The Netyeti's Journal

CAB

2 min read

Change Advisory Board

A Change Advisory Board (CAB) is a cross-functional group of individuals responsible for assessing, approving, and scheduling significant changes within an organization’s IT environment, ensuring they align with business priorities and minimizing risks and disruptions. Key members include representatives from IT, business units, and security, who meet regularly to review change requests, evaluate their impact and risk, and provide recommendations to the change manager. The CAB is a core component of the ITIL (Information Technology Infrastructure Library) framework’s Change Management process and helps ensure that changes are implemented smoothly, securely, and efficiently.

Purpose of a CAB

  • Risk Assessment: The CAB identifies potential risks and impacts of proposed changes on systems, services, and business processes.
  • Change Authorization: It provides oversight and approval for changes, ensuring they are justified and do not threaten the IT environment.
  • Strategic Alignment: The board helps ensure that changes are aligned with the organization’s overall business objectives and technical standards.
  • Coordination: It coordinates change implementation to avoid conflicts and schedule changes effectively.

Who Serves on a CAB?

Membership is flexible but typically includes:

  • IT Managers and Specialists: Such as operations, security, and network engineers.
  • Business Representatives: Stakeholders and managers from departments affected by the changes.
  • Service Desk Personnel: To provide insights from a user and incident perspective.
  • Change Manager: Often the chairperson who runs the meetings and oversees the process.

How a CAB Operates

  1. Change Request Submission: Stakeholders submit detailed change requests.
  2. Pre-CAB Review: The change manager and relevant teams assess the initial request and gather necessary information.
  3. CAB Meeting: The board meets regularly (e.g., weekly or bi-weekly) to review the proposed changes.
  4. Risk and Impact Evaluation: Members discuss the change’s potential impact on service, security, capacity, and compliance.
  5. Decision-Making: The CAB makes recommendations or authorizes the change to proceed, be delayed, or require revisions.
  6. Post-Implementation Review: The board reviews the success of previously implemented changes and addresses any failures or incidents.

Graph View