Editing Change control

{{Short description|Process ensuring that changes to a product or system are controlled}}
{{Distinguish|version control}}
Within [[quality management system]]s (QMS) and [[information technology]] (IT) systems, '''change control''' is a process—either formal or informal<ref name="HallManaging07">{{cite book |url=https://books.google.com/books?id=-40jULoIh0MC&pg=PA318 |title=Managing the Software Enterprise: Software Engineering and Information Systems in Context |author1=Hall, P.A.V. |author2=Ramil, J.C.F.  |publisher=Cengage Learning |pages=318–325 |year=2007 |isbn=9781844803545 |access-date=20 May 2018}}</ref>—used to ensure that changes to a product or system are introduced in a controlled and coordinated manner. It reduces the possibility that unnecessary changes will be introduced to a system without forethought, introducing faults into the system or undoing changes made by other users of software. The goals of a change control procedure usually include minimal disruption to services, reduction in back-out activities, and cost-effective utilization of resources involved in implementing change. According to the [[Project Management Institute|<u>Project Management Institute</u>]], change control is a "process whereby modifications to documents, deliverables, or baselines associated with the project are identified, documented, approved, or rejected."{{sfn|Project Management Institute|2021|loc=Glossary §3 Definitions}}

Change control is used in various industries, including in IT,<ref name="Matteson10Essen17">{{cite web |url=https://www.techrepublic.com/article/10-essential-elements-of-change-control-management/ |title=10 essential elements of change control management |author=Matteson, S. |work=TechRepublic |publisher=CBS Interactive, Inc |date=7 July 2017 |access-date=20 May 2018}}</ref> software development,<ref name="HallManaging07" /> the pharmaceutical industry,<ref name="TurnerPharm03">{{cite book |title=Pharmaceutical Engineering Change Control |author=Turner, S.G. |date=15 December 2003 |publisher=Taylor & Francis |pages=[https://archive.org/details/pharmaceuticalen00simo/page/200 200] |isbn=9780849320613 |url-access=registration |url=https://archive.org/details/pharmaceuticalen00simo/page/200 }}</ref> the medical device industry,<ref name="TeixeiraDesign13">{{cite book |title=Design Controls for the Medical Device Industry |author=Teixeira, M.B. |publisher=CRC Press |edition=2nd |pages=205 |year=2013 |isbn=9781466503557}}</ref> and other engineering/manufacturing industries.<ref name="MonahanEngineer95">{{cite book |title=Engineering Documentation Control Practices & Procedures |author=Monahanm E. |publisher=CRC Press |pages=280 |year=1995 |isbn=9780824795740}}</ref> For the IT and software industries, change control is a major aspect of the broader discipline of change management. Typical examples from the [[computer]] and [[computer network|network]] environments are patches to software products, installation of new [[operating system]]s, upgrades to network [[routing]] tables, or changes to the [[electric power|electrical power]] systems supporting such [[infrastructure]].<ref name="HallManaging07" /><ref name="Matteson10Essen17" />

Certain portions of [[ITIL]] cover change control.<ref name="HerzigImplement13">{{cite book |url=https://books.google.com/books?id=uUowBQAAQBAJ&pg=PA204 |title=Implementing Information Security in Healthcare: Building a Security Program |author1=Herzig, T.W. |author2=Walsh, T. |author3=Gallagher, L.A.  |publisher=Healthcare Information and Management Systems Society |pages=204–205 |year=2013 |isbn=9781938904356 |access-date=20 May 2018}}</ref>

== The process ==
There is considerable overlap and confusion between [[change management]], [[configuration management]] and change control. The definition below is not yet integrated with definitions of the others.

