Date post: | 07-Apr-2018 |
Category: |
Documents |
Upload: | balu-reddy |
View: | 247 times |
Download: | 1 times |
of 26
8/6/2019 Enterprise Risk Matrix v1 02
1/26
Change Management Risk Matrix
Enterprise Computing Services
Europe
8/6/2019 Enterprise Risk Matrix v1 02
2/26
8/6/2019 Enterprise Risk Matrix v1 02
3/26
Change Management Risk Matrix
Unilever Enterprise Computing Services
Europe
Document Information
Author Mark Phypers
Owner Nick Brace
Status / Version 1.02
Reference Ref No
Category -
Technology Change process
Date Published 20th September 2010
Review Due 20th November 2010
Document History
Version Description
1.0
1.01 See issue log for list of amendments in this revision
1.02 See issue log for list of amendments in this revision
Review Record
Version Reviewer Role
Approval Record
Version Approver Role
Fixed issue with cross tower involvement reducing rather than increasingrisk. Wording changed to "Tick those that DO NOT apply"Increased the business risk of making changes to SC1/2 services %Prod/DR environmentsAdded ITMW answer in outage sectionLocked ready for distribution
8/6/2019 Enterprise Risk Matrix v1 02
4/26
Author Date
Mark Phypers 9/16/2010
Mark Phypers 9/24/2010
Mark Phypers 10/25/2010
Date
Date
8/6/2019 Enterprise Risk Matrix v1 02
5/26
Prepared by mark.phypers 06/06/2011
Change Management Risk Matrix C
Unilever Enterprise Computing Services Busin
Europe Techn
Description
A.
Process
A1 What is the proposed lead time?
Normal Normal agreed lead-time or greater
Rapid Change is requested to be implemented sooner than the standard lead time
s
inessImpacts
B1
None
Medium
Significant Significant impact, e.g. an Incident, problem or known error will remain unresolved.
B2
NO The change has no functional impact on end users
YES The change will introduce new or enhanced/amended service functionality
B3 Is there a planned outage to service?
No No, the service is planned to remain available throughout the duration of the Chang
Out of Hours
Degraded Possible degraded service or intermittent loss of service throughout duration of the
Outage Yes, the Service will be unavailable for a period
None
What are the business implications ofpostponing this change
No impact - the change has no IT or Business driver and no requirements for a setimplementation date
Some impact, e.g. postponement or failure of the change could cause delay to a mila project.
Does the change introducenew/enhanced/amended functionality tousers of the service?
Yes, the Service will be unavailable and/or degraded for a period but this is during aMaintenance Window or outside of agreed serviice hours.
This is purely an administrative change and there is an absolute zero potential impalive IT system as a result of making this change (e.g CMDB updates, and other papetype changes)
8/6/2019 Enterprise Risk Matrix v1 02
6/26
Prepared by mark.phypers 06/06/2011
Change Management Risk Matrix
Unilever Enterprise Computing Services B
Europe Te
Description
B:
Bu
B4
Non-Prod
If this is a change to a Prod/DR Service, whatare the most serious potential impacts uponthe business, as a result of the plannedchanges, in the event of an unplannedoutcome?
This is a change to Non-Prod - (E.g. Dev/QA/Sandbox). Risk of direct impact upbusiness services is negligible.
Resilience /Capacity
Failure could, at worst, only result in a loss of system resilience and/or capacity.a change to a single CI within a high availability architecture)
SystemsManagement
Failure could at worst only impair the IT organisations ability to manage this or osystems - not impact directly upon any Business systems themselves.
ServiceContinuity
Failure could, at worst, only impair the ability to recover service in event of a fursystems (For example a change to back up routines, locations, schedules or a cwithin the DR environment).
BusinessProcess
An unexpected outcome could result in a detrimental impact upon a business prresulting in financial impact to the company through impaired or lost ability to peprocess until service is restored.
8/6/2019 Enterprise Risk Matrix v1 02
7/26
Prepared by mark.phypers 06/06/2011
Change Management Risk Matrix C
Unilever Enterprise Computing Services Busin
Europe Techn
Description
C:EnvironmentsImpacted
C1
Development, Proof of Concept and/or Sandbox systems
QA/Reg Quality Assurance and/or regression systems
Prod/DR Production and Disaster Recovery systems
C2
NONE There is no change to a service as defined in the CMDB
SC4/5 Service Criticality 4 or 5
SC3 Service Criticality 3
SC2 Service Criticality 2
SC1 Service Criticality 1
C3
NO
Project The service is not yet operational but is in regular use as part of an inflight project.
