Welcome » IT Booklets » Operations » Risk Mitigation and Control Implementation » Change Management
Technology operations environments are dynamic, and processes,
procedures, and controls should be in place to manage change.
Change management broadly encompasses change control, patch
management, and conversions. It also includes the institution's
policies, procedures, and processes for implementing change, which
are discussed more fully in the IT Handbook's "Management Booklet"
and "Development and Acquisition Booklet".
Large and complex institutions should have a change management
policy that defines what constitutes a "change" and establishes
minimum standards governing the change process. Processes and
procedures for implementing change may be universal for the
institution-applicable to all business lines and environments-or
may be stratified, such as changes affecting the entire institution
and those affecting a business line, support area, or
Smaller and less complex institutions may successfully operate
with less formality, but should still have written change
management policies and procedures. Because mainframe, network,
client-server, and application changes are different, institutions
may choose to develop individualized procedures. However,
individualized procedures do not instill consistency in the change
management process. Consistency contributes to a change management
process that is defined, managed, repeatable, and optimized.