Identifying unauthorized changes

Discuss and debate ITIL Change Management issues
Post Reply
pderwael
Newbie
Newbie
Posts: 1
Joined: Tue Dec 01, 2020 8:03 am

Tue Dec 01, 2020 9:10 am

Hi folks

I'm process owner for CM in the airspace traffic mgmt industry, which is by its nature very regulated
The changes we deploy are of a wide variety: new weather equipment, radar parameter change, international data queues, radio frequency changes, beacon maintenance... plus all the usual IT related stuff you all know about

Recently, after having been hit by an audit, I had to review the KPIs produced for my process
One of the KPIs is labelled "number of unauthorized changes having caused an incident"
This one is causing me some headaches...

As unauthorized changes requests are by nature not formalized, requested, authorized, notified... they are impossible to track as such
Looking at this object from the opposite side (from the incident perspective) does not help me much
Only incidents caused by official changes can be identified because the 2 objects do exist

One way to produce meaningful figures for my KPI would be to raise a problem record for every incident and find the root cause
I don't think that would work because of the sheer workload required
Also, I don't think our technicians nor their team leads would shoot themselves in the feet by standing up and proudly saying "Hey guys, we have just deployed an unauthorized change. Did you notice anything? No? Excellent!"

The deployment of a software release solution would not help
Essentially because any such solution would have to comply with the regulation, which means that the cost of ownership would skyrocket (# of environments, testing & certification campaigns...)

The only approach I see would be by tuning in to carpet-radio at the coffee corner
This is highly informal and does not fit well our regulated environment

So, how do you guys monitor unauthorized changes?
Do you monitor them at all?
Do you have a North-Korean approach? ("There is no such thing in our organization")

Any clue, any idea to feed the discussion, please shoot!


Post Reply