In the world of managed services, one crucial aspect is change management. Whether you are managing internal IT (Information Technology) processes or catering to the unique needs of your customers, maintaining a well-structured change tracking system is paramount. Not only is change management important for scalability of your managed service, but it is also becoming increasingly vital to cybersecurity. Particularly, considering recent high profile cyberattacks involving exploitations of change management processes, MSPs need to make sure their internal and external change management process is setup up properly and being followed consistently.
This article delves into two key components of change tracking: Internal Change Tracking and Customer Change Tracking.
04.03 Internal Change Tracking
Effective internal change tracking is essential for any managed service provider to ensure that modifications to internal object configurations are Policy driven, well-documented and follow a consistent process. This process typically involves a series of steps:
Policy-driven Compliance: A mature Change control system should follow a formalized change management policy. The policy does not have to be completely exhaustive but should outline the Change Procedures which are request, review, approval, and documentation.
Request: The change process begins with a formal request. This request can come from various sources within the organization, including IT staff, managers, or stakeholders. Each request must be detailed, explaining the nature of the change, the rationale behind it, and potential impacts.
Review: Once a change request is made, it is subjected to a thorough review. This review process includes assessing the impact of the change on current operations, security implications, and resource allocation. The review ensures that changes align with organizational goals and standards.
Approval: After the review, the change request must receive formal approval. The approval process typically involves key decision-makers, and their consent indicates that the change is deemed beneficial and safe.
Documentation: Throughout this process, meticulous documentation is critical. Keeping records of every step in the change process ensures transparency and accountability.
By following this structured approach, managed service providers can maintain control over their internal IT systems, reduce risks associated with unapproved changes, and ensure that changes align with business objectives.
04.04 Customer Change Tracking
When it comes to customer-facing services, change tracking takes on a whole new level of importance. In the context of customer change tracking, the focus is on modifications to customer object configurations. This process can be complex due to the varying and often unique needs of each customer. Here is how it typically works:
Policy-driven Compliance: The MSP should adopt the customer’s Change Management Policy, if they have one, if they have one, if the customer does not have a policy than the MSP and the customer should agree on a standard for the change management process and then form a policy based off the process that customer would like to use. You can use the same physical policy for internal and external changes, but the sections should be annotated customer vs internal changes.
Documentation: The starting point is always proper documentation of the customer’s existing configuration. This includes the specifics of their IT environment, applications, hardware, and any custom configurations.
Change Request: Like internal change tracking, changes are initiated through formal change requests. These requests often come from the customer, their representatives, or internal staff responsible for customer accounts.
Evaluation: Changes are thoroughly evaluated, not just from a technical perspective, but also in terms of their alignment with the customer’s requirements and objectives. A critical aspect of this evaluation is ensuring that changes do not disrupt ongoing customer operations.
Customer Approval: Before any changes are implemented, they must receive formal approval from the customer. This step is essential in maintaining the trust and satisfaction of the customer.
Implementation and Update: After customer approval, changes are implemented following best practices. Post-implementation, documentation is updated to reflect the current customer configuration accurately.
Effective customer change tracking is essential for customer satisfaction, retention, and building strong, long-term relationships. It ensures that customer needs are met, and changes are carried out with precision and minimal disruption.
In the world of managed services, maintaining structured change tracking processes is non-negotiable. Both Internal Change Tracking and Customer Change Tracking are integral to the success and sustainability of any managed service provider. By implementing these processes diligently, providers can ensure that changes are requested, reviewed, approved, and implemented following consistent procedures, enhancing the quality of service they deliver to their customers while minimizing risks to their internal IT systems.