Which is the best example of an emergency change ITIL

Everything in IT Service Management is a change, and the goal of Change Management is to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes. This is in order to minimize the impact of change-related incidents on service quality, and consequently, to improve the day-to-day operations of the organization. But, there is one type of change that requires swift reaction and prompt implementation with little or no time for in-depth impact analysis or testing: the Emergency Change.

Before we continue, you can find a lot of information regarding Change Management (in order to familiarize yourself with Change Management, you can start with the following article: ITIL V3 Change Management – at the heart of Service Management).

What is an Emergency Change?

Every business is application driven, which leaves businesses vulnerable to a wide array of security and security-related risks. One of the most popular and dangerous risks is called “0-day exploit” (zero-day exploit). A zero-day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it – this exploit is called a zero-day attack.

Even when a fix becomes available (and even more people become aware of the exploit), not all IT organizations implement the fix right away, leaving enough time for malicious people or software to actually try to break into systems that haven’t been patched.

Implementing such high-risk security patches is the most common example of an Emergency Change – a change that must be implemented as soon as possible, for example to resolve a major incident or implement a security patch.

Organizing the Emergency Change process

Due to the nature of the Emergency Changes, it’s clear that there is no time to wait for a formal Change Advisory Board (CAB) meeting, nor is it possible to even attempt to organize an impromptu meeting. However, Emergency Changes should not be handled outside of Change Management. According to ITIL, the Emergency Change process should still retain a high level of authorization and control, but those processes can be looser than those for a normal change. The number of Emergency Changes should be kept to an absolute minimum, with every Emergency Change being reevaluated after implementation to determine whether it was actually an Emergency Change, and if not, how to prevent such changes from being processed as Emergency Changes in the future.

A Normal Change relies heavily on changes being tested prior to deployment, and the decision on whether to allow deployment into the live environment will be based on test results. In the case of Emergency Changes, it is still strongly recommended to perform at least basic testing prior to deployment, as untested changes may cause even more damage than the risk we were trying to prevent! At the end of the day, it all comes down to numbers; is the potential damage caused by an untested emergency change (e.g., a patch) smaller or greater than the damage currently caused by the identified risk (e.g., a security breach)? If it’s smaller, then the Change Manager has a good argument to allow such change.

Roles in the Emergency Change process

In order to define roles specific to Emergency Change, first we have to look at who is doing what in the case of Normal or Emergency Change:

• Change Manager – primarily responsible for the lifecycle of all changes, allowing beneficial changes to be made with minimal or no disruptions to the service. For Emergency Changes, the Change Manager is responsible for forming the ECAB in order to discuss the proposed Emergency Change, and to decide whether it should be implemented as such, or if it can be re-categorized as a Normal Change. The Change Manager has to ensure that all necessary preparations are made before change implementation.
• Change Advisory Board (CAB) – advisory group consisting of representatives from all areas within the IT organization, business, and third parties with the goal of aiding the Change Manager in change assessment, prioritization, and scheduling. The CAB is not impacted by Emergency Changes, other than the fact that some members may also be a part of the ECAB.
• Emergency Change Advisory Board (ECAB) – specific type of CAB, responsible for making decisions regarding Emergency Changes. ECAB membership may be decided at the ECAB meeting and depends on the Emergency Change nature. The Change Manager can appoint anyone who may help with knowledge, experience, and expertise to the ECAB.
• Others – e.g., Configuration Manager, Application Analyst, Technical Analyst or others as appropriate for any given situation.
• IT operator – person(s) who are responsible for operating the underlining technology of a system (e.g., networking, storage, operating system, etc.). During an Emergency Change, the IT operator may be involved, depending on his/her technical skills, for Emergency Change testing, implementation, and performing the back-out plan if implementation fails.
• Change Requester – person who triggered the Change Management process.

