6.4 Change Enablement
Key Takeaways
- The purpose of change enablement is to maximize the number of successful service and product changes by ensuring risks are properly assessed, authorizing changes to proceed, and managing the change schedule
- A change is the addition, modification, or removal of anything that could have a direct or indirect effect on services
- ITIL 4 defines three change types: standard (pre-authorized, low-risk), normal (scheduled, assessed, authorized), and emergency (must be implemented as soon as possible)
- The change authority is the person or group that authorizes a change; for low-risk standard changes this authority is delegated in advance
- The change schedule (formerly the change calendar) plans and communicates changes to reduce conflicts and manage expectations
Purpose and