Change Management Approach

Change Management Approach refers to how changes to systems — including code, infrastructure, and configurations — are assessed, approved, and deployed.
In high-performing DevOps organisations, change management is lightweight, decentralised, and integrated into team workflows to enable speed and safety without bureaucratic friction.

Level 1 – Initial (Ad Hoc)

Change management is reactive, manual, and often a bottleneck.
Changes may lack documentation, formal approval, or traceability.

  • Teams operate without structured change processes
  • Approvals are informal or based on individual judgment
  • Risk assessment is inconsistent or absent
  • Change failures are frequent and poorly managed
  • Change freezes or emergency patches are common

Level 2 – Managed (Emerging Practice)

Formal processes emerge, often centralised through change advisory boards (CABs).
These processes add consistency but also introduce delays and overhead.

  • Changes must go through a review board or central process
  • Documentation and scheduling are required for every change
  • Approvals are based on role or seniority rather than system knowledge
  • Teams follow the process but may see it as a blocker
  • Audit and compliance improve, but speed suffers

Level 3 – Defined (Standardised)

Change management is decentralised and embedded in delivery pipelines.
Low-risk changes can be deployed automatically with appropriate controls and accountability.

  • Peer reviews, automated testing, and CI/CD pipelines serve as approval mechanisms
  • High-risk changes are routed through appropriate escalation paths
  • Change risk is assessed based on impact, not policy alone
  • All changes are traceable, version-controlled, and auditable
  • Standard operating procedures exist for emergency and rollback handling

Level 4 – Quantitatively Managed (Measured & Controlled)

Change performance is measured and optimised based on risk, speed, and quality.
Policies are dynamic and informed by system data and delivery metrics.

  • Metrics include change failure rate, time to deploy, and approval latency
  • Low-risk changes are auto-approved and deployed frequently
  • High-risk changes are reviewed with data-informed controls
  • CABs (if they exist) focus on systemic risk, not routine changes
  • Continuous improvement cycles reduce risk over time

Level 5 – Optimising (Continuous Improvement)

Change management is a strategic enabler of speed and resilience.
The system self-regulates based on real-time signals, and learning from change outcomes drives systemic improvements.

  • Change policies adapt dynamically based on historical performance and system health
  • Teams use predictive risk models or machine learning to assess change impact
  • Post-deployment signals (e.g. error spikes, alert noise) feed back into risk models
  • Change management is invisible to teams unless intervention is needed
  • Rapid, safe change is a competitive advantage — not a governance burden