Control and Security
When adapting this process for the cloud we have to take into account that our service management chain will look differently. Considering that an MSP might be introduced into the service chain, or if you already had one perhaps a new one will be selected, makes it even more complex. On top of that, our DevOps teams will have more and more permissions to handle changes autonomously. And, let’s not forget that not all cloud providers offer a (live) Service Desk. See Gateway to Vendor Support to read more on that.
Change execution will be different because of automation.
The types of changes and how we determine the impact stays largely the same, assuming a healthy and mature process exists. However change execution will be different because of automation and the advent of agile ways of working such as the afore mentioned DevOps teams. Some process maturity is needed to get started in the cloud, so start with determining process maturity and determine what changes need to be made to ‘Run in Control’.
Important activities for governance are communicating about RACI models for future and transitional modes of operation. Report on the maturity gap and activities related to improving it up to ‘Run in Control’ level and allow for specific changes in the process if the situation calls for it through a dispensation route.
The CCoE helps with determining the impact of High Impact changes. The Enterprise Architect may be involved as well. The CCoE helps with providing tooling to automate Standard Changes.
The CCoE Helps with determining the High Impact changes
Process or Activity
Determine the impact of High Impact changes. Provide tooling to automate Standard Changes.
Demarcation of Responsibilities
Application teams are responsible for implementing their own infrastructure changes, possibly supported by CCoE.
Service Desk is informed if a change can have an impact on a customer (internal or external).
Consult Architect(s) for High Impact changes and Cloud Admin for Change Automation.
To Do List
Set measurements (KPI) for proportion of new releases distributed automatically.
Inventorise the different sources of change requests and check whether the chain of authority is covered.
Determine variables that impact cloud service chains.