Enabling
Business Yes the change is to an operational business service
C4
No No further implications
Manageable
Type of environment(s) the change impacts?(Tick highest impact one only)
Dev / POC /Sandbox
What is the highest SC level Servicecomprising this change?(Tick highest impact one only)
Is this a change to an operational service orsystem?
The change has no effect on an operational serviceHover for guidance notes
Yes the change is to an operational business service during normal service hours bsystem is a backoffice system such as monitoring tools, system management tools,systems, etc so the change could not directly impact business processes if it were tofailure
Are there further impacts outside the serviceor host e. . schedulin /batch
Some disruption which can be managed in advancee.g. holding schedules or rescheduling FTP times
8/6/2019 Enterprise Risk Matrix v1 02
8/26
Prepared by mark.phypers 06/06/2011 Page 8
Change Management Risk Matrix Change ID
Unilever Enterprise Computing Services Business Risk
Europe Technical Risk
Description
Yes
YES further disruptive impacte.g. delay to batch processing or potential loss of FTP data.Please ensure your implementation plan includes tasks to handle this.
8/6/2019 Enterprise Risk Matrix v1 02
9/26
Prepared by mark.phypers 06/06/2011
Change Management Risk Matrix
Unilever Enterprise Computing Services Bu
Europe Tec
Description
D:
Cross
TowerIm
pac
ts D1 Will this change impact the Service Desk?
No No impact on call volumes or change in support levels / models / agreements
Yes May cause increased call volumes or involves changes to support levels, help file
D2
Client Does not impact upon Client Services ability to provide contracted services
Network Does not impact upon Network Services ability to provide contracted services
Enterprise Does not impact upon Enterprise Hostings ability to proviode contracted services
Application Does not impact upon Application Services ability to provide contracted services
3rd party Does not impact upon a 3rd parties ability to provide contracted services
Tes
ting
E1
NA This is not a physical change - communication / documentation purposes only
Test
Yes
Partial
No No testing has been done or testing is not possible. e.g. Emergency fix
None No issues found from testing
Will this change impact upon other towers or3rd parties ability to supply their services?
(tick all that ARE NOT impacted - leave blankif it does impact them))
Has the change been tested successfully?
This change has been raised in order to carry out testing on a non production envprior to implementation on production systems.
Successful testing has been completed for the change in matched QA environmechange has been completed successfully on a previous occasion
Successful testing has been completed, however there are known differences beQA and Production environments; there is a potential for unforeseen issues to ari
8/6/2019 Enterprise Risk Matrix v1 02
10/26
Prepared by mark.phypers 06/06/2011
Change Management Risk Matrix Chan
Unilever Enterprise Computing Services Business
Europe Technical
Description
E:
E2 Minor Minor known issues to be released into production, with potential to cause small incident
Major
Testing output - any known issues fromtesting?
Change includes a significant known error being released into production; potential to casignificant incidents but the risk has been accepted by the business
8/6/2019 Enterprise Risk Matrix v1 02
11/26
Prepared by mark.phypers 06/06/2011
Change Management Risk Matrix
Unilever Enterprise Computing Services
Europe T
Description
E3 Is post implementation testing planned?
Full Full post implementation testing is planned immediately after change is implem
Business
None No post implementation testing has been planned
F:
Bac
kou
tF1 What is the backout complexity?
Simple Easily implemented by change implementor in isolation
Complex Complex back out plan requiring staggered activities from a number of teams
Unknown No backout assessment has been made or backout is not possible
F2 Has the Backout plan been tested?
Yes This change has been both implemented and backed out on a matched QA en
Standard
No Backout plan has not been or cannot be tested.
:Resource
G1 Resource complexity
1
2
3
Confidence testing planned by Business contacts (Not necessarily straight afteimplemented e.g. On-site testing)
This is a standard backout plan used many times in the past for similar change
been specifically tested with regard to this piece of work.
The change can be implemented, tested & backed out by the change implemeisolation.
