ITIL Change Management: Process, Roles & Trends

Organizations in many industries are undergoing digital transformations, often in response to evolving customer expectations. These continuous changes require IT teams to reduce security incidents and address business challenges to keep their organizations competitive and effective.

Poor change management in IT departments can cause devastating consequences for organizations, largely due to the increasing dependence on fast, accurate information for today’s businesses.

For example, HDFC Bank Limited, India’s largest private-sector bank, recently experienced severe customer backlash when it tried to upgrade its digital banking application, with common complaints including poor communication about the changes, inadequate IT infrastructure, and a lack of customer support.

Reserve Bank of India forced HDFC to roll back its digital launch and completely halt the issuance of new credit cards and other key services until the situation was resolved. It’s easy to imagine the inconvenience and, in many cases, imposition this created for large numbers of customers.

Analysts blamed the debacle on poor project planning, emphasizing the need for the Information Technology Infrastructure Library (ITIL) to manage changes to processes, roles, and trends.

Find out how no-code delivers IT control in No-code Automation: Good for Businesses, Great for IT
Download now

ITIL change management definition

An organization’s IT infrastructure supports digital transformation initiatives, making ITIL change management crucial during those times. These change management models includes best practices for delivering IT services without incident while undergoing a digital transformation.

ITIL change management also manages risk, establishes cost-effective practices, improves customer relations, and creates a stable IT environment that allows an organization to grow and scale its operations.

The intersection of change management and ITIL framework

Many observers felt that users misunderstood or misinterpreted the ITIL framework after the release of ITIL 4. They saw users attempt to control changes or teams with ITIL, rather than control the rate of change.

In response, ITIL began calling the purpose of its framework “change enablement” to convey its use in helping teams drive change within their organizations.

Ultimately, the terminology describing ITIL isn’t as important as the approach to implement it, however. Use this guide to ensure your organization has the right culture and team members to stay on track and effectively manage change.

How does change management relate to release management?

Release management is a practice closely tied to change management, as ITIL 4 views the goal of release management as the creation and modification of services and features that are available for use.

In a content management context, releases commonly contain documentation for training and software. Release management has historically bundled changes, presenting them to users as a package.

This approach typically adheres to strict project management standards, which can cause frustration for teams following agile principles.

In these cases, release management should shift from its traditional role in project management to the automation of processes and integration into existing infrastructure. The process begins by introducing code pipelines into a system with automated reviews to provide tracking and oversight.

This approach can eliminate the silos that keep data in separate locations, creating a path to increased productivity. In this model, release management enables continuous value delivery based on the idea that the data creator is also its owner.

Goals and benefits of ITIL change management

Unplanned or sudden changes disrupt an organization’s IT services and reduce overall productivity. ITIL change management helps create a well-structured change initiative that minimizes change risks.

The specific benefits of this change model include effective change management via software tools that complete the request for change (RFC) process. It also enables the creation of a robust workflow that minimizes IT incidents and service disruptions.

In addition, ITIL change management improves communication of service losses that occur due to scheduled changes. It’s also extremely helpful because it enables organizations keep pace with industry trends to continuously improve processes.

Types and categorization of changes in ITIL

ITIL recognizes three types of changes, including standard, normal and emergency changes.

Standard changes

Standard changes occur on a regular basis and follow a standard operating procedure (SOP). They pose a low level of risk and have little impact on the system. These changes require initial approval, but they don’t require ITIL Change Advisory Board (CAB) approval each time. Operating system (OS) upgrades and patches are a common example of standard changes.

Normal changes

A normal change requires a stated process to be assessed, authorized and scheduled. A supervisor or team member can authorize a minor change, but an executive board may need to authorize a major change.

Major changes

Major changes have a high impact and pose a high risk to the system, so they require both CAB and management approval. They also need a detailed proposal that includes an analysis of the cost/benefits and risk impact.

When digital adoption platforms are used to manage these changes, it can significantly reduce the number of support tickets by providing guidance within the application and on-demand training.

Common examples of major changes include data migration and new software implementation.

Minor changes

Minor changes are not trivial, however they are changes that pose little risk or impact to the system. They have the potential to become standard changes over time. Website updates are a typical type of minor change.

Emergency changes: management and rapid response

Emergency changes cause unexpected disruptions, so they have a high priority. In addition, the change request is often made after the change is implemented in these cases, and requires immediate approval to minimize its impact. These changes also require a review of the implementation and documentation to prepare the organization for future risks. Common examples of emergency changes include responses to security breaches and server outages.

The ITIL change management process: a step-by-step guide

ITIL change management requires a workflow that validates and tests changes before deploying them. This process includes the following steps.

Request for change (RFC)

This step initiates changes based on a user request, existing problem, or IT incident. It often occurs via a template that captures details like the reason for the change, its expected impact, implementation timeline, and cost-benefit analysis.

Change evaluation

This step requires change leaders to perform a detailed assessment of the change for the purpose of minimizing its risk and impact. Standard elements of this analysis include the type of change, its priority, and implementation schedule. The change evaluation should examine its roll-out and roll-back plan in the event of a setback.

Change planning

A team develops a plan for implementing a change during this step. This plan should include resources, timelines, and testing requirements for the implementation, in addition to its expected outcomes and roll-back plan. The change planning step should also include a kick-off meeting to inform stakeholders of the proposed plan and ensure everyone is on the same page.

Change Approval Process

This step helps avoid downtime and other results of change failures. Approval requires a CAB to collect the opinions of key stakeholders, although the exact workflow depends on the priority and change type.

Change Implementation

The deployment team receives the change request in this step. They coordinate the building, testing, and implementation of the change with the management and technical teams.

