What is a change?

1. Project or change?

2. Matrix of Importance

2.1. Risk level

2.2. Severity

3. CAB Flow

3.1. Implementer

3.2. Approver

3.2.1. Discussions within Change

3.3. Line Manager

3.4. Change Manager

3.5. Reviewer

3.6. Owner

3.7. Business Buy In

3.8. Analysis; prior, during and after

4. Workflow

4.1. Stepped approvals

4.2. Ability to roll back or redo section of workflow

4.3. Reviewer reviews, Owner closes

5. Reviewer

5.1. Verifies Checklist completion

5.2. Runs vulnerability scan

6. Change to enviroment

6.1. Effects users

6.2. System improvements

7. Record keeping/CMDB

7.1. Adding to assets

7.1.1. Changing assets

7.1.1.1. CI Creation as part of commissioning (reverse for decommissioning)

7.2. Adding vendor

7.2.1. Adding contract

7.3. Recording services provided

8. Templates

8.1. Network

8.1.1. Stick to hardening document

8.2. Security

8.2.1. Firewall

8.2.2. Load Balancer

8.2.3. WAF

8.3. VMWare Hosts

8.4. Servers

8.4.1. Approved source

8.4.2. Disable unneeded services

8.4.3. Backup policy

8.4.4. Patch group

8.5. Appliances

8.6. Desktops

8.6.1. VDI Sources

8.6.1.1. File on source to append with changes

8.6.1.2. Identifier to AD in custom attribute field

8.6.1.3. Patch group

8.6.2. Physical

8.6.2.1. Patch group

8.7. Patches/Updates

8.8. Template for commissioning

8.8.1. Time servers

8.8.2. MFA

8.8.3. Asset management

8.8.4. Logging

8.9. Template for decommissioning

8.9.1. Asset managment

8.9.2. Backup of device if possible

8.10. Template for change to existing CI

9. Approver

9.1. Determines risk

9.2. Determines schedule

9.3. Assigns needed tasks

10. Canned changes

10.1. Majority of changes

10.1.1. Firewall IP changes

10.2. One ticket or many

10.3. Mass review process

10.4. Request instead of change control ticket

10.4.1. Report to review tickets for mass changes