The change requires more than one internal implementing team available duriwindow. Any issues can be resolved between these parties
The change requires both internal and 3rd parties or cross tower teams availachange window. Any issues can be resolved between these parties
8/6/2019 Enterprise Risk Matrix v1 02
12/26
Prepared by mark.phypers 06/06/2011 Page 12
Change Management Risk Matrix Change ID
Unilever Enterprise Computing Services Business Risk
Europe Technical Risk
Description
4 The change will require outside assistance (Internal or third party) if it errors
8/6/2019 Enterprise Risk Matrix v1 02
13/26
Prepared by mark.phypers 06/06/2011
10
10
8/6/2019 Enterprise Risk Matrix v1 02
14/26
Prepared by mark.phypers 06/06/2011
10
10
8/6/2019 Enterprise Risk Matrix v1 02
15/26
Prepared by mark.phypers 06/06/2011
10
10
8/6/2019 Enterprise Risk Matrix v1 02
16/26
Prepared by mark.phypers 06/06/2011
10
10
8/6/2019 Enterprise Risk Matrix v1 02
17/26
Prepared by mark.phypers 06/06/2011
10
10
8/6/2019 Enterprise Risk Matrix v1 02
18/26
Prepared by mark.phypers 06/06/2011
10
10
8/6/2019 Enterprise Risk Matrix v1 02
19/26
Prepared by mark.phypers 06/06/2011
10
10
8/6/2019 Enterprise Risk Matrix v1 02
20/26
Prepared by mark.phypers 06/06/2011
10
10
8/6/2019 Enterprise Risk Matrix v1 02
21/26
Issue Log
Issue ID Raised by Q#
1 Paul White All
2 Paul White
3 B1
4 B4
5 Eddie Cohen
6 C3
7 Admin All
8 Paul White B3
9 Josh Ruding all
10 Ade Badru c3
11 Steve Judge E1
12 Misc
13
14
15
16
17
18
19
2021
22
23
24
25
26
27
28
29
30
31
3233
C1,C2
Simon Goddard /Eddie Cohen
Simon Goddard /Eddie Cohen
Paul White / Eddie
Cohen / SimonGoddard
8/6/2019 Enterprise Risk Matrix v1 02
22/26
34
35
36
37
38
39
40
8/6/2019 Enterprise Risk Matrix v1 02
23/26
Description
Issue regarding ticking multiple "Type of environments impacted".
Issue regarding the wording of the "impact on service if change fails" answer.
Proposed addition of guidance notes.
Numbered the questions to make issue tracking and revision history straight forward to administrate.
No option for changes raised to carry out testing
Testing reveals very difficult to get an ITMW change to come out as a major. This is because the matrixassesses risk not size and if action has been taken to mitigate the risk then the change will not achieveMajor categorisation.
Issue regarding the "Business implications of Postponement" question adding too much risk or whetherrelevant at all.
Issue regarding the "Operational Service" answer needing clarification as to meaning and not reducing
risk score enough.
Suggested this structuring this slightly differently:- No planned outage- Planned degradation (agreed with business or ITMW)- Planned outage (agreed with business or ITMW)- Planned outage or degradation (not agreed)
Suggested adding in calculations to show the change category and lead time as well as the business &technical risk
Changes to back up regimes normally happen during normal hours of the service but not during the
hours of the backup - which happens OOH - theres no increased risk to the service by making thesechanges in normal hours but the risk matrix will say that there is.
8/6/2019 Enterprise Risk Matrix v1 02
24/26
8/6/2019 Enterprise Risk Matrix v1 02
25/26
Status Version Resolved In
1.01
1.01
1.01
1.01
Updated 1.01
1.02
24-9-10: will be added in a future release.
1.02
12/10: Added low risk answer 1.02
24-9-10: Under discussion whether to add aquestion relating to number of CIs impacted in orderto push the risk higher for "Large" releases.Or to
handle this via guidance notes
Updated - clarification added to instruct to tick oneanswer only
Updated - Scoring changed to only add noticeablerisk to the unresolved issue answer.
Updated - wording clarified on answer 1
24-9-10: will be added in a future release.12-10-10: a couple of guidance notes added ascomments on the risk sheet
Partial 1.02
Trial solution added - guidance note added on
answer 1 and scoring of answer 1 weighted to muchlower risk
24-9-10: Needs discussion12-10-10: Solution added - needs testing
29-09-10: Loggged issue
12-10-10: Soluton added to questions B4 &C3
8/6/2019 Enterprise Risk Matrix v1 02
26/26