The deployment team also develops a remedial plan in the event of an implementation failure during this step, as a failed change typically results in a high cost and risk for the organization.

Change Closure

Change closure consists of a review of the change after its implementation, which is critical for identifying deviations from the expected implementation. The change will also be assessed and marked as successful, failed or incomplete in this step.

Common Roles and Responsibilities in ITIL Change Management

Change leaders must clearly define and assign the following roles and responsibilities before initiating ITIL change management.

Change initiator: starting the process

The change initiator identifies the need for the change and initiates the RFC process if the change is deemed justified. Customer service and support staff members typically make the best change initiators due to their extensive interaction with customers and the system.

Change leader: guidance

Change leaders advocate for the long-term success of business transformations. In the specific case of IT change projects, they need the IT skills and knowledge to properly guide the course of these initiatives. IT change leaders may therefore require additional training, especially ITIL certification.

Change agent: execution

Change agents help organizations in their transformations by acting as catalysts for change. They inspire and influence stakeholders by promoting and supporting the implementation of these initiatives.

Change advisory board (CAB): oversight and governance

A CAB evaluates change requests before approving them, paying special attention to possible associated risks. It also considers the change’s potential effect on stakeholders and makes recommendations to minimize disruptions in services.

Change approver: responsibility and authority

Change approvers approve or reject change requests, giving them similar authority to a CAB. It may therefore be helpful to use a responsible, accountable, consulted, informed (RACI) matrix to clarify the differences between these roles. This practice creates accountability for employees and provides greater understanding of the factors involved in an impending change.

ITIL change management: real-world applications and use cases

Common use cases of ITIL change management include security, business continuity and cloud change management.


Security breaches are generally expensive to fix, especially when it isn’t done quickly. The extreme time constraints of these emergency changes mean they typically implement only the critical components of change management processes.

In particular, the vulnerability of a production system during a breach often requires the change to be implemented directly into a live environment without the usual testing in a development environment. In these cases, ITIL change management may use Emergency CAB (ECAB) approval to expedite the change.

Business continuity

ITIL change management requires organizations to maintain business continuity and disaster recovery policies, ensuring minimal service disruptions during the implementation of high-risk, high-impact changes.

These documents include impact analysis, resource optimization and service level agreements (SLAs). In particular, ISO 22301:2019 requires organizations to define their business continuity objectives, including minimum acceptable levels of services and the maximum tolerable period of disruption (MTPD) allowed.

Cloud change management

The transition to cloud computing makes cloud change management a pre-approved process for many organizations, which is a standard change under ITIL.

These frequent updates to the cloud environment thus require an effective change management process that often includes a sandbox. This testing environment enables QA as a routine capability for ensuring changes meet desired quality standards.

How AI and automation are transforming ITIL change management

ITIL change management offers many capabilities of interest to IT professionals. The promotion of automation is one of the most important, which includes many distinct technologies. Artificial intelligence (AI) is one approach for automating manual tasks, especially when those tasks are too difficult to automate with older methods.


Automation is nothing new to IT professionals, but they often focus on the automation of tasks for other departments rather than their own. IT already has automated capabilities for repetitive tasks like resetting passwords, often through the use of third-party tools. In addition, automated cloud management and DevOps capabilities have been widely adopted.

However, it’s still possible for many IT departments to increase their automation, thus reducing their workload. For example, the latest technology offers the opportunity to automate high-volume tasks that have historically required human decision-making abilities.

Automation operates at a far higher speed than human workers, so automation becomes an attractive option once the error rate of the automated process falls below that of humans. In addition, automation incurs lower operational costs than manual processes, while providing higher availability.


The development of AI has greatly accelerated since 2018, when IT Service Management (ITSM) vendors began offering AI-based tools to improve the delivery and support of IT services.

Digital agents, also known as virtual assistants and chatbots, are becoming highly proficient at delivering dynamic self-help options to users. The context-sensitive information these tools reveal also helps IT staff resolve issues faster. In addition, they can automatically prioritize tickets and assign them to the appropriate group. Furthermore, AI tools can use analytics to better understand large data sets, allowing them to recognize trends in IT issues.

Implementing ITIL change management and continuous improvement

Implementing an ITIL change management process is similar to the implementation of other major initiatives within an organization, especially in terms of best practices. For example, change leaders should communicate their intent to implement the change with all relevant stakeholders.

They should gather information from stakeholders to ascertain their needs and expectations of the change and address their concerns. These discussions should also be well-documented so that stakeholders can review the findings afterward.

In addition, change leaders should evaluate the available methods for implementing ITIL change management and communicate the reasons for selecting a particular strategy.

Building the right team is also a key factor in a successful implementation, which will often result in a cross-functional team with members from many disciplines. Leaders may identify skills gaps during this process; when that happens, they may be required to choose between upskilling existing members and hiring new members with the needed skills.

IT professionals also have access to a variety of tools that facilitate ITIL change management. These include configuration management databases (CMDBs), which provide a common storage location for IT configurations. In addition to information on IT assets, CMDBs also allow IT professionals to load many applications used to implement change management and deploy them to other departments.

Additional benefits of CMDBs include the ability to track the organization’s hardware and software use throughout their life cycles. These tools track software licenses to ensure the organization remains in regulatory compliance.

Pipefy for change management

Pipefy offers a business process automation (BPA) platform that supports ITIL change management. It also provides a new approach to outsourcing that allows organizations to scale their operations while maintaining their ability to manage change. Our solution easily integrates into existing workflows, providing users with consistently satisfying experiences.

Get automated communication and trackable metrics in Pipefy’s change management template
Use free template

Related articles