Within quality management systems (QMS) and information technology (IT) systems, change control is a process—either formal or informal—used to ensure that changes to a product or system are introduced in a controlled and coordinated manner. It reduces the possibility that unnecessary changes will be introduced to a system without forethought, introducing faults into the system or undoing changes made by other users of software. The goals of a change control procedure usually include minimal disruption to services, reduction in back-out activities, and cost-effective utilization of resources involved in implementing change. According to the Project Management Institute, change control is a "process whereby modifications to documents, deliverables, or baselines associated with the project are identified, documented, approved, or rejected."

Change control is used in various industries, including in IT, software development, the medical device industry, and other engineering/manufacturing industries. For the IT and software industries, change control is a major aspect of the broader discipline of change management. Typical examples from the computer and network environments are patches to software products, installation of new operating systems, upgrades to network routing tables, or changes to the electrical power systems supporting such infrastructure.

The process

There is considerable overlap and confusion between change management, configuration management and change control. The definition below is not yet integrated with definitions of the others.

Change control can be described as a set of six steps:

  1. Plan / scope
  2. Assess / analyze
  3. Review / approval
  4. Build / test
  5. Implement
  6. Close

Plan / scope

Consider the primary and ancillary detail of the proposed change. This should include aspects such as identifying the change, its owner(s), how it will be communicated and executed, how success will be verified, the change's estimate of importance, its added value, its conformity to business and industry standards, and its target date for completion.

Assess / analyze

Impact and risk assessment is the next vital step. When executed, will the proposed plan cause something to go wrong? Will related systems be impacted by the proposed change? Even minor details should be considered during this phase. Afterwards, a risk category should ideally be assigned to the proposed change: high-, moderate-, or low-risk. High-risk change requires many additional steps such as management approval and stakeholder notification, whereas low-risk change may only require project manager approval and minimal documentation. Three primary tasks at this end phase include determining that the project is actually complete, evaluating "the project plan in the context of project completion", and providing tangible proof of project success. As a common practice, the activity is usually directed by one or more SOPs. From the information technology perspective for clinical trials, it has been guided by another U.S. Food and Drug Administration document.

See also

  • Change request
  • Change order
  • Engineering change order
  • Documentation
  • Identifier
  • Version control
  • Changelog
  • Living document
  • Specification (technical standard)
  • Standardization
  • Scope management

Citations

References