Conclusion

In my personal experience, Emergency Change management often falls into the trap of being a quick way of implementing changes without the “bureaucracy” and hassle present in the normal change process.  This may be an indicator that the normal change process requires some revision.  Personally, I’ve seen cases in which changes on systems considered vital (ERP, E-mail, web, file share, printing, and the list goes on until you realize everything is considered vital) were not implemented unless approved by top-level management. IT found a “workaround” and started to implement changes on those systems as Emergency Changes, because no one from top-level management was part of the ECAB.

Emergency Change exists only to address the needs of the organization when normal Change Management can’t be followed, generally due to time constraints and risks involved. There is no magic wand that will solve all of the specifics, and each organization should find the solution that fits best into their own operational model; prompt and efficient handling of all changes will serve to minimize the impact of change-related incidents on service quality.

Use our free ITIL Gap Analysis Tool to check how your activities comply with ITIL recommendations for Change Management.

Options are :

• Supplier management
• Problem management
• Incident management
• Deployment management

Answer : Incident management

Options are :

• Focus on value
• Optimize and automate
• Progress iteratively with feedback
• Keep it simple and practical

Options are :

• Focus on value
• Collaborate and promote visibility
• Progress iteratively with feedback
• Start where you are

Answer : Start where you are

Options are :

• A low-risk computer upgrade implemented as a service request
• The implementation of a security patch to a critical software application
• The implementation of a planned new release of a software application
• A scheduled major hardware and software implementation

Answer : The implementation of a security patch to a critical software application

Options are :

• 'focus on value' guiding principle
• 'service request management' practice
• service value system
• four dimensions of service management

Answer : service value system

Options are :

• By using a combination of practices
• By using a single functional team
• By implementing process automation
• By determining service demand

Answer : By using a combination of practices

Options are :

• To minimize the negative impact of incidents by restoring normal service operation as quickly as possible
• To protect the information needed by the organization to conduct its business
• To ensure that accurate and reliable information about the configuration of services is available when and where it is needed
• To systematically observe services and service components, and record and report selected changes of state

Answer : To systematically observe services and service components, and record and report selected changes of state

Options are :

• outputs
• costs
• risks
• outcomes

Options are :

• 3 and 4
• 2 and 3
• 1 and 4
• 1 and 2

Options are :

• To help identify problems
• To ensure effective handling of service requests
• To escalate incidents to the correct support team
• To engage the correct change authority

Answer : To help identify problems

Options are :

• The guiding principles
• The service value chain
• The four dimensions of service management
• Practices

Answer : The guiding principles

Options are :

Options are :

• Known errors are managed by technical staff, problems are managed by service management staff
• Known errors cause vulnerabilities, problems cause incidents
• Known error is the status assigned to a problem after it has been analysed
• A known error is the cause of one or more problems

Answer : Known error is the status assigned to a problem after it has been analysed

Options are :

• Relationship management
• Release management
• IT asset management
• Service desk

Answer : IT asset management

Options are :

• analysed
• closed
• escalated
• logged

Options are :

• Service offering
• Service provision
• Service relationship management
• Service consumption

Answer : Service relationship management

Options are :

• Start where you are
• Progress iteratively with feedback
• Optimize and automate
• Focus on value

Answer : Progress iteratively with feedback

Options are :

• Engage
• Plan
• Obtain/build
• Improve

Options are :

• Processes and procedures
• Compliments and complaints
• Self-service tools
• Incident management

Answer : Processes and procedures

Options are :

• Service desk
• Service request management
• Service configuration management
• Service level management

Answer : Service level management

Options are :

• Service desk
• Service configuration management
• Monitoring and event management
• IT asset management

Answer : Service configuration management

Options are :

• Ensure suppliers include details of their approach to service improvement in contracts
• Ensure that all supplier problem management activities result in improvements
• Require evidence that the supplier implements all improvements using project management practices
• Require evidence that the supplier uses agile development methods

Answer : Ensure suppliers include details of their approach to service improvement in contracts

Options are :

• Service request management
• Service level management
• Incident management
• IT asset management

