HP Service Management

Asia Pacific & Japan

Change Management Walk through

Back to Basics
2014 Version

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
 Overview
Scope
The Purpose of this presentation is to communicate the responsibilities and
accountabilities of Capability teams in the Change Management process.
NOTE: This presentation is generic, its principals apply across all accounts, however each
account will have specific contractual requirements, it is your responsibility to be aware
of these PRIOR to engaging in the Change Management process on any account.

Contents
Content Slide

What is a Change? 3
Types of Changes 4
How does Change work? 5
What does this mean to you? 6
Zero Tolerance Policy on Unauthorized Changes 7
Scenarios 8, 9,10,11
The Last Word 12
Important Regional Flash 13,14
2
FAQ
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 16,17,18
 What is a Change?

A Change by definition is any modification to a managed environment, including

the addition, removal, or replacement of any component (Configuration Item)
supporting the infrastructure or a service in that environment.
All modifications require an authorized Change Record, and must be logged in a
central repository where it can be tracked and audited.
This could be HPSM, DW (Digital Workflow), Remedy or a customer toolset.

The purpose of Change Management is to protect our customers and HP and you
from business impacts caused by changes.

You cannot act on (commence) a Change until

the Change record is fully approved
3
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
 Types of Changes
Type Brief Definition Example

Any temporary or permanent Change to a service or the infrastructure within a • Network switch Installation.
Normal
managed environment. • WAN Link Bandwidth upgrade.

Low Impact; Low Risk, simple repeatable instructions, They must go through the
Standard
Normal Change Process at least once and be Approved by CAB to be a Standard • Weekly Firewall updates.
(Routine)
change and then added to the Standard Change Register.

A Change required as a result of sudden loss or reduction of service. Emergency

Changes are always derived from business critical Incidents (Priority 1 or 2 only) or an • Replacement of failed hard
Emergency
imminent outage with a critical impact to the business. disk on exchange server.
Poor planning & preparation are not valid reasons for raising Emergency Changes.

Changes considered as urgent by the business, by the nature of their potential impact
Urgent to the business they by-pass normal lead times. • Interest rate change.
(Normal) NOTE: Not all account use this Change type (some may call it LTNM Change). • Legislative requirement.
Poor planning & preparation are not valid reasons for raising Normal Changes as Urgent.

Minimum Change Lead Times

The minimum Change lead time is the amount of time between the Request for Change being raised and the start
date of the Change implementation.
Unless specifically stated in the Customer documentation, HP standard Lead time apply.

Normal Standard (Routine) Emergency Urgent (Normal)

Created Seven (7) Created One (1) business No Lead time. Must address No Lead time. Must address
calendar days prior to the prior to the start of a critical Incident or a business need with
start of implementation implementation imminent outage. appropriate approvals.
4
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
 How does a Change Work?

Initial Schedule Build & Review &

Create Assessment Plan Change CAB Execute Monitor
Test Close
Change and Change Approval Change Change
(TAB) Change Change
Authorize

Capability Capability • Capability • CHG Mgmt • Capability • CHG Mgmt • Capability • Capability Capability
Engineer Team Lead Engineer • Affected Engineer • Affected Engineer Engineer Engineer
• Business Capabilities • Capability Capabilities • Capability (not
• Business Testers implementer)
• Stakeholders • Technical Testers
Approvers Approvers

•Complete • Provide • Engage all • Technical • All Changes • Review • Ensure • If • Complete
required Peer parties to Review have a Test/ the Change is required Post
fields & review ensure scope of the Verification Change fully Verification
templates. of change Change Plan approved • As per
• Ensure reflects the • Approve planning • Invoke
•Provide Accuracy initial • Approve • Does the or Deny • Stick to back out
both in the request or Deny plan Change timeframes plan if
technical Change Change accurately & the required.
information record • Complete represent documented
& business Change plans what is plan • Update /
areas required? Close
affected. • Update CMDB record.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
 What does this mean to you?
1. You can only make a change to any environment with a Fully Approved Change Record.

2. You must implement the Change according to the approved Implementation plan, start &
end dates and times. You cannot make any changes that are not part of the approved
implementation plan.