Change control can be described as a set of six steps:

# Plan / scope
# Assess / analyze
# Review / approval
# Build / test
# Implement
# Close

===Plan / scope===
Consider the primary and ancillary detail of the proposed change. This should include aspects such as identifying the change, its owner(s), how it will be communicated and executed,{{sfn|Project Management Institute|2021|loc=§4.6.3 Meetings and Events}} how success will be verified, the change's estimate of importance, its added value, its conformity to business and industry standards, and its target date for completion.<ref name="Matteson10Essen17" /><ref name="TaylorProject08">{{cite book |url=https://books.google.com/books?id=AnAeKKFGhTwC&pg=PA192 |title=Project Scheduling and Cost Control: Planning, Monitoring and Controlling the Baseline |author=Taylor, J. |publisher=J. Ross Publishing |pages=192–203 |year=2008 |isbn=9781932159110 |access-date=20 May 2018}}</ref><ref name="BerkeleyChange">{{cite web |url=http://vcaf.berkeley.edu/sites/default/files/change_control_process_aa.pdf |title=Change Control Process |author=Operational Excellence Program Office |publisher=University of California Berkeley |access-date=20 May 2018}}</ref>

===Assess / analyze===
Impact and risk assessment is the next vital step. When executed, will the proposed plan cause something to go wrong? Will related systems be impacted by the proposed change? Even minor details should be considered during this phase. Afterwards, a risk category should ideally be assigned to the proposed change: high-, moderate-, or low-risk. High-risk change requires many additional steps such as management approval and stakeholder notification, whereas low-risk change may only require project manager approval and minimal documentation.<ref name="Matteson10Essen17" /><ref name="TaylorProject08" /><ref name="BerkeleyChange" /> If not addressed in the plan/scope, the desire for a backout plan should be expressed, particularly for high-risk changes that have significant worst-case scenarios.<ref name="Matteson10Essen17" />

===Review / approval===
Whether it's a change controller, [[change control board]], steering committee, or project manager, a review and approval process is typically required.{{sfn|Project Management Institute|2021|loc=§4.4.3 Meetings and Events}} The plan/scope and impact/risk assessments are considered in the context of business goals, requirements, and resources. If, for example, the change request is deemed to address a low severity, low impact issue that requires significant resources to correct, the request may be made low priority or shelved altogether. In cases where a high-impact change is requested but without a strong plan, the review/approval entity may request a full [[business case]] may be requested for further analysis.<ref name="HallManaging07" /><ref name="Matteson10Essen17" /><ref name="TaylorProject08" /><ref name="BerkeleyChange" />

===Build / test===
If the change control request is approved to move forward, the delivery team will execute the solution through a small-scale development process in test or development environments. This allows the delivery team an opportunity to design and make incremental changes, with [[Unit testing|unit]] and/or [[regression testing]].<ref name="HallManaging07" /><ref name="Matteson10Essen17" /><ref name="TaylorProject08" /> Little in the way of testing and validation may occur for low-risk changes, though major changes will require significant testing before implementation.<ref name="TaylorProject08" /> They will then seek approval and request a time and date to carry out the implementation phase. In rare cases where the solution can't be tested, special consideration should be made towards the change/implementation window.<ref name="Matteson10Essen17" />

===Implement===
In most cases a special implementation team with the technical expertise to quickly move a change along is used to implement the change. The team should also be implementing the change not only according to the approved plan but also according to organizational standards, industry standards, and quality management standards.<ref name="TaylorProject08" /> The implementation process may also require additional staff responsibilities outside the implementation team, including stakeholders{{sfn|Project Management Institute|2021|loc=§4.4.3 Meetings and Events}} who may be asked to assist with troubleshooting.<ref name="Matteson10Essen17" /> Following implementation, the team may also carry out a post-implementation review, which would take place at another stakeholder meeting or during project closing procedures.<ref name="HallManaging07" /><ref name="TaylorProject08" />