Answer : Incident management

Options are :

• An addition or modification that could have an effect on services
• Any change of state that has significance for the management of a configuration item
• A cause or potential cause of one or more incidents
• An unplanned reduction in the quality of a service

Answer : A cause or potential cause of one or more incidents

Options are :

• An emergency change
• A standard change
• A normal change
• An application change

Answer : A standard change

Options are :

• Incident management
• Service request management
• Change control
• Problem management

Answer : Service request management

Options are :

• Contracts and agreements
• Level of formality
• Type of cooperation with suppliers
• Corporate culture of the organization

Answer : Corporate culture of the organization

Options are :

• A practice
• An output
• Continual improvement
• A service

Options are :

• It should be diagnosed to identify possible solutions
• It should have a workaround to reduce the impact
• It should be resolved so that it can be closed
• It should be prioritized based on its potential impact and probability

Answer : It should be prioritized based on its potential impact and probability

Options are :

• An up-to-date balanced scorecard
• Details of how services are measured
• A recent maturity assessment
• Accurate and carefully analysed data

Answer : Accurate and carefully analysed data

Options are :

• A mobile phone enables a user to work remotely
• A password allows a user connect to a WiFi network
• A license allows a user to install a software product
• A service desk agent provides support to a user (Correct)

Answer :A service desk agent provides support to a user

Options are :

• Changes included in the change schedule are pre-authorized and do not need additional authorization
• Normal changes should be assessed and authorized before they are deployed (Correct)
• Emergency changes should be authorized by as many people as possible to reduce risk
• Normal changes are typically implemented as service requests and authorized by the service desk

Answer :Normal changes should be assessed and authorized before they are deployed

Options are :

• It uses prescriptive inputs and outputs
• It is a value chain activity
• It integrates practices for a specific scenario (Correct)
• It is used to provide governance

Answer :It integrates practices for a specific scenario

Options are :

• They consist of several outcomes
• They capture customer demand for services
• They contribute to the achievement of outcomes (Correct)
• They describe how the service performs

Answer :They contribute to the achievement of outcomes

Options are :

• The number of passengers checked in (Correct)
• The average time to respond to change requests
• The average resolution time for incidents
• The number of problems resolved

Answer :The number of passengers checked in

Options are :

• The service value system (Correct)
• The 'deliver and support' value chain activity
• The 'focus on value' guiding principle
• The 'value stream and processes' dimension

Answer :The service value system

Options are :

• Service request management
• Service level management (Correct)
• Service desk
• Incident management

Answer :Service level management

Options are :

• An unplanned interruption to a service, or reduction in the quality of a service
• A cause, or potential cause, of one or more incidents (Correct)
• An incident for which a full resolution is not yet available
• Any change of state that has significance for the management of a configuration item (CI)

Answer :A cause, or potential cause, of one or more incidents

Options are :

• Incident management
• Continual improvement
• Service desk (Correct)
• Relationship management

Answer :Service desk

Options are :

• The functionality offered by a service to meet a particular need (Correct)
• Assurance that a service will meet agreed requirements
• The amount of money spent on a specific activity or resource
• The perceived benefits, usefulness and importance of something

Answer :The functionality offered by a service to meet a particular need

Options are :

• Incident management (Correct)
• Problem management
• Change enablement
• Service desk

Answer :Incident management

Options are :

• By using all the guiding principles equally when making any decision
• By using the one or two guiding principles that are most relevant to the specific decision
• By using the 'focus on value' principle and one or two others that are relevant to the specific decision
• By reviewing each guiding principle to decide how relevant it is to the specific decision (Correct)

Answer :By reviewing each guiding principle to decide how relevant it is to the specific decision

Options are :

• Collaborate and promote visibility (Correct)
• Start where you are
• Focus on value
• Keep it simple and practical

Answer :Collaborate and promote visibility

Options are :

• Service desk (Correct)
• Change enablement
• Service level management
• Supplier management