3. Before: execution you must verify the Change record is still approved. (Have things
changed?)

4. During: execution you must confirm that the expected outcomes have occurred e.g. (health
Check running after Server reboot).

5. After: execution you are required to verify the change as having met objectives and did not
cause any impact. (record results in the Change record)

6. You must follow the Change Process as documented and published on SharePoint.
7. You must know the Customers specific process requirements, i.e.;
 Contacts and approvals (who must approve Emergency and Urgent changes)
 Change Freezes and Maintenance windows
 Changes involving Third Party Vendors
 Service Level Agreements affecting Change (i.e. Closing Changes)

6
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
 Zero Tolerance Policy on Unauthorized Changes
An Unauthorized Change is any change made to HP or a customer’s
infrastructure/IT environment without a fully compliant Change
record.
How are Unauthorized Changes being identified?
The most obvious way of detecting an unauthorized change is when there has been an impact
to a customers environment resulting in a high severity incident. However, unauthorized
changes are also being detected where no impact is experienced by review and auditing by the
Change Management team. Many customers have SLA penalties associated with Unauthorised
Changes.
What is required?
Delivery Managers are required to enforce compliance to the zero tolerance policy and ensure
that their teams raise a request for change whenever they need to modify a customer’s
infrastructure/IT environment.
Zero Tolerance Policy
HP has mandated Globally a Zero Tolerance Policy for Unauthorized Changes.
This policy is the basis for implementing the Change Management Processes in adherence to
Operational Standards.
This policy simply asserts that you cannot make any changes without a fully approved
Change record that accurately represents the change to be made. 7
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
 Scenarios – What to do when?
A High Severity Incident has occurred. Actions to restore service that DO NOT
change the configuration of the environment
The customers network is down and unavailable.
(e.g. Server reboot) DO NOT require a
You have identified that there is an incorrect separate Change record – where the service is
configuration on the switch and you need to modify COMPLETELY unavailable.
this immediately to resolve the Incident. All else requires a Change Record/s. As per
below.

DO DON‘T

• Before performing any tasks, you should gain approval

through the HSIM team running the Incident, who will
in turn gain authorization from the ADM responsible. • Implement the modification/Change without the
• As soon as practical after the Incident has been appropriate authorization from the HSIM process.
resolved, you should raise a retrospective Emergency • Move on without raising the Change record to
Change to document the modifications made to the CI document the modifications that you made to the
and attach relevant approvals. configuration of the switch (CI).
• Raise the Change from the Incident that it is resolving
from within the Change toolset (HPSM, DW etc).
8
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
 Scenarios – What to do when?
A Customer is demanding a Change to be executed.
The customer demands that you change a setting on a Database urgently.
They are telling you that it has significant business impact and if you don’t do this straight away
they will be unable to process payments. This is currently logged as a P3 Incident.

In order to accomplish this you must make a modification to the Database design/tables. You are
worried that the request is to update this straight into production and you have no time to plan and
test the change.

DO DON‘T
• Raise a Change record/s
• Ask “what will the impact of NOT doing this straight away will be?”
• Consider the response in line with the risks of proceeding without
having the appropriate time to plan and test the change. Proceed with the change on the
• If this is deemed Urgent, ask whether the Incident should be raised customers direction without a change
to a P1 or P2 (engage Emergency Change Process). record, a full assessment of the
• If still deemed a P3, normal Urgent change process is to be followed proposed changes or engaging the
and you should progress as an Urgent Change Request with Urgent approvers.
appropriate approvals.
• Ensure that you understand the potential impacts if the change is
not successful, and complete the Risk/Impact Assessment Matrix.
9
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
 Scenarios – What to do when?
Project requires multiple changes
You are a Project Manager requiring multiple changes to migrate systems to the new
Data Centre at Eastern Creek.
You are working with multiple Capability teams to deliver your project.

