If you’ve attended a pre-ITIL-4 ITIL Foundation course, then you’ll hopefully remember emergency changes and the role of the emergency change advisory board (ECAB). It was often a “rubber stamp” of the emergency change which helped the change manager to “cover their back.” Now, with ITIL 4, rightly “distancing itself” from the previous change advisory board (CAB) approach to change that was too-often misused by organizations:
“…they often become bottlenecks for the organization’s value streams. They introduce delays and limit the throughput of the change enablement practice”Source: AXELOS, Change Enablement ITIL 4 Practice Guide
It makes you wonder about “the new way” of dealing with emergency changes. Especially because there’s no mention of an ECAB in the new change enablement guidance (in line with minimal mentions of the CAB).
The short answer is that any emergency changes need to be authorized by a “change authority” in the same way that all changes do. The difference is that speed is of the essence and corners might need to be cut.Here, @Joe_the_IT_Guy shares three tips to consider, and apply, before committing your organization to the risk of an emergency change. #ITSM #servicedesk Click To Tweet
Emergency changes are nearly always a risk
Imagine the scenario: you’re woken up at 3am – a critical fault has been found. The resolution is known – reroute some cabling, re-set some switches, a bit of emergency code, and all will be well before morning. They just need your authorization to proceed and then they can step in to save the day. What could possibly go wrong?
In this scenario, there’s much to ponder. After all, emergency coding is scary. But, even in many less obvious situations, the best answer might also be “No” rather than “How quickly can you fix things?” To help, here are three tips to consider, and apply, before committing your organization to the risk of an emergency change.
1. Question the change’s emergency status – the phrase “first do no harm” comes to mind
This phrase is associated with the Hippocratic oath and, for me, it’s just as applicable to emergency changes as it is to medicine. So, start with “What happens if we don’t do it?” Which is really “What happens to the business if we don’t do it?” And so it likely requires both technical and business input.
In life, it’s surprising how often asking just one simple question, with it properly addressed, can clarify things. In this case, potentially stopping the emergency from being a real emergency – reducing it to “something to be dealt with urgently, but through safer channels.”'In life, it’s surprising how often asking just one simple question, with it properly addressed, can clarify things.' @Joe_the_IT_Guy addresses the topic of emergency changes in this article. #ITSM #ITIL Click To Tweet
2. Take the time needed to make the best decision possible
The 20th Century genius that was Albert Einstein is believed to have once said:
“If I had only one hour to save the world, I would spend fifty-five minutes defining the problem, and only five minutes finding the solution.”
The equivalent of Einstein’s approach for an emergency change would be to first establish, as a priority, when a decision must be made by. Then, to take maximum advantage of the available time to make the best possible decision.
This means understanding:
- The damage the emergency situation could cause, and when it would happen
- The latest time that a potential emergency solution would need to be started to prevent damage
- The research and analysis, and opinion gathering, that’s possible in the “decision window.”
This makes the best use of the available time and prevents you from rushing into a solution that might cost your organization dearly if everything doesn’t go to plan.The equivalent of Einstein’s approach for an emergency change would be to first establish, as a priority, when a decision must be made by. Then, to take maximum advantage of the available time to make the best possible decision –… Click To Tweet
3. Prepare people for handling emergency changes
The above points are just two approaches that should be instilled into anyone fulfilling a change authority role. That, while an emergency change is something that might automatically invoke a JDI (“just do it”) response, there’s still much that can be done to help protect your organization against the associated risks. Whether this is starting with a status-checking question or ensuring that sufficient time is applied to the associated decision making (despite the change’s emergency nature).
Importantly, here, you can’t just add the responsibility for emergency-change authorization to someone’s job description and assume that they’ll know how to best deal with them. As shown by the above two approaches to emergency change, there’s a need to educate or train people on emergency change handling, and potentially even to test them through simulations.
Ultimately, it’s beneficial to suitably prepare people to deal with emergency changes – for instance, in using the above two approaches – such that they don’t create an even bigger emergency through making the wrong decision(s). Your business operations might just depend on them.
Do you have any emergency change guidance or good practice to share? If so, I’d love to hear it. Please let me know in the comments.
Joe The IT Guy is a native New Yorker who loves everything connected to IT service management (ITSM). He's a passionate blogger and twitter addict, and is also the resident IT guy at SysAid Technologies.