What is an emergency change advisory board (ECAB) and do you need one?
In this post, we cover the basics of the ECAB, as defined in the ITIL guidelines, including:
- What the ECAB is
- Why it matters
- How the ECAB differs from the CAB
To start off, however, let’s quickly summarize where the ECAB fits into ITIL:
The Emergency Change Advisory Board (ECAB) in 60 Seconds
To understand what the emergency change advisory board (ECAB) is, we need to first have some context.
Here is a recap of everything you need to know about ITIL, ITIL Change Management, and the ECAB:
ITIL, the Information Technology Infrastructure Library, outlines best practices for ITSM. ITIL is a well-known set of guidelines that describe how IT managers can better deliver IT services to stakeholders. This framework has gone through several iterations over the years, and, like most IT frameworks, continues to evolve and adopt more modern business ideas.
Change Management is a specific set of guidelines within ITIL. Within ITIL, the Service Transition category covers best practices related to shifting between IT services – that is, implementing new IT services, moving away from old ones, and minimizing service impacts. ITIL Change Management (not to be confused with organizational change management) is a specific set of procedures within that domain.
There are three categories of change in ITIL Change Management. These change types include: standard, normal, and emergency changes. Standard changes are minor changes that require no intervention from change management committees. Normal changes, such as product upgrades or product adoption, carry some level of risk and require oversight from the Change Advisory Board, or the CAB. Emergency changes, finally, are considered high-risk changes that must be implemented immediately or risk service disruptions.
ECAB is a committee that handles emergency changes. ECAB is a committee of appointed managers and IT leaders who are tasked with reviewing and authorizing emergency changes. This body, as discussed below, should be composed of high-level managers with the expertise and authority needed to make and deliver emergency IT service changes.
Now that we have some context, let’s dive a bit deeper into ECAB, emergency changes, and emergency change procedures.
Who Should Be In the Emergency Change Advisory Board?
The ECAB is made up of members from the CAB, which is the committee that oversees normal changes.
The composition of this committee can vary from organization to organization, but it will usually have a chairperson, the Change Owner, as well as other senior managers.
These can include:
- Network engineers
- IT security managers
- Service desk analysts
- Customer service managers
- Major incident managers
- Operations managers
These job roles also have specific duties within the ECAB.
- The change process owner defines and facilitates change process design and execution
- Change requesters submit Requests for Change (RFCs) to the appropriate committee
- Change approvers initially approve a request before submitting it to the change board
It is important to note that, although both normal and emergency changes follow ITIL Change Management process guidelines, there are differences in how they are handled.
How ECAB Processes Emergency Changes
Here are the steps that ECAB will follow when evaluating, authorizing, and implementing emergency changes:
First, ECAB will verify whether the change is actually an emergency. In some cases, the line between normal changes and emergency changes can blur. The first step that the ECAB must follow, therefore, is to assess the change request and classify it accordingly. If the change is deemed an emergency, it will be processed accordingly. If not, it will be reclassified and it will follow the normal change management process.
Second, the ECAB will gather the required information. In the event that the change is classified as an emergency, the change manager and owner will perform several tasks: log the change, assess the technical and functional requirements, compile this information, then convene an ECAB meeting.
Third, the ECAB will meet, evaluate the change, and execute the appropriate actions. The ECAB’s meeting will be determined by the severity of the change. In some cases, such as when incidents are causing immediate service disruptions, they may meet immediately. At this meeting, the ECAB members will decide on a course of action – usually involving building, scheduling, and executing the change.
Finally, the ECAB will review the change. Once the change has been deployed, the ECAB will review the change and assess whether or not it was successful. Actions during this stage can include approval of the change, rolling it back if it was unsuccessful, creating backup plans, logging the results, and completing and closing the change.
The successful implementation of emergency changes can have a significant impact on service delivery – and, in for organizations heavily reliant on IT, even business continuity.
Using ITIL to manage these changes can reduce the negative impacts of disruptions, simplify the change management process, and more. Any business that relies heavily on IT services, therefore, should implement processes such as those discussed here, even if they are not based upon ITIL itself.