DO DON‘T

• Raise a Change record/s to represent each standalone piece of work

(needs to be done as soon as you project plan is complete with • Do not raise a single Change Record to
scheduled dates.) execute multiple unique changes.
• You are responsible to ensure that ALL Changes are logged, • Wait until a few days prior to the
assessed and approved within the toolset, and follow the Normal required implementation date for a
Change process. Change and try to push the Change
• You must link the Change records together as part of the Migration through as Urgent.
Project so they can be easily referenced. • Poor planning is not an acceptable
• You must ensure that all relevant documentation for each Change is reason for utilization of the urgent
attached to the Change record so the full risk and impact can be change process.
assessed. 10
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
 Scenarios – What to do when?
Standard (Routine) Changes….Admin Task

Where there is work you consider to be admin/ sysadm / BAU/ routine task - use the below
guidelines.
• Admin does not alter a production environment in any way including any configuration
changes etc
• Confused ?– Defer to Service Management Change Manager or your leader

Standard / Pre-Approved Change Register DON‘T

1. Only implement agreed to Standard (Routine) Changes

If it is not on the Standard (Routine)
2. These have gone thorough the Normal Change process at
least once successfully. Register it is not accepted as a pre-
3. Have been approved at CAB to be Standard (Routine)
Changes. approved change and a normal
4. Are documented on the accounts Standard (Routine) Change record is required.
Change register.
11
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
 The Last word

The Basics on EACH and EVERY Change

a. The first thing you do before you start any work; Log in and check that the change is fully
approved – do not proceed until it is.
b. Check that the work-plan matches exactly the work you are to perform - including the exact steps
approved in the change and appropriate backout plans and including the affected CI(s). Do not
Proceed unless it does.
c. Ensure that the last thing you do is verify that the change has been successful – has met the
outcomes listed in the change, is confirmed with the customer and recorded in the change and
close immediately this is confirmed.

Process Improvement actions – integrated into process

a. Drive greater awareness of services & applications on client infrastructure –
“know thy server’s business purpose”
b. Risk & Impact assessments to address the wider infrastructure.
c. Clearer communication with the client on the potential risks (& possible
contingency plans), so they can choose to accept the risk or not. This will mean a
pro active approach to managing SLA’s related to impacting Changes.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
 Flash Bulletin on Regional Directives
Production Hours Change Controls January 2014
From: Martino, Michael (VP APJ ITO)
Sent: Wednesday, 15 January 2014 12:39 AM
To: APJ ITO Leadership Team
Subject: Fonterra P1

Again my direction is not getting out to everyone. I said no changes during production, even those requested by the client, unless the
ADE, Sub-Region Leader or I sign off. We had the Fonterra Client wanting a change during production and once again we the nice people
that we are agreed. Then we tipped the production over.

Service Management and Technical Leads are not authorized to do these. ADE’s and Sub-Region Executives are. No more of this.

What this means to all of you?

- No Changes allowed during the customer’s production hours
- Exemptions can only be approved by the ADE, Sub-Regional ITO Leader or Mike Martino
- Agreed Contractual Maintenance Windows are considered approved
- It’s the Capabilities responsibility to seek ADE approval/exemption
- Urgent Changes (changes not meeting lead time) are NOT exempt from this process
- Emergency Changes (During P1/P2) will only be approved within the HSIM Process during service restoration of
a High Priority Incident.
- Routine/Standard Changes must be re-reviewed and are considered unapproved until they are exempted by
the ADE.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
 Flash Bulletin on Regional Directives
All Storage Changes are considered Major/Complex/High Risk
From: Blomfield, Michael Eric (Director, APJ Production Operations)
Sent: Monday, 13 January 2014 2:43 PM
To: APJ ITO L6 Leaders DCS
Subject: MANDATORY: ALL Storage Changes to be seen as MAJOR/COMPLEX and therefore, require a RED TEAM Review with Engineering.
All,
This is a repeat message and MANDATORY.
ALL STORAGE changes are to be seen as MAJOR/COMPLEX and therefore, require a RED TEAM review with ENGINEERING.
Please make sure that this is put in-place immediately across your Accounts, teams, sub-regions.
If you do not understand then contact me directly.
I am disappointed that the original MANDATORY request has not been implemented. Failure to follow MANDATORY requests is soon going to start resulting in verbal and written
warnings as it cannot continue.