Answer :Service desk

Options are :

• Information security management (Correct)
• Continual improvement
• Monitoring and event management
• Service level management

Answer :Information security management

Options are :

• Start where you are
• Optimize and automate
• Keep it simple
• Focus on value (Correct)

Answer :Focus on value

Options are :

• Check that the activity has already been optimized (Correct)
• Check that suitable new technology has been purchased
• Ensure that DevOps has been successfully implemented
• Ensure the solution removes the need for human intervention

Answer :Check that the activity has already been optimized

Options are :

• Complex service requests should be dealt with as normal changes
• Service requests that require simple workflows should be dealt with as incidents
• Service requests require workflows that should use manual procedures and avoid automation
• Service requests are usually formalized using standard procedures for initiation, approval and fulfillment (Correct)

Answer :Service requests are usually formalized using standard procedures for initiation, approval and fulfillment

Options are :

• The amount of money the customer pays for using the service
• The financial return the customer gets from using the service
• The outcomes the customer receives by using the service
• The customer's perception of the benefits of using the service (Correct)

Answer :The customer's perception of the benefits of using the service

Options are :

• Release management
• Deployment management (Correct)
• Change enablement
• Supplier management

Answer :Deployment management

Options are :

• Highest levels of the organization (Correct)
• Society
• Service manager
• All members of society

Answer :Highest levels of the organization

Options are :

• User
• Sponsor
• Customer (Correct)
• Service provider

Answer :Customer

Options are :

• Relationships with all key stakeholders are understood and managed. (Correct)
• Suppliers and investors are known form the start of the service
• Government regulation are added as requirements
• Users define requirements

Answer :Relationships with all key stakeholders are understood and managed.

Options are :

• One or more of its services
• One or more of its products (Correct)
• One or more of its suppliers
• One or more of its customers

Answer :One or more of its products

Options are :

• 1 and 2 only
• 1 and 3 only
• 1 and 4 only
• All of the above (Correct)

Answer :All of the above

Options are :

• Cost and risk (Correct)
• Cost and time
• Cost and technology
• Cost and products

Answer :Cost and risk

Options are :

• Need for a stakeholder
• Set of related services
• Result for a stakeholder enabled by one or more outputs (Correct)
• Result for a service provider enabled by one or more products

Answer :Result for a stakeholder enabled by one or more outputs

Options are :

• Service gifts
• Service offerings (Correct)
• Products
• Resources

Answer :Service offerings

Options are :

• 1, 2 and 3 (Correct)
• 1 and 4 only
• 3 and 4 only
• All of the above

Answer :1, 2 and 3

Options are :

• Supplier
• Service provider
• Stakeholder
• Consumer (Correct)

Answer :Consumer

Options are :

• Government regulations
• Agreement (Correct)
• Service provider requirements
• Method of delivery

Answer :Agreement

Options are :

• Goods
• Access to resources (Correct)
• Service actions
• Technology

Answer :Access to resources

Options are :

• Service offering
• Service technology
• Service relationship (Correct)
• Service meeting

Answer :Service relationship

Options are :

• Outcome
• Output (Correct)
• Deliverable
• Scope

Answer :Output

Options are :

• Costs removed and cost imposed by the service (Correct)
• Risk cost and product cost
• Risk cost and cost removed
• Cost imposed and risk cost

Answer :Costs removed and cost imposed by the service

Options are :

• Service failure
• Risk (Correct)
• Service loss
• Service risk

Answer :Risk

Options are :

• Warranty
• Service function
• Service performance
• Utility (Correct)

Answer :Utility

Options are :

• Relationship management practice (Correct)
• Stakeholder Management
• Conflict management
• Problem management

Answer :Relationship management practice

Options are :

• Prevention
• Detection
• Correction (Correct)
• Users

Answer :Correction

Options are :

• Service
• Utility
• Warranty (Correct)
• Usage

Answer :Warranty

Options are :

