How Can Change Management Spruce Up Enterprise IT Before NERC CIP Updates?

Twentieth-century American author and thinker Alvin Toffler once posited, "Change is not merely necessary to life - it is life."

Change management within an enterprise IT environment has evolved to fit a similar paradigm - it's not only crucial for a business to function, but in many instances, IT could very well be the business itself. Physical products have, in many industries, been replaced by digital offerings, whose continued adherence to customer satisfaction depends on a service provider's ability to enact change reliably before users take notice of the gap between their expectations and the application at hand.

However, much of Toffler's writing and inquiry into technological advancement examined not our ability to change, but our resistance to it. Similarly, businesses push back against optimized change management, however unintentionally, and in doing so suffer heavy losses commercially and operationally. On the eve of NERC Critical Infrastructure Protections updates, these shortcomings pose a threat to companies found outside compliance - Tripwire reported the NERC imposed more than $160 million in penalties between 2009 and 2014 alone. That said, violations, fines and sanctions are the best case scenarios when national security and sensitive customer data are at stake.

Advanced IT service management suites can do much to eliminate bad change management habits from a service provider's repertoire, and here are 3 shortcomings that organizations can avoid with the proper implementation and utilizations of a change management platform:

1. A Lack of Comprehensive Impact Assessments

On paper, change can seem straightforward, but in practice, it can cause a lot of internal calamity if the change's scope is underestimated or forecasted incompletely. Success and failure rates in this regard boil down to alignment between change management strategies and configuration assets within relational databases, CMDBs in particular. For change managers to evaluate workflow and schedule change accordingly, they'll need tools found in ITSM to adequately derive impact analysis in conjunction with CMDBs, perhaps even implement them anew if the database isn't already established.

2. Shortfalls When Testing Changes
As the old saying goes, "Measure twice and cut once." After CMDB analysis comes both regression and non-regression testing to determine not only the success of a given update, but whether it inadvertently led to any errors. Market competition restricts service providers from time-intensive manual processes, lest they be left in the dust. On the other hand, an accelerated change process, if boosted improperly, could prove exceptionally error-prone. Automating testing phases set to follow regimented protocol carries a heavy load for change management teams without exposing it to the risks inherent in manual operations.

3. Inconsistencies When Logging Changes
Because the role of change management in enterprise IT has expanded and will continue to do so, a system of accountability equally valuable must develop alongside it. According to a survey of 40 corporate IT managers conducted by ITSM expert Harris Kern, 95 percent reported deficiencies in consistency logging change, from the second a change request enters the docket to the final approval stage.

In light of the NERC's new and approved standards for IT infrastructure, creating a "paper trail" might appear burdensome, like the worst kind of helicopter parenting. In reality, accurate change logs are IT departments' first defense against erroneous change getting the better of their software, assets, organizations and customers. It can also be a powerful tool for third-party solution seekers offering a fresh set of eyes. Moreover, problems in logging change can be a dead giveaway that internal operations are just as inconsistent. Streamlined ITSM can only be achieved if all parties involved adhere to an efficient, waste-free process with every incoming change request. Cutting-edge tools can do much to instill and reinforce homogeneity throughout enterprise change management.

Previous Article
Change Is The Only Constant: Breaking Down Change Management & Nerc CIP Step by Step
Change Is The Only Constant: Breaking Down Change Management & Nerc CIP Step by Step

With additions to NERC CIP regulations coming in April, enterprise IT across the U.S. should be taking a ...

Next Article
How Change Management Can Help Organizations Stay NERC CIP Compliant
How Change Management Can Help Organizations Stay NERC CIP Compliant

These days, it's nearly impossible to imagine a single industry without an IT presence. Some, like the en...