This week has been dominated by two things:
- Windows 10 device builds. Lots of them.
- Change Control.
The first part is the easy bit. I have an eager team of build engineers, led by a committed and diligent Consultant to help with that. The second part has resulted in more than its fair share of pain.
As the client-side Programme Manager remarked to me, there are two types of change to manage: change that needs budget and resources and agreement; and “things we need to tell you about”.
The changes I’ve been fighting with are certainly in the “things we need to tell you about” category: minor edits to user account information in Active Directory made on an individual user (or small group of users) basis. Such changes are easily reversed but need to be communicated (to users, and to those who support them – so they are ready for any consequences).
Unfortunately, in order to make this minor change (admittedly a few thousand times), I have to complete a form that’s really designed for much heavier changes, submit it at least a week ahead of when I want to make the change (which is not very agile), attend various meetings to provide information, have multiple conversations outside the process to smooth the path of the change, stand on one leg, do a little dance and make incantations (OK, I made the last part up).
Attempting to complete a very complex Operational Change Request form for a simple user account configuration change. Seems little wonder that inertia is such a battle in large organisations with a SIAM/tower model in place…
— Mark Wilson ???? (@markwilsonit) March 8, 2018
And, as one former customer replied:
The inevitable consequence of a one-size fits all, ITIL, change process in the name of risk mitigation.
— Brian Lea (@CandleFat) March 9, 2018
Change control has its place but sometimes it feels like a lightweight process should be there for the “things we need to tell you about”-type changes. When I completed my ITIL® Foundation training, people said “you’ll breeze it Mark, it’s just common sense” – and it is. Unfortunately, it seems to me that many people use ITIL as a reason to wrap themselves in unnecessary layers of bureaucracy. There’s also a natural tension between those who are tasked with designing new and improved services and those who need to operate services. One wants change. One wants to avoid change. And, where outsourced services are in place, there are commercial reasons not to make any changes too.
Next week, I’ll find out how successful I’ve been. If I’m lucky, we’ll get approval two days after we need it. I’m not adding to my pain by making an urgent or emergency change (I’m not a masochist) but I have recorded an issue in the PM’s RAID log…
Other encounters this week have included:
- Night-time mountain-biking in the woods (helping out with my eldest son’s cycling club) – that was fun!
- FUD from my younger son’s school around GDPR.
School notification service wants me to delete myself from their database “because of GDPR”. What nonsense. Surely the very fact I signed up to a service to send me notifications from the school means I have already given consent! Also, why rely on users to perform admin?! #GDPR pic.twitter.com/tC3FAwrFmI
— Mark Wilson ???? (@markwilsonit) March 7, 2018
From a GDPR perspective, that is massively wrong. Also, the bigger issue with their use case is PECR, and that has been law for a long time…
— Benjamin Ellis (@benjaminellis) March 8, 2018
Needless to say, I’ll be ignoring the (poorly-written) communication from the school. Why expect me (as the user of the service) to take action to help the organisation tidy up their data when they have clearly misunderstood their obligations?
Now, it’s the weekend. It’s been another very long week. My train is nearly at Northampton and I feel the need to collapse on the sofa before I fall asleep. The weekend will be a mixture of “Dad’s taxi” and Mothering Sunday (helping my boys be nice to their Mum, and hosting my Mum and my Mother-in-law for lunch). Then back to work for round 2 of “change control”.