No, Change Management is not too much to ask of a small org

Written By Rob Morse

Often, suggesting implementing Change Management can give you a lot of eyerolls and pushback when your org is small or just starting out. Excuses can range from

-          It’s too onerous

-          It’s too expensive

-          It’s not necessary

The fact is even small teams are performing the change management tasks already, they’re just not aware of it or not taking the extra 5% effort to formalize it. I’ve led teams of exceptional engineers in an industry of high-achievers and found that their experience and prudence often goes overlooked and undocumented.

Smaller organizations suffer from the same issues larger organizations do, but often lack the resourcing and financial clout with vendors to get the highest-caliber support and incident response. This makes it even more critical to make sure impactful changes are handled smoothly. As mentioned above, good developers and engineers are already doing this, so why should a smaller organization go through the extra hurdles of formalizing this? In practice I have found that startup life-science enterprises often face the following:

-          Need for more consistent results

-          Better accountability when a third-party makes a mistake

-          Transparency from IT to leadership

-          Governance and compliance requirements in contractual agreements (GDPR, NIST, HIPAA, etc.)

-          Better documentation overall

-          Knowledge transfer for growth

 

At the end of the day, change control is all about ensuring that any change to a platform or project doesn’t have any adverse affects to other parts.

So if change control should be done (and let’s face it, we all really know it should be), how can an org complete this with even a small and busy team?

At the bare minimum the team should do the following:

-          Document the change

-          Document the risks

-          Document the decision

-          Receive approval

-          Save all the above in your ticketing system

That’s it. It takes less time to do than to author this blog post. This can be even easier to do if you create a template from the above. Many ticket systems can even be customized to make this a request through a form with drop-down selections.

 

For a more mature or environment that is scaling up, the following can be implemented:

-          Change control team with a communication system and regular meetings

-          Integration with change management in the organization

-          Touch points for critical functions (usually done through Business Associates)

So much of governance and compliance hinges on taking credit for things you are already doing. Take those best practices and add the final layer and good compliance doesn’t have to be scary.

Rob Morse

A former special needs teacher, Rob has been delivering thoughtful IT leadership to life science organizations for over 15 years. He continues to live by the mantra to put the needs of patients first. His vision has always been to be a liaison for organizations to help IT departments Support, Empower and Enable (SEE) the core teams and bring medicine to patients faster.

https://morsewire.com
Next

VPN Options For Your Startup