Change is never easy because we are creatures of habit. We are comfortable with a routine where everything flows smoothly. ‘Change Happens,’ however, and it is not always easy, but if it occurs for the right reason and is managed properly, then it is well worth the effort. Getting your change management processes working well is key to resolving this issue.
When talking specifically about changes in the IT environment, most have been in situations where making the modification is much simpler and quicker than following a time-consuming process with approvals, CAB meetings, back out plans, risk assessments, and the rest. Think of the time you or a colleague said, ‘it’s not a big deal; it’s just this one file with the new rates for the Monday morning calculations. I’ll log into the server to replace it. It’ll be much faster than trying to summon an Emergency CAB session and won’t keep us here for 3 more hours on a Friday night.’
Well, what happened with that little file swap? Maybe it caused immediate outages because the system was trying to access it at that time and it was unavailable. Maybe it had wrong rates in it because finance had decided, at the last minute, not to modify the rates. That may have been the reason there was no change request submitted and all the statements were sent with incorrect fees, say 50% less or 40% more than what they should have been. Maybe the tables were just formatted incorrectly and the Monday morning calculations were not able to run.
Whatever the cause, I guarantee you the outages lasted much longer than they should have and the number of human resource hours invested to determine why the calculations failed were very significant, and for one simple reason. There was no audit trail or documentation of the change in the environment. During the majority of the outage, therefore, everyone was just grasping for any cause and discounting the possibility that the file with the rates was the cause because finance decided not to submit the change request.form
Management process is in place for a reason: To protect us from ourselves and to protect the organization from unnecessary and prolonged outages. Is it easy to implement and operate on a daily basis? No, not always. Alternatively, how easy is it to walk into that command center or call incident management and tell them that you are the cause of the enterprise-wide outage? I assure you, calling for the emergency CAB meeting and being told the change is no longer necessary is much easier than facing your manager to explain why you didn’t follow the process.
‘Change happens’ and so must the process that documents it, but that is your responsibility. Think of the greater purpose of you performing your job, which is to help deliver the best business outcomes possible for your organization. Look at the scenario above from the consumer perspective: Would you have wanted to receive your mortgage statement with a 40% higher interest fee? Probably not. So, consider the total potential impact of undocumented change from the consumer perspective before simplifying your life from the provider perspective. Your job impacts many others downstream, and you are always downstream from someone else.
Latest posts by Carlos Casanova (see all)
- Is Blockchain the Missing Link in Securing Internet of Things? - February 21, 2019
- Understanding the Active Cyber Defense Certainty Act – Should Companies Be Allowed to “Hack Back”? - December 7, 2018
- Cybersecurity – We Still Have a Long Way to Go! - July 24, 2018