Change Control vs. Change Management: Moving Beyond IT
The Limits of Change Control
A useful perspective on the distinction between change control and change management comes from the definitions of these terms used by the IT Infrastructure Library (ITIL) Service Support processes:
- Change Control
The procedures to ensure that all changes are controlled, including the submission, recording, analysis, decision making, and approval of the change
- Change Management
The Service Management process responsible for controlling and managing requests to effect changes to the IT Infrastructure, or any aspect of IT services, to promote business benefit while minimizing the risk of disruption to services
The problem is that changes to the infrastructure are not always routine and light in terms of impact to the infrastructure and to the organization both inside and outside of IT. It is in these cases that simple change control does not have the appropriate depth of process or organizational reach to handle the complex change events it is charged with regulating. On top of this, the weak compliance that the process receives for low impact changes is often little better for changes with a significant organizational impact.
The results-poor decisions are made to go forward or deny changes, business impacts to areas of the business are not considered, changes are badly prioritized and implementations of changes are disruptive. In essence, many organizations with IT-focused change control process regimens have too much process for many simple changes and not enough process for the major changes that really matter.