ITIL vs. ISO 20000 Change Management Requirements

[mjflkitty]

Hi Everyone,

I was thinking what is the difference of the Change Management of ITIL and ISO20000. Since ITIL states types of Changes as Normal,Standard, Emergency Change. While ISO20000 places an "e.g" where it sites urgent, emergency, major, minor.

Please enlighten me on what should be the types of changes that we should have.

Thank you

 

[pldey42]

ISO 20000 says, "All requests for change shall be recorded and classified, e.g. urgent, emergency, major, minor."

So if you're going for ISO 20000 Certification all changes have to be recorded and classified. The actual classifications are a matter for you and your organization to determine, depending on the nature of your business and the characteristics of change requests.

For example, I once operated a system in a software development organization where our classifications were:

- nice to have
- must fix, one person cannot work
- must fix, several people cannot work
- must fix, network security or availability compromized

This scheme enabled the sysadmins to prioritize change requests based upon impact to the business rather than political weight of requestors or arbitrary judgement. Also, they didn't need me there all the time to take such decisions - I could do useful things like fending off senior managers who wanted to interfere with their work, or writing proposals to buy new stuff.

Had we wanted ISO 20000 certification, this would have been fine.

Hope this helps,
Pat

 

[mjflkitty]

Thank you. because the debate we have is as to whether what type of change we will use. either the ITIL one or the ISO20000

 

[john.b]

As already covered changes should relate to whatever you need to track. There are some other interesting related ideas (based out of IT work).

standard or routine change: since the general ideas behind change management are to keep track of things, to control risk, and to document approval and implementation steps setting up a standard category of routine changes helps streamline the approval process by pre-approving some types, or at least limiting the processing steps.

emergency change: since the process might be different in urgent cases using a separate category of emergency changes could make sense.

change versus service request versus incident: ITIL is the general reference for what these related ideas mean but again setting up processes and records that make sense for your requirements is critical. If you design in too much complexity implementation will fail quickly.

change versus configuration management: too complicated to say much about, but depending on what changes you are tracking they might correspond to a central configuration reference (see ITIL and related thread in this forum, geared more towards physical design configurations than IT scope).