Managing the Changes Deployed by Your Cloud Vendor

Yikes! My Cloud host service made a change; now my services aren’t working anymore!

Let’s say you have outsourced at least some of the services you provide to your customers to a cloud hosting vendor. Your vendor will inevitably make changes to their hosting hardware and software to make improvements or to stabilize their environment. These changes might negatively affect the services you have entrusted to them.

You might also request changes from them to some of the services they’re hosting for you, to add features or to make improvements. So, the big question is, “How do you manage the changes being implemented by your cloud hosting vendor that could adversely affect your services and your customers?”

This is not an easy question to answer as this can be a complex subject. And no single answer will fit all
situations. So, let’s apply some parameters to our scenario to get started and assume the following:

1. You have a formal, documented Change Management process of your own, one that is accepted and used, based on service management best practices, such as ITIL^® standards and practices.
2. You also have a process designed to select and manage your third-party suppliers and vendors (including cloud hosting suppliers).
3. You have a formal way (process) to evaluate the performance of service changes that could affect services being delivered to your customers. This could be a separate process or could be included as part of your Change Management process.

If you don’t have these three things already in place, you are going to be loaded with risk. But for our scenario, we’ll accept the above assumptions. Since your cloud hosting service will be making changes that might affect the services you deliver to your customers, you must manage those changes.

With the assumptions above, you’ll need to select a supplier who is just like you! In other words, they have and use a formal, documented Change Management process based on service management best practices. They have a formal way (process) to evaluate the performance of service changes that might affect downstream services or customers. Thirdly, they will agree to respect your process designed to manage your third-party suppliers and vendors (including cloud hosting suppliers). If your cloud hosting service does not fit these criteria, you have made the wrong choice. Let’s delve into these three assumptions further.

Choosing the Supplier

To choose and manage your third-party suppliers, there is a process called Supplier Management. Here are the goals and objectives of your Supplier Management process (according to ITIL):

“The purpose of the Supplier Management process is to obtain value for money from suppliers and to provide seamless quality of IT service to the business by ensuring that all contracts and agreements with suppliers support the needs of the business and that all suppliers meet their contractual commitments.”

Some key objectives of Supplier Management are to:

• Ensure that contracts with suppliers are aligned with your customer needs and support agreed targets in Service Level Requirements (SLR) documents and Service Level Agreements (SLAs), in conjunction with your Service Level Management process
• Manage relationships with suppliers
• Manage supplier performance
• Negotiate and agree contracts with suppliers
• Manage the contracts through their lifecycle

Before choosing a third-party supplier:

• Pick someone like you
• Build your three assumptions into your Request for Proposal (RFP)
• Verbally agree on main elements of the proposed contract before final selection of supplier
• Make sure your vision of Change Management is a focus of the contract
• Build metrics into the contract to enable managing and measuring performance of the supplier
  

The Change Management Process

Since your selected supplier has accepted the terms of the contract, they also agreed to your vision of Change Management, so injecting yourself into their Change Management process will be easier. Here are the goals and objectives of your Change Management process (according to ITIL):

“The purpose of the Change Management process is to control the lifecycle of all changes, enabling beneficial changes to be made with minimum disruption to IT services.”

We will want to manage our own changes as well as those of our supplier to:

• Reduce risk exposure
• Minimize the severity of any impact and disruption (incidents) caused by changes
• Successfully implement changes on the first try
• Ensure that all stakeholders receive appropriate and timely communication about any change so that they are aware and ready to adopt and support the change

Some key objectives of Change Management are to:

• Reduce incidents, disruptions, and rework
• Deliver changes that will align the services with the needs of customers
• Ensure all changes are recorded and evaluated, and that approved changes are prioritized, planned, tested, implemented, documented, and reviewed in a controlled manner
• Optimize overall business risk mitigation

You will need to make sure your supplier also is striving to meet these same goals and objectives from their Change Management process. The best way to ensure this is happening is to be a part of their process. When a request for change is submitted to them to be assessed and evaluated by their Change Advisory Board (CAB), someone from your organization will need to be a member of their CAB so that you will be represented when the assessment takes place. You need to weigh-in on any change being proposed that could affect your services or infrastructure.

As a member of their CAB, you should receive the change requests and other supporting material (electronically) prior to the scheduled CAB meeting so you can do any necessary research before attending the meeting (electronically or otherwise). You should ensure they are using best practices for assessment and evaluation criteria before they authorize any changes.

CAB meetings should also include a Post Implementation Review (PIR) of all recent change implementations, and you should participate in those discussions, too.

A key part of successful Change Management is the coordinating/evaluating the build, test and deploy steps of the supplier’s changes utilizing the principles of the (ITIL) Change Evaluation process. If you or your supplier do not have a formal Change Evaluation process, your/their Change Management staff can still take the requisite steps to coordinate/evaluate all changes.

Coordination really means having an extra set of eyes on the steps to put a change into production. Those steps are:

• Release planning
• Release testing and test results
• Deploying the release into production
• Reviewing the results of the deployment

Whether the person assigned to do the coordinating is someone from the Change Evaluation process or, if you don’t have a formal process, someone from the CAB, they will evaluate the results of each of the steps to ensure we have gotten acceptable outcomes that meet our criteria for success. These observations will result in Interim Evaluation Reports and a Final Evaluation Report to the CAB. These reports ensure that Change Management can expedite an effective decision about whether a service change deployment should be authorized or remediated.

The Change Evaluation Process

Here are the goals and objectives of your Change Evaluation process (according to ITIL):

“The purpose of the Change Evaluation process is to provide a consistent and standardized means of determining the performance of a service change in the context of likely impacts on business outcomes, and on existing and proposed services and IT infrastructure. The actual performance of a change is assessed against its predicted performance. Risks and issues related to the change are identified and managed.”

Some key objectives of Change Evaluation include the following:

• Set stakeholder expectations correctly and provide effective and accurate information to Change Management to make sure that changes that adversely affect service capability and introduce risk are not deployed unchecked
• Evaluate the intended effects of a service change and as much of the unintended effects as is reasonably practical given any inherent constraints
• Provide good-quality evaluation reports so that Change Management can expedite an effective decision about whether a service change deployment should be authorized or remediated

Be a Partner to Your Cloud Provider

You can’t leave to chance that your cloud hosting service will do the right thing every time and will always follow service management best practices. So, you have to be actively involved in managing the changes they make that could impact the services you deliver to your customers. Following the guidelines discussed here will improve the outcomes you can expect from having a third-party supplier hosting services for you and making changes that might affect those services. A key success factor will be for you to become a partner with your selected supplier instead of just being their client.

Jim McKennan is an independent IT service management consultant working for E.K. Associates on a long-term contract at the State of California Child Welfare Digital Services (CWDS). Jim designed an ITIL-based service desk for CWDS to support a new application that will be used by all the Child Welfare offices throughout the state. He also designed and documented ITIL processes such as Incident Management, Problem Management, Request Fulfillment, Knowledge Management, and Change Management. Since the agency has outsourced some of their services to a cloud hosting service, he felt he needed to address the subject of managing changes by third-party suppliers in this article. Jim is a long-time member of HDI, past Western Region Director of the HDI Member Advisory Board and was a member of the HDI International Standards Committee that helped document the HDI Support Center Standard. He is a past President of HDI District 1B (State of California chapters). He was also known as Dr. Jim the Service Doctor when he wrote a regular column for SupportWorld magazine.