CM is hard
So hard in fact that we had to implement it twice, but we got there. Lessons were learned ...
- Different parts of the IT function do things their own way, it's best to match their process as close as possible while introducing the extra controls.
- Dealing with regulation (Japan SOX in our case) introduces extra bureaucratic burden, we decreased this burden by defining Pre-Approved Changes for regular defined operations which could be applied by certain people and then post-approved/reviwed by the management team.
- Writing changes, test documentation, roll-back plans is very hard for a lot of people. Having structured documentation and reference examples is essential.
- Always be optimising your processes ... until they are good enough, then stop.
- Really, seriously, examining your processes gives you massive insights into how your dept works and where changes are needed.
- No company/dept/section/team is the same, there is no one size fits all set of processes, if your software can't match how you work then change your software*
- User training is vital.
- ... many others.
When you get it right there are big benefits in overall operational efficiency and accuracy, the extra reporting we got to implement gave us some very nice insights. There were less incidents, faster turnaround of changes, which let us all work more on interesting projects and play with shiny toys.
* I spent 6 months reviewing over 60 different ITIL packages, the final 3 were ServiceNow, BMC and IBM's offering. ServiceNow was by far the best, it wasn't a painless transition but worth it, we dumped an old ITIL package which we had pushed to it's limits and a vendor that couldn't deliver. Whichever software you go for, you'll only get out of it what you put in. Implementing something like this requires effort from the whole dept and more importantly their buy-in to get it to work, so that means you need good leadership from the start.