Technology and the IT infrastructure are constantly changing and advancing. This means that at some point a company will need to go through a change management process to keep up to date with the latest technologies.

ITIL change management

ITIL Change management process

When planning for change, an ITIL change management process will be most effective since it will ensure the use of standardized methods and procedures for the effective handling of any scheduled IT infrastructure changes. By following ITIL’s best practices will also mean that the risks of any negative impacts on other systems caused by an ill planned change management process are drastically minimized.

An ITIL change management process can be a daunting task for system administrators because it may include changing a whole or part of a company’s IT systems infrastructure. It is of paramount importance that this task is planned and structured effectively, since ultimately the aim is to enhance and boost a company’s productivity.

Generally speaking, administrators like to have the same standard environment across their networks as much as possible. This doesn’t mean that employees in finance will have the same software that the development team has but it generally does mean that people in the same department will have the same software and system setup. People who aren’t in IT might see this as a waste, possibly even think that administrators do this to save time or do less work but there are a number of very good reasons for this.

At least once a month administrators are faced with the task of patching their network which is generally done after hours to avoid having an impact on productivity. Administrators know that patching is not just about downloading a patch and pushing it out to the network, because sometimes patches do not play nice with certain applications and there are many reported cases where, after installing a patch a machine no longer boots and instead displays the dreaded blue screen of death. To avoid such hiccups an administrator generally has test machines mirroring each and every system setup out in his network. He first updates his test machine, tests that critical business applications work as expected and only once he is satisfied that these patches create no issues will he push patches out to the rest of his network now.  This of course is only valid as long as users do not decide to take matters into their own hands and install other software that the administrator is unaware off. This is a perfect example, in which an effective Change Management System process should come into play.

Leaving one’s work station open and allowing users to install anything they want to can create a lot of problems. It’s not just that the administrator’s testing efforts can be thrown to waste because what he tested on wasn’t what he found once the patches were installed on workstations; employees might not know the implications of what they’re installing and they might not be aware of the licensing requirements.

Time and time again we hear about how some military personnel installed file sharing software and mistakenly ended up sharing classified information. We cannot really expect that someone who is proficient in using office applications will automatically know the implications of installing software. An employee might not take the time to read the license agreement of the free application he downloaded thinking that it was okay to use without realising that free use was only allowed in a personal and not a business environment.

Implementing an ITIL change management process

What we can expect is that an administrator needs to be aware of what’s running on their networks, and for this to be achieved, the proposed change management process must clearly define what needs to be done in order to control and monitor all company activities on the network. Change management is obviously a vast subject but one doesn’t need to implement every single part, In this case, a systems administrator will only need to focus on employing a solution that will promise complete control and management of the company’s network infrastructure, thus eliminating the occurrence of major disasters!

In my opinion, following an effective change management process, a systems administrator should at least achieve the below in order to gain full control of a company’s network:

  • Communicating and enforcing policies so that employees can know and follow when doing anything which will cause a change to the organization, be it installing software or even changing a systems configuration. Such a policy doesn’t have to be complicated, in fact simple works best, so you could have a policy whereby any employee who requires changes gets them implemented by an administrator.  This policy can also be enforced through the work station itself by configuring rights that restrict users who aren’t authorized from performing certain tasks.
  • Monitoring is also essential. I think that as a bare minimum one needs to periodically monitor what applications and what hardware is installed on each workstation. Even in an environment where employees have restricted rights one cannot trust that they will not find a way around your policies. Monitoring is not hard to implement, by either using scripts or free software to report on applications and hardware. For additional convenience and peace of mind one can also deploy software that informs the administrator when changes occur, this can be set both in real time as well as on a schedule. Having such a system in place would reduce the load on the administrator as their attention would only be required when changes happen.

Even by implementing only these two basic steps of an ITIL change management process, an organization can ensure that their administrators can keep tab on what is deployed on their networks and their configuration. The administrators will be in a position to tests changes before they occur thus saving the organization from possible downtime. Administrators will also be able to safeguard the organization from possible liability due to the use of illegal or incorrectly licensed software and if properly implemented this will also have a minimal impact on employees – all in all, such a change management process results in a win-win situation for everyone.

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.