IT organisations are not usually known to be responsive and quick to adapt to changes.
If you have worked with ITIL, you are familiar with the concepts of Change Requests and Change Advisory Board.
This is a well proven process and function for traditional changes in IT where you have recurring updates and freeze periods. But it's not very well suited for smaller and quicker changes in the ways it’s implemented in many IT-organisations.
With V3 of the framework, the concept of Service Request was introduced into the process, but it’s not used so often. The thought is that if a change is well defined, is reoccurring and the risk is reasonable, you could have a fast lane and by-pass CAB instead of using the traditional method of a change request.
What would happen if we took the concept of service request one step further?
Imagine if we could have a huge majority of changes in the IT-landscape defined as Service Requests and implemented on a daily basis. Do you think this is possible or not?
Lets start with the risk part. If we could verify the changes better, the risk with the updates would be much lower. In order to work efficient, we need automated test during development and automated regression testing of the new version. If something fails, we should be able to roll-back very, very fast to minimize impact for end-users.
The changes should be small, and that works very well with the agile concept, but this have some implications for existing IT-systems. You can’t have to large and complex systems if you want this to work. This will neither be a good approach for replacing an old legacy system in a big bang. You need more autonomous systems that work together where you can replace or change services instead of legacy spagetti.
Finally, you need a well established way of working for doing small changes so you can do the same things over and over again.
If not, you will be stuck in a model where you more or less need a decision in CAB to buy a brand new computer. An approach that is neither fast or efficient in todays world. If the IT-organization isn’t prepared to change behavior, the business side will turn to someone else outside IT to solve their problems.