Mike Blomfield
Director, APJ Production Operations
HP Enterprise Services
Telephone: +65 6572 3564
Mobile: +65 9645 5141
Email michael.blomfield@hp.com
Level 5, 450 Alexandra Road, Singapore

What this means to all of you?

- Ensure all Storage Changes are NEVER classified as low complexity/ low risk changes in the matrix
- Ensure an ‘Engineering Red Team’ has approved all of your changes before CAB (within the capabilities)
- The Change Manager will ask you ‘has this been Red Team’d?’ and by whom

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Frequently Asked Questions

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
 Frequently Asked Questions
# Question Answer
Where can I find the customer specific Change The APJ Service Management SharePoint has a list of all APJ customers (divided
1
Management Information by sub region), within these customer links are account specific information

Grow@hp provides some tool specific and Change training. You account change
2 Where can I get additional training manager will also be able to advise you where to go for customer specific
training.
1. Can HP do work on systems under a Change raised
by the customer ?
You may only make changes once you have a Change in the toolset that is fully
approved. Since the Customer has initiated the change, it should be assigned to
3 2. I've been asked by the Customer to add new DNS
you for implementation and/or approval. If you do not have a Change record you
records as part of a larger implementation, I've
cannot implement the change, service request are NOT requests for Change
been told that a Line Item is sufficient, is this
correct?
Change Management is responsible for governing the process, and ensuring
Why cant Change Management raise change records
4 compliance, not getting individual change Records “across the line”.
and move them through the phases
We can’t Do and Review.
We have common disk failures on Customers
No. If you have a Change related to an Incident that requires urgent resolution to
hardware on redundant drives that are logged as SEV
avoid a potential high severity Incident, then you need to flag this as an
5 3 Incidents. Following the change process, we are
Emergency Change and escalate for approval. Lead times can be bypassed in this
required to wait 7 days before the engineer can come
situation as there is a potential business impact and sufficient justification.
onsite to replace it. Do you think this is appropriate?

Would last minute verbal approval from approvers be
6
good enough to proceed with the change?
No. The only time verbal approval is accepted is for Emergency Changes via the
HSIM process or on call ADM. If you do not have all approvals on the Change prior
to commencing you must not proceed. If you believe there could be a potential
outage if you do not proceed you should escalate immediately.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
 Frequently Asked Questions
# Question
Some Customer apps teams or TPV raise Changes
with very minimal information and we don't have
access to their SharePoint where they hold their run
7
sheet, and other info. Often they come for approval
at the last minute for implementation. What should
I do?
How do I get approvers to approve without being
8
chased up, especially last minute?
If the change is not tested and we don't have
9 assessment and the potential impacts if there is an error. Make it clear to anyone
lab/server to test the change, what do we do?
Who can I contact for after hours approval or
10 support for a Change record, when the Change team
is not available.
Currently under high severity incidents, server
recovery actions are recorded as per incident
11
update. Do we also need to raise changes for high
severity service recovery actions?
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Answer
You should not approve the Change if you have not had sufficient time to review the
details and are missing information. You should request the missing documents and
ask for enough time to review the change. These documents must be attached to
the change and not be via email outside of the tool. If you are implementing the
Change you definitely SHOULD NOT proceed with the change until you have had time
to review and prepare properly.
All approver groups should be checking there queue throughout the day and
approving or denying Changes assigned to them for approval as appropriate. If you
find that a particular group is not reviewing in a timely manner you should escalate
this so it can be addressed.
There should be no last minute approvals accept for Urgent or Emergency Changes
– NO EXCEPTIONS.
If there is an insufficient testing environment for your Change then you need to call
this out in your Change description. You also need to factor this in to your risk
approving your change that there is a risk involved so they are aware there could be
an impact.
Refer to your customers specific Process addendum for the contact Matrix, this
include escalations. Most of the time it will be a contact within the account team.
If you are making modifications to the CI as a part of the service recovery actions
(eg. Changing a switch configuration) then you MUST raise a change retrospectively
to document the Changes made to the CI. This is an audit requirement.
Thank you

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.