• Confidentiality
• Integrity
• Non-repudiation (Correct)
• Availability

Answer :Non-repudiation

Options are :

• Information and technology
• People
• Processes
• Resources (Correct)

Answer :Resources

Options are :

• Cost of service being too high
• Risk not being removed
• Failing to address all four dimensions properly (Correct)
• Service introducing new risk

Answer :Failing to address all four dimensions properly

Options are :

• Their contribution towards creating value (Correct)
• Their authority levels
• Their skillset and abilities
• Their work schedules

Answer :Their contribution towards creating value

Options are :

• 1, 2 and 3
• 1 and 2 only (Correct)
• 1 and 3 only
• None of the above

Answer :1 and 2 only

Options are :

• Service requirement
• Service goal
• Service achievement
• Service level (Correct)

Answer :Service level

Options are :

• Phased deployment
• Continuous delivery
• Big bang deployment (Correct)
• Pull deployment

Answer :Big bang deployment

Options are :

• Service Asset
• Product Asset
• User Asset
• IT Asset (Correct)

Answer :IT Asset

Options are :

• Users
• Senior level management (Correct)
• IT Workers
• Regulators

Answer :Senior level management

Options are :

• Service
• Utility (Correct)
• Warranty
• Usage

Answer :Utility

Options are :

• Change the service
• Detection of the security of incident (Correct)
• Correction of the security of incident
• Changes in user training

Answer :Detection of the security of incident

Options are :

• IT Assets
• Behavior of people (Correct)
• Software used throughout the organization
• Skills of IT workers

Answer :Behavior of people

Options are :

• Confidentiality
• Integrity
• Non-repudiation
• Authentication (Correct)

Answer :Authentication

Options are :

• Warranty (Correct)
• Service function
• Service performance
• Utility

Answer :Warranty

Options are :

• Information security management (Correct)
• Asset security management
• User security management
• Problem management

Answer :Information security management

Options are :

• 1, 2, and 3 (Correct)
• 1 and 2 only
• 2 and 3 only
• 1 and 3 only

Answer :1, 2, and 3

Options are :

• Offering
• Capability (Correct)
• Skills
• Competence

Answer :Capability

Options are :

• Resources
• Information and technology
• One or more services based on one or more products. (Correct)
• One or more configuration based on one or more technology

Answer :One or more services based on one or more products.

Options are :

• Change strategy
• Change method
• Change model (Correct)
• Change types

Answer :Change model

Options are :

• Confidentiality (Correct)
• Entitled
• Availability
• Authentication

Answer :Confidentiality

Options are :

• IT-enabled (Correct)
• Cloud enabled
• Security enabled
• Service desk enabled

Answer :IT-enabled

Options are :

• Service value system and service desk
• Service value system and four dimensions model (Correct)
• Four dimensions model and service desk
• Four dimensions model and practices

Answer :Service value system and four dimensions model

Options are :

Answer :5

Options are :

• Service value chain
• Practices
• Guiding principles (Correct)
• Continual improvement

Answer :Guiding principles

Options are :

• Services (Correct)
• Technology
• Email
• Financial resources

Answer :Services

Options are :

• IT management
• Service desk management
• Service delivery management
• Service management (Correct)

Answer :Service management

Options are :

• Cost of the service
• Perception of the stakeholder (Correct)
• Method of delivery
• Technology used

Answer :Perception of the stakeholder

Options are :

• Value is co-created between providers and technology
• Value is co-created between providers and suppliers
• Value is co-created between providers and consumers (Correct)
• Value is co-created between providers and management

Answer :Value is co-created between providers and consumers

Options are :

• Service desk
• Service support
• Service value
• Organization (Correct)

Answer :Organization

Options are :

• Service consumer
• Service provider (Correct)
• Consumer
• Provider

Answer :Service provider

Options are :

• Customer
• Service provider
• Senior management
• Sponsor (Correct)

Answer :Sponsor

Options are :

• Organizations and people
• Information and technology
• Partners and suppliers
• Process streams and procedures (Correct)

