S 2.427 Co-ordination of change requests
Initiation responsibility: IT Security Officer, Head of IT
Implementation responsibility: Change Manager
The success of the patch and change management process depends on an effective communication, since the individual process steps as defined in S 2.421 Planning the patch and change management process and S 2.422 Handling change requests can often only be continued after there has been a response of the persons in charge.
In the coordination process to carry out a hardware or software change, other target groups might have to be involved in addition to the Change Advisory Board (CAB). These additional target groups depend on the size and structure of the organisation. Typically, the submitter of a hardware or software change, the IT helpdesk and the end user affected by the consequences of the change and/or a representative of the specialised area should be involved.
The persons responsible for the business process must be familiar with the request procedure for hardware or software changes and must know which process the request passes through and which information is provided during the request procedure. An essential aspect is the content quality of the request for change (RfC). The necessary information is usually collected in a form or by means of an input mask in a special application. Which information is required and how the form is structured should thus be defined with particular care and in coordination with the possible target groups.
Furthermore, it must be ensured by the patch and change management process that, in the event of serious changes, all Specialists Responsible have the option of commenting on the content of the request to prevent a change that is undesired from a target group's point of view.
However, the request procedure must not take too much time. It must also be possible to speed up the handling of important changes. Here, it must be allowed under certain defined circumstances to shorten the regular patch and change management process.