Software Configuration Management

The term “Change Control” is one of the latest buzzwords in the IT industry. However, the term need not be restricted to the IT industry alone. The world has always been susceptible to change; however, the need for managing changes smoothly is felt the most nowadays across industries, especially the IT industry. This article will discuss about change control and its impact.

Change control relates to the procedures that are needed to introduce changes in IT products and services in a controlled manner. Addressing ad hoc changes needs to be coordinated well. Change control is a major component of a much broader subject – Change Management.

The change control process ensures that a product, service or a process is only modified according to the requirements of a change that is necessary. It has been observed in the IT industry that ad hoc, unnecessary changes have introduced bugs in software applications. People learn from experiences and a formal change control management activity was introduced in the software product life cycle.

A change “freeze point” was defined and all changes after that were discarded until the software was released in the initial phase. Some changes have risks and/or considerable financial implications. Some changes in this category are – operating system upgrades, change in network routing tables, and even something very basic to business – a change in contractual terms. Needless to say, this kind of changes need to be addressed through an organized, well-coordinated change control process, if possible with the aid of change control software (for example advanced Computer-Aided Software Engineering (CASE) tools).   

A formal change control process comprises of the following steps:

• Record/Classification of changes
• Assessment of change impact
• Planning of change management
• Build/Test the modification areas
• Formal Implementation of changed product/service
• Closure of the change issue and obtaining acceptance from the client

At the very beginning, there is a “change initiation” from the client side. A person then has to record the change request and categorize it. The classification has to be done on the merits of the change, say “major”, “minor”, and “normal”. Thereafter, the change has to be prioritized as “emergency”, “to be expedited”, and “routine”.

Next, a thorough impact analysis has to be done. Impact assessors typically convey their risk analysis by answering a set of questions both to the concerned business and IT heads. Based on this analysis, the manpower planning for the change implementation is carried out. This change implementation unit is formally called the Service Delivery Unit (SDU).  The analysis should be carried out from two corners – business justification, and technical justification.

The SDU team takes up a major role in the change control management activity. The very first thing that an SDU carries out is to plan the change implementation. A regression plan has also to be in place. Their plan has to be agreed upon by the core change control source committee, sometimes formally known as Change Advisory Board (CAB). If the plan is approved, modifications are made according to plan within the boundaries of a planned date. The product/application then has to be tested thoroughly with a compulsory regression-testing phase.  After the change is implemented, the CAB should conduct a post implementation review.

Lastly, the client has to observe the effects of the change and give sign-off to the development party.

Let us now discuss about the goals of change management. First, most companies want that changes should have minimal impact on existing day-to-day functions. They want to ensure that affected users should be well trained about the change control process and existing documentation (like user manual/online help) should be modified suitably. Secondly, no company wants to recall existing software that has been running well because of mishandling of changes. There should be electronic tracking of changes suitable for auditing purposes. Positive impact of the change should be detectable and measurable as much as possible. Lastly, all companies want optimal and economic utilization of all resources involved in the change implementation. Change implementation causes lot of effort and money. All’s well that ends well. Every company will naturally be happy if all the time and money bears fruit at the end.

After the process and goals, let us discuss finally about the individual people contributing to the change control management activity and their respective roles. Change Initiator is the person who initiates the change request and confirms the completion of change implementation. Change Sponsor is the person who gives business approval to the change. Change Administrator is the person who carries out the initial investigation and conducts change assessment. This person also monitors change requests. Impact Assessors are people who analyze the likely impact of the change. The Change Manager is in charge of the entire managerial activity related to the change implementation. This person has lots of authoritative power and acts as a single point of contact and mediator among non-agreeing parties. Finally, the Task Owners are the people who are in charge of implementing specific tasks that add up to the actual change implementation.