| The ITIL Change Management process is used to | | | | often not enough time to convene a normal and larger |
| manage a Change through its entire lifecycle. A | | | | scale CAB meeting. |
| Change is defined as the addition, modification or | | | | So, who authorises change? ITIL defines the role of |
| removal of anything that could have an effect on IT | | | | Change Authority that, as the name stated, authorises |
| Services. The scope should include items such as IT | | | | change. This is a role that may be given to a person |
| services, components that is used to support or deliver | | | | (e.g. Change Manager, department manager) or a |
| the services, processes and documentation. | | | | group of people (e.g. CAB or ECAB). The levels of |
| Those new to ITIL will often think that the role of the | | | | authorization for a particular type of change should be |
| CAB is to authorise the major or significant change. | | | | determined by the type, size or risk. A major or |
| Well, yes and no. | | | | significant change in a large enterprise that affects |
| The Change Advisory Board (CAB) is a concept | | | | several distributed sites may need to be authorized by |
| defined in ITIL V2 and V3's Change Management | | | | a higher-level authority such as the Board of Directors. |
| process and is a body that exists to support the | | | | A lesser one with limited scope and impact to the |
| authorization of change and to assist Change | | | | business or IT infrastructure may be authorised by a |
| Management in the assessment and prioritization of | | | | person. A simple, low risk change may even be |
| change. The CAB is usually consulted for significant | | | | pre-approved or pre-authorised. |
| change that have a broad or major impact to the | | | | Figure 4.5 in the ITIL V3 Service Transition book is |
| organisation. The CAB may be asked to consider and | | | | misleading when taken out of context and often leads |
| recommend the adoption or rejection of change | | | | a reader to wrongly believe that the CAB or ECAB's |
| appropriate for higher level authorization and then | | | | role is to authorise Change. That figure only shows an |
| recommendations will be submitted to the appropriate | | | | example where the CAB or ECAB is given the role as |
| Change Authority. | | | | a Change Authority. |
| Similar in concept to the CAB is the Emergency | | | | In summary, a CAB or ECAB's main role is an |
| Change Advisory Board (ECAB). This is done as part | | | | advisory one, which is to support and assist the |
| of the Emergency Change procedure which is used to | | | | Change Authority in making to decision as to whether |
| process a change request related to fixing an error in | | | | a request for change should be approved or rejected. |
| the IT infrastructure that has major impact to the | | | | The CAB or ECAB does not authorise a Change |
| business if it is not fixed quickly, hence the Emergency | | | | unless they are specifically given the role as a Change |
| Change. An ECAB is necessarily formed since there is | | | | Authority as well. |