===Close===
The closing process can be one of the more difficult and important phases of change control.<ref name="TaylorProject08-2">{{cite book |chapter-url=https://books.google.com/books?id=AnAeKKFGhTwC&pg=PA215 |chapter=Chapter 11: Successfully Closing the Project |title=Project Scheduling and Cost Control: Planning, Monitoring and Controlling the Baseline |author=Taylor, J. |publisher=J. Ross Publishing |pages=215–225 |year=2008 |isbn=9781932159110 |access-date=20 May 2018}}</ref> Three primary tasks at this end phase include determining that the project is actually complete, evaluating "the project plan in the context of project completion," and providing tangible proof of project success.<ref name="TaylorProject08-2" /> If despite best efforts something went wrong during the change control process, a post-mortem on what happened will need to be run, with the intent of applying lessons learned to future changes.<ref name="Matteson10Essen17" />

== Regulatory environment ==
In a [[good manufacturing practice]] regulated industry, the topic is frequently encountered by its users.  Various industrial guidances and commentaries are available for people to comprehend this concept.<ref name=giqs>{{cite web
  | last =  
  | first = 
  | title = Guidance for Industry: Quality Systems Approach to Pharmaceutical CGMP Regulations
  | publisher = [[Food and Drug Administration (United States)|U.S. Food and Drug Administration]]
  | date = September 2006
  | url = https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM070337.pdf
  | archive-url = https://web.archive.org/web/20090709193336/http://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM070337.pdf
  | url-status = dead
  | archive-date = July 9, 2009
  | doi = 
  | access-date = 12 July 2009
  }}</ref><ref name=cccr>{{cite web
 |last       = Infusion
 |title      = Challenges of Change Control in a Regulated Industry
 |publisher  = 
 |date       = 
 |url        = http://www.infinityqs.com/asset-library/articles/ChangeControlChallenges.pdf
 |format     = 
 |doi        = 
 |access-date = 28 April 2009
}}{{Dead link|date=November 2018 |bot=InternetArchiveBot |fix-attempted=yes }}</ref><ref name=gmpg>{{cite web
  | last = ICH
  | author-link = International Conference on Harmonisation of Technical Requirements for Registration of Pharmaceuticals for Human Use
  | title = Q7: Good Manufacturing Practice Guide for Active Pharmaceutical Ingredients
  | publisher = 
  | date = 
  | url = http://www.ich.org/fileadmin/Public_Web_Site/ICH_Products/Guidelines/Quality/Q7/Step4/Q7_Guideline.pdf
  | format =
  | doi =
  | access-date = 20 April 2011
  }}</ref>  As a common practice, the activity is usually directed by one or more [[Standard operating procedure|SOP]]s.<ref name=ccss>{{cite web
  | last = GMP Online Consultancy 
  | title = Change control system: Standard Operating Procedure
  | publisher = 
  | date = 
  | url = http://www.gmp-online-consultancy.com/e/html/301_direct_order/210_standard-operation-procedures_detail.php?docIndex=60
  | format =
  | doi =
  | access-date = 28 April 2009
  }}</ref> From the [[information technology]] perspective for [[clinical trial]]s, it has been guided by another U.S. [[Food and Drug Administration]] document.<ref name=gics>{{cite web
  | last =  
  | first = 
  | title = Guidance for Industry - COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS
  | publisher = [[Food and Drug Administration (United States)|U.S. Food and Drug Administration]]
  | date = April 1999
  | url = https://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/fda-bioresearch-monitoring-information/guidance-industry-computerized-systems-used-clinical-trials
  | doi =
  | access-date = 13 May 2021
  }}</ref>

== See also ==
* [[Change request]]
* [[Change order]]
* [[Engineering change order]]
* [[Documentation]]
* [[Identifier]]
* [[Version control]]
* [[Changelog]]
* [[Living document]]
* [[Specification (technical standard)]]
* [[Standardization]]
* [[Scope (project management)|Scope management]]

==Citations==
{{Reflist}}

==References==
*{{Cite book|last=Project Management Institute|title=A guide to the project management body of knowledge (PMBOK guide)|date=2021|others=Project Management Institute|isbn=978-1-62825-664-2
|edition=7th|location=Newtown Square, PA}}

{{Authority control}}

[[Category:Information technology management]]
[[Category:Project management]]
[[Category:Software project management]]