Getting the ITSM Basics in Place, Part 2: Change & Problem Management

ITSM Change Management & Problem ManagementBy Ed Caufield, Distinguished Alumni and
Lonnie Sanders III, Associate

Andy Warhol once said, “They always say time changes things, but you actually have to change them yourself.” But as any IT manager will tell you, sometimes when you do change things, things don’t go as planned or envisioned. Trying to avoid having changes go wrong and then analyzing the situation when they do is what Change Management and Problem Management are all about.

In the first article of this multi-part series on getting the ITSM (IT Service Management) basics in place, we focused on Incident Management. Incident Management is about prioritizing and addressing “incidents,” which is what happens when something in your environment breaks. In this article we will discuss Change Management and Problem Management, which are the next two logical steps in the IT Service Management process.

Change Management ensures control and awareness

Change Management is the process of evaluating, tracking and validating proposed changes to the production environment. The goal is to check for risks and user impact to ensure the actual result of the change will be as planned.

When it comes to the IT production environment, there are just three types of changes:

  • Standard changes – These are very low-risk changes that have already been pre-approved by the business via a well-documented approval procedure. “The Customer Service Manager has requested that the Customer Service telephones be turned off at 4:00 pm” might be a Standard change.

  • Normal changes – These are changes that are anticipated and planned in advance (such as a server or network device change), with standardized controls in place throughout the process. 


  • Emergency changes – These are changes made as a result of an unplanned outage, high-priority incident or security-related issue. Quite often, these are caused by some other change that “blew up.” Ideally, Emergency changes will be few and far between.

For organizations that are mature in ITSM processes, Change Management serves as the throttle point for all infrastructure, security and application changes.

The Change Advisory Board is responsible for approvals

A key prerequisite to getting a Change Management system in place is to build out your Change Advisory Board (CAB). The Change Advisory Board is a cross-section of IT team members that meets weekly to approve the Normal changes.

For Normal changes, here’s how the process should work. First all user testing of that change is completed and signed off by the business as being ready to be applied to the production environment. Before the change is deployed to production, however, it is handed off to the CAB.

One of the CAB’s tasks is to do a full landscape review. Are there any changes moving into the production environment that might conflict with or otherwise impact each other? Does everything make sense from the higher-level viewpoint? Only after it has been approved by the CAB does the change move forward into the production environment.

In addition to ensuring control, Change Management also provides transparency and awareness of the changes going into the environment and the dates on which these changes took place. In the event a change doesn’t go well, you have the knowledge of what was changed in case you need to back it out. When the service desk gets a call from an end user regarding an incident, the service desk team can check this incident against the change record to potentially understand the problem, thereby decreasing time to resolution.

Problem Management is a retrospective look back at incidents

In spite of your best efforts, the reality is that sometimes changes don’t go well. While this is most likely going to be the case with Emergency changes which, by their very nature, do not usually go through the full review process, it can happen with Standard and Normal changes as well. This is where Problem Management comes in.

Perhaps you reconfigured the network, and this change caused a major outage. Maybe you updated your software and now you’re dealing with multiple incidents as a result. Or it could be that you ran some reports and noticed that a particular incident occurred over 300 times in the past month. These are the types of things that Problem Management is meant to address.

A good way to think of Problem Management is that it’s a high-level root cause analysis process. Problem Management is used to look back at Priority 1 (and sometimes Priority 2) incidents to figure out what went wrong and how you can prevent it from happening again. The overall goal is to (a) identify and address recurring incidents and (b) prevent issues and incidents from happening.

What happens if you don’t do Problem Management?

Problem Management essentially brings the first stages of IT Service Management full circle. While getting there can be a slow process, it is well worth the effort. Why? Because without Problem Management…

  • Trends are not being identified, and therefore not addressed
  • You can get stuck in a seemingly endless loop of repeating incidents, because no one is getting down to the root cause to keep them from happening again
  • Your customer satisfaction is likely to be low

Once you have the first 3 ITSM basics in place, then what?

After you have Incident Management, Change Management and Problem Management in place, the next step is often to move on to Knowledge Management. Knowledge Management, which will be the subject of the next article in this series, gets knowledge out of people’s heads and into a format that can be accessed and used by everyone. Stay tuned!

In the meantime, if you need help getting ITSM in place, give us a call. This is one of our areas of expertise. 


About Ed Caufield

Ed Caufield is a people- and results-focused senior IT leader with 20+ years of domestic and global experience in SAP / Enterprise Applications, ITIL service management, infrastructure and cloud operations, portfolio management, IT governance and outsourcing operations.

About Lonnie Sanders III

Lonnie Sanders is a program/project leader with exceptional leadership skills and technical knowledge. Clients appreciate his extensive experience leading cross-functional and multi-site teams to produce successful project results in diverse industries and domains.

About CIO Professional Services

Based in the San Francisco Bay area, CIO Professional Services LLC is a top-rated Information Technology (IT) consulting firm focused on integrating Business and Information Technology.  Our consultants are all hands-on executives who are veteran CIOs and Partners of Big 4 consulting firms. Companies come to us seeking assistance with their information technology strategy as well as for interim or fractional CIO / CTOs, and negotiation and program management/project rescue assistance.

Contact CIO Professional Services

CIO Professional Services LLC is a top-rated IT consulting firm, based in the San Francisco Bay Area, specializing in strategic IT consulting and business / IT alignment. Companies come to us seeking assistance with their information technology strategy as well as to source interim CIO / CTO employees or fractional CIO / CTO's. Our IT experts can assist with integrating IT into your business processes - better - up to and including 'project rescue' in areas such as ITSM / ITIL, IT service strategy, and IT outsourcing. Business / IT strategy projects we have worked on include upgrading ERP systems, cybersecurity and IT consulting, IT assessment and organizational change. Cloud computing and business IT remain critical in today's business systems, and beyond that to the migration to the cloud of business IT. Our IT consultants can assist with all aspects of business / information technology alignment. Contact us today for a free phone consultation - we service clients not only in San Francisco or San Jose, but throughout the United States.

Copyright 2021. CIO Professional Services, LLC. All Rights Reserved. View our Privacy Policy.