Answer :Process streams and procedures

Options are :

• To setup technology for customers
• To meet customers' needs
• To create value for stakeholders (Correct)
• To manage IT Services for customers

Answer :To create value for stakeholders

Options are :

• Providers and consumers (Correct)
• Providers only
• Providers and technology
• Providers and software

Answer :Providers and consumers

Options are :

• Service consumer (Correct)
• Service installer
• Supplier
• Stakeholder

Answer :Service consumer

Options are :

• Services
• Processes
• Value (Correct)
• Customers

Answer :Value

Options are :

• Find out the consumer perspectives of value (Correct)
• Find out the customer experience
• Find out the way to measure value
• Find out how to provide the service

Answer :Find out the consumer perspectives of value

Options are :

• Remove all unneeded services
• Understand all resources needed for the new service
• Consider what is already available to be leveraged. (Correct)
• Speak to the service consumer

Answer :Consider what is already available to be leveraged.

Options are :

• Quick and cost effective
• Iteratively with feedback (Correct)
• Iteratively and Quick
• Quick with feedback

Answer :Iteratively with feedback

Options are :

• Customers giving the same feedback
• Never ending feedback
• An output of one activity is an input to another activity (Correct)
• Part of an output is assessing

Answer :An output of one activity is an input to another activity

Options are :

• Complete product
• Cost saving product
• Least useable product
• Minimum viable product (Correct)

Answer :Minimum viable product

Options are :

• Isolated work (Correct)
• Collaborate work
• Group work
• Pool work

Answer :Isolated work

Options are :

• Technology
• Co-location
• Trust (Correct)
• Dedication

Answer :Trust

Options are :

• Insufficient team
• Insufficient time
• Insufficient visibility of work (Correct)
• Insufficient practices

Answer :Insufficient visibility of work

Options are :

• Think and work together
• Think and work holistically (Correct)
• Integration of services
• Integration of technology

Answer :Think and work holistically

Options are :

• Use the maximum number of steps
• Use the minimum number of steps (Correct)
• Use complex steps
• Use steps you understand

Answer :Use the minimum number of steps

Options are :

• Quick Steps
• Complex steps
• Simplicity (Correct)
• None of the above

Answer :Simplicity

Options are :

• Optimization
• Automation (Correct)
• Computerization
• Value Steams

Answer :Automation

Options are :

• Accountable only to government compliance
• Accountable to the service desk
• Accountable for policies
• Accountable for the organization's compliance with policies and any external regulations. (Correct)

Answer :Accountable for the organization's compliance with policies and any external regulations.

Options are :

• Problem management (Correct)
• Service desk
• Incident management
• Change Enablement

Answer :Problem management

Options are :

• Plan (Correct)
• Improve
• Engage
• Design

Answer :Plan

Options are :

• Purchases
• Networking
• Copying (Correct)
• Installation

Answer :Copying

Options are :

• Location
• Identification (Correct)
• Damages
• Usage

Answer :Identification

Options are :

• Related contracts (Correct)
• Usage
• Disposal
• Re-use

Answer :Related contracts

Options are :

• Configuration management system (CMS) (Correct)
• System management system (SMS)
• Central management system (CMS)
• Asset management system (AMS)

Answer :Configuration management system (CMS)

Options are :

• Active monitoring
• Passive monitoring (Correct)
• Self-monitoring
• System monitoring

Answer :Passive monitoring

Options are :

• Active monitoring (Correct)
• Passive monitoring
• Self-monitoring
• System monitoring

Answer :Active monitoring

Options are :

• Error control
• Incident control
• Known errors (Correct)
• Problem prioritization

Answer :Known errors

Options are :

• Cost of fixing
• Time needed to fix
• Who is being affected
• Risk they pose (Correct)

Answer :Risk they pose

Options are :

• Risk register
• IT asset register
• Problem register
• Problem records (Correct)

Answer :Problem records