Five good tips to running a Change Advisory Board (CAB)
Five good tips to running a Change Advisory Board (CAB)
Time and time again, I’m asked the question: “How do you manage a CAB effectively?” Having been a change manager for two companies as well as assisted several organizations optimize their process; I’ve painfully discovered some handy tricks and tips that might help. This is not an all-inclusive list, but a short snapshot of the top five that have helped me. Of course, I there are volumes of advice on the Change Management process, but keep in mind these are specifically for having a better CAB experience:
1. Get the agenda out early and encourage discussions before the CAB.
Don’t wait until the last minute to publish the upcoming CAB schedule. One of the frustrating things about attending CABs is that attendees often don’t really know much about the changes until they get to the meeting. Publish the list early so attendees have a chance to get up to speed on the proposed changes. This way, they can get with change requestors and sponsors before the meeting to get a clear understanding of what is proposed. If you don’t, then your CAB will be overtaken with efforts to solve any personal issues people have with proposed changes.
2. DECISION MAKERS attend the CAB.
The CAB members should be selected based on their knowledge and meaningful input to the meeting. What happens when CAB invitees can’t make it and send their designated hitters? Simple: ensure that then people attending have the authority to speak on the behalf of the person they are sitting in for. There’s nothing more frustrating than discussing a change and a key role says “I don’t think I can speak on that, I’ll have to get approval from my boss.” If they can’t speak on behalf of their boss, then they don’t need to be there. You can either clarify this need with the attendees before the meeting, or reschedule the discussion to a later CAB when the key personnel can attend. Also, don’t forget to have your Service Desk represented at the CAB!
3. Know your decision thresholds.
Do not attempt to approve a change that is bigger than you. Follow your organization’s governance guidelines and determine the rules to decision making. This means that you should know exactly what thresholds (dollar amount, risk level, impact, urgency, etc.) you are capable of approving. For example, most CABs have the authority to approve server changes, but not approving a major ERP go live. These types of changes should be escalated to a higher level change authority, for example a steering or management committee.
4. If you are the Change Manager, your Configuration Manager sits right next to you.
If you have a CMDB to control configuration items, the Configuration Manager should be an integral part of your CAB. A lot of pre-work and investigation can be done via configuration management before a CAB takes place, and the Configuration Manager can be a huge help when discussing associated risks and impacts of potential changes. Use the configuration model to illustrate the relationships between configuration items to the CAB to help with analysis.
5. Careful not to get into “rubber stamping.”
Many CABs get overwhelmed with complex and numerous changes. The pressures of getting through these changes during a meeting are enormous. This often results in sloppy approvals that may not receive proper assessment – and can cause incidents once deployed. Ensure that every change request receives the proper attention by scheduling enough time to discuss them. Also, be careful not to blindly approve a request simply based on who is requesting it. I remember a situation where a CAB approved a change simply based on who was requesting it. This “rubber stamp” approval resulted in a poorly managed deployment that caused several hours of downtime. The lesson learned here is that it doesn’t matter who is asking, every change must have the proper amount of analysis and scrutiny.
These are just a few I’ve found helpful. Of course, there are more out there. Feel free to reach out with your thoughts and ideas!
Upcoming classes by Mark Thomas at Interface Technical Training
ITIL200: ITIL V3 Foundations Certification Course
ITIL-SO: ITIL v3 Intermediate Lifecycle: Service Operation with Certification Exam
COBIT200: COBIT 4.1 Foundation & Implementation. IT Governance Training
BA200: Business Analysis training for the IT Professional
You May Also Like
In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management
In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365. For instructor-led Office 365 training classes, see our course schedulle: Spike Xavier SharePoint Instructor – Interface Technical Training Phoenix, AZ 20347: Enabling and Managing Office 365
How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015