized CABs as slow and ineffective. In Accelerate , based on analyzing several years of research, Nicole Forsgren, Gene Kim, and Jez Humble conclude that:

External approvals were negatively correlated with lead time, deployment frequency, and restore time, and had no correlation with change fail rate. In short, approval by an external body (such as a manager or CAB) simply doesn’t work to increase the stability of production systems, measured by the time to restore service and change fail rate. However, it certainly slows things down. It is, in fact, worse than having no change approval process at all. [2]

See also

Related Research Articles

In sales, commerce and economics, a customer is the recipient of a good, service, product or an idea, obtained from a seller, vendor or supplier via a financial transaction or an exchange for money or some other valuable consideration.

Information technology service management (ITSM) is the activities that are performed by an organization to design, build, deliver, operate and control information technology (IT) services offered to customers.

Software deployment is all of the activities that make a software system available for use.

The incremental build model is a method of software development where the product is designed, implemented and tested incrementally until the product is finished. It involves both development and maintenance. The product is defined as finished when it satisfies all of its requirements. This model combines the elements of the waterfall model with the iterative philosophy of prototyping. According to the Project Management Institute, an incremental approach is an "adaptive development approach in which the deliverable is produced successively, adding functionality until the deliverable contains the necessary and sufficient capability to be considered complete."

ITIL security management describes the structured fitting of security into an organization. ITIL security management is based on the ISO 27001 standard. "ISO/IEC 27001:2005 covers all types of organizations. ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties."

A service catalog, is an organized and curated collection of business and information technology services within an enterprise.

In marketing and quality management, the voice of the customer (VOC) summarizes customers' expectations, preferences and aversions.

Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management, automated builds, testing and release management capabilities. It covers the entire application lifecycle and enables DevOps capabilities. Azure DevOps can be used as a back-end to numerous integrated development environments (IDEs) but is tailored for Microsoft Visual Studio and Eclipse on all platforms.

<span class="mw-page-title-main">IT infrastructure</span> Set of information technology components that are the foundation of an IT service

Information technology infrastructure is defined broadly as a set of information technology (IT) components that are the foundation of an IT service; typically physical components, but also various software and network components.

Management due diligence is the process of appraising a company's senior management—evaluating each individual's effectiveness in contributing to the organization's strategic objectives.

Release management is the process of managing, planning, scheduling and controlling a software build through different stages and environments; it includes testing and deploying software releases.

DevOps is a methodology in the software development and IT industry. Used as a set of practices and tools, DevOps integrates and automates the work of software development (Dev) and IT operations (Ops) as a means for improving and shortening the systems development life cycle.

<i>Toyota Kata</i>

Toyota Kata is a management book by Mike Rother. The book explains the Improvement Kata and Coaching Kata, which are a means for making the continual improvement process as observed at the Toyota Production System teachable.

Continuous testing is the process of executing automated tests as part of the software delivery pipeline to obtain immediate feedback on the business risks associated with a software release candidate. Continuous testing was originally proposed as a way of reducing waiting time for feedback to developers by introducing development environment-triggered tests as well as more traditional developer/tester-triggered tests.

Continuous delivery (CD) is a software engineering approach in which teams produce software in short cycles, ensuring that the software can be reliably released at any time and, following a pipeline through a "production-like environment", without doing so manually. It aims at building, testing, and releasing software with greater speed and frequency. The approach helps reduce the cost, time, and risk of delivering changes by allowing for more incremental updates to applications in production. A straightforward and repeatable deployment process is important for continuous delivery.

UNICOM Focal Point is a portfolio management and decision analysis tool used by the product organizations of corporations and government agencies to collect information and feedback from internal and external stakeholders on the value of applications, products, systems, technologies, capabilities, ideas, and other organizational artifacts—prioritize on which ones will provide the most value to the business, and manage the roadmap of how artifacts will be fielded, improved, or removed from the market or organization. UNICOM Focal Point is also used to manage a portfolio of projects, to understand resources used on those projects, and timelines for completion. The product is also used for pure product management—where product managers use it to gather and analyze enhancement requests from customers to decide on what features to put in a product, and develop roadmaps for future product versions.


Site reliability engineering (SRE) is a set of principles and practices that applies aspects of software engineering to IT infrastructure and operations. SRE claims to create highly reliable and scalable software systems. Although they are closely related, SRE is slightly different from DevOps.

Nicole Forsgren Velasquez is an American technology executive, entrepreneur, and author. In 2020 she was named vice-president of Research & Strategy at Microsoft's GitHub and more recently Partner at Microsoft Research. She is coauthor of Accelerate: The Science of Lean Software and DevOps which won the Shingo Research and Professional Publication Award in 2019.

<i>Accelerate</i> (book)

Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations is a software engineering book co-authored by Nicole Forsgren, Jez Humble and Gene Kim. The book explores how software development teams using Lean Software and DevOps can measure their performance and the performance of software engineering teams impacts the overall performance of an organization.

TestOps refers to the discipline of managing the operational aspects of testing within the software delivery lifecycle.

References

  1. "Change Advisory Board". The ITSM Encyclopedia. 2007. Retrieved 2023-07-20.
  2. Forsgren, Nicole; Humble, Jez; Kim, Gene (2018). Accelerate: The Science Behind DevOps: Building and Scaling High Performing Technology Organizations. ISBN   978-1942788331.