Technology operations environments are dynamic, and processes, procedures, and controls should be in place to manage change. Change management broadly encompasses change control, patch management, and conversions. It also includes the institution's policies, procedures, and processes for implementing change, which are discussed more fully in the IT Handbook's "Management Booklet" and "Development and Acquisition Booklet".
Large and complex institutions should have a change management policy that defines what constitutes a "change" and establishes minimum standards governing the change process. Processes and procedures for implementing change may be universal for the institution-applicable to all business lines and environments-or may be stratified, such as changes affecting the entire institution and those affecting a business line, support area, or affiliate.
Smaller and less complex institutions may successfully operate with less formality, but should still have written change management policies and procedures. Because mainframe, network, client-server, and application changes are different, institutions may choose to develop individualized procedures. However, individualized procedures do not instill consistency in the change management process. Consistency contributes to a change management process that is defined, managed, repeatable, and optimized.