Your remote workers are a bit special, in a good way. Not just because they’re the useful sort, the sort that tippy-tap their keyboards to get their work done rather than playing Kill Things Now 3™ . They’re a bit special because they work in an environment that’s prone to IT security vulnerabilities and productivity glitches. That is, unless you’ve a controlled and structured approach to IT change management locked down.
Here’s a superquick guide to an IT change management policy for your remote workforce to keep them effective and frustration-free.
Why Is Remote Working Especially Vulnerable?
Remote working cries out for an IT change management policy because it’s splattered with unique challenges that can be more risky than standard vanilla-flavor office working. Check out these horrors:
Remote Working Without A Decent IT Change Management Policy
Risk | The Horror In More Detail |
Security Vulnerabilities | Lack of standardization and testing for changes can weaken security controls or introduce new risks. |
More Downtime | Lack of communication or “out of sight, out of mind” mentality can cause unplanned disruptions and reduced productivity. |
Shadow IT | Remote worker frustrations at IT resources available may increase the use of unauthorized apps. Who’s gonna know? |
Audit & Compliance Difficulties | Undocumented MDM changes make audit trails tangled and the ability to evidence compliance difficult. |
Inconsistent Remote Setups | Lack of standardization and change management processes can create a mish-mash of remote setups, which leads to incompatibility and more time spent troubleshooting. |
Wait Up, I’m Bored With Policies. I Don’t Need An IT Change Management Policy
Yes you do, buddy, and here’s why. We already know that good policies make everything better. An IT change management policy brings a level of control and structure to your IT ecosystem that ensures that any changes made are authorized and carried out in a planned, sensible manner. Here’s why we like IT change management policies:
IT Change Management Policy: What’s In The Box?
Now you’re all up in change management policy, let’s hit you with the Big 6 Things You Need To Address In Your Policy:
1. What’s The Point Of It All?
First off, draw up a policy statement that outlines the whole point of your IT change management policy. Clarify:
- The purpose, objectives, and scope of your policy.
- How change management supports your IT governance and strategic objectives and feeds into other policies, e.g., your mobile device security policy. (You got one, right?)
- Overarching rules, e.g., “A change will not go live unless tested and signed off by our testing person, whoever they are.”
- What success looks like. Find a baseline of how changes are made pre-policy, and measure the success (or not) of changes made once your policy is deployed. Think through some meaningful key performance indicators (KPIs) as you put your policy into action and measure outcomes over time.
IT Change Management: KPIs
- No. of change-related incidents
- Change success rate
- Change implementation time
- Reduction in service disruptions in time/number
- No. of emergency changes
- Remote worker satisfaction: is your policy making life better for them?
2. Who Does What
Here’s where you’ll outline the stakeholders, technical experts, people, and teams involved in the change process, which, yes, means pretty much everyone in your organization plus your customers, suppliers, and cybersecurity regulatory bodies and their auditors.
You’ll also identify responsibilities and accountabilities for the change management process and review. You might not name names, but you’ll certainly name roles.
- The CIO will have overall responsibility and accountability for the policy.
- The IT MDM lead will oversee day-to-day change operations for remote workers.
- Team leads will communicate planned downtime at least three days prior.
3. Change Management Process
Here’s where you’ll define how change happens and the timeline and communication channel for each process step. Your change management process should include:
- How changes are requested, reviewed, and approved.
- How changes are prioritized: changes may be routine, part of a major release, or a vital part of a business transformation process.
- How changes are implemented, and who implements them.
- What change documentation is required at each step, e.g., request forms, change impact assessments, and testing documentation.
4. Change Reviewing
Decide what to consider when you’re reviewing a requested change. Who’ll be involved in the change, and what will be the impact of the change? You’ll look at the levels of risk of not implementing the change, its technical feasibility, and how the change might affect security and compliance.
5. Change Implementation Planning
Here’s where you’ll consider the factors required for a smooth, foul-up-free change implementation process. You’ll go into detail about who does what by when, and you’ll also focus on how you’ll manage testing – because you’re not gonna stick a change in without making sure it doesn’t explode the system and leave your remote workers in a blackout.
6. Making Things Better
A policy’s not a policy without an element of continuous improvement, and here’s where you’ll put in place ways of gathering feedback and lessons learned in order to improve the change management process for next time. This information should loop into your review process so the reviewers can understand the whole picture.
But I Already Have An IT Change Management Policy
Good for you, buddy! You’re 81.8% of the way there. The principles are pretty much the same for remote workers as for any worker, but there are particular vulnerabilities for remote working to consider, for instance, when making changes to your mobile device management systems. Even small things, like enforcing OS updates, need correct management, and more significant things, like integrating a new MDM solution with existing IT infrastructure, can be a horror-filled minefield of security risks and productivity problems if not handled properly. Cheer up because that’s what your IT change management policy is for. Sorted!
Ignition is Silicon Valley’s best (and friendliest) IT security, compliance, and support team. Contact us now – chatting about IT support and cybersecurity is our favorite thing to do!