What is a change advisory board (CAB) and how should you set one up?
In this post, we cover the essentials of this committee – what these committees are, what their role is in ITIL change management, and best practices for creating one.
What Does the Change Advisory Board (CAB) Do?
As readers of this article almost certainly know, a change advisory board (CAB) is a specific committee within the ITIL framework. Specifically, the CAB focuses on authorizing IT service changes during the Change Management process.
Every time a change request is submitted, this committee evaluates that proposal.
As the change request is processed, the CAB will perform several tasks:
- Assessment. The requester of the change will submit documents related to the planned change, or Request for Change (RFC) material. The CAB will then assess potential risks and rewards. They will also ensure that the RFC has the necessary materials and documentation required for review.
- Authorization, rejection, or request for revision. If the CAB and the Change Manager approve the change, they will authorize it. They may also reject it or make requests for further revisions, such as requesting more documentation or requesting modifications to the proposal.
- Scheduling and prioritization. The CAB will also review the required resources for the change, review it in the context of other changes and resource allocations, then schedule and prioritize that change.
The CAB is focused strictly on reviewing and authorizing changes, though the same members may be involved in the post-change review process.
What Members Should Be Included in the CAB?
- The CAB Owner. The CAB owner is often a Change Manager or a member of the Change Management team, and they are, in essence, the chairperson who runs the CAB. They are tasked with structuring CAB meetings, leading meetings, delegating and communicating responsibilities, and overseeing other processes related to the CAB agenda.
- Representatives from all groups impacted by the change. Normal changes will affect multiple departments in the organization. Since those units will naturally be involved in the change, they should be included in any relevant CAB meeting. They will also provide input around the key decisions related to the change, such as assessment, revision, and authorization.
- High-level IT managers. Many CABs also include high-level IT managers, such as operations managers, IT security managers, network engineers, and business relationship managers. Which professionals will be included will depend on the organization in question and how they choose to structure the CAB.
Adhering to this structure is important, since the CAB members will be responsible for changes that directly impact the organization, IT services, and, in many cases, services that affect employees and customers.
What Do CAB Meetings Look Like?
As with the other components covered here, ITIL recommends taking a very structured approach to CAB meetings and workflows.
An effective CAB meeting will:
- Ensure the meeting is attended by the right people. For a CAB to actually perform its function effectively, the right people must be in attendance.
- Include a specific agenda and schedule. CAB meetings should cover a specific agenda that includes assessment of risky changes, reviewing of failed changes, reviews of the change management process, as well as a change review process.
- Follow the review process covered above. Namely, change reviews should assess risks, business impacts, effects on the customer experience, disruptions to other services, resource needs, other changes that are in process, and other relevant information.
It is important to note that CAB meetings are only successful if they actually adhere to the ITIL process as outlined in one’s own organization. Failing to follow this process can result in inefficiencies or disruptions and, ultimately, undermine the very purpose of ITIL – to streamline IT service management (ITSM).
What Types of Changes Does the CAB Oversee?
Those familiar with ITIL’s change management process will recognize the three types of changes in this workflow:
- Standard changes. These are the least riskiest changes that occur as a normal part of business operations. They require no pre-authorization by the CAB.
- Normal changes. These are changes that must be reviewed by the CAB, according to the steps listed above.
- Emergency changes. Emergency changes are those that must be implemented immediately in order to avoid service disruptions. These are reviewed by the Emergency Change Advisory Board (ECAB), a smaller committee chosen from members of the CAB.
As with the other points covered above, it is important for all relevant parties to adhere to the ITIL framework in order for it to be useful.Though ITIL is complex – and many organizations may find it challenging to implement – it is well-structured and thorough. Those companies that apply it effectively can realize significant benefits, from improved employee productivity to reduced costs to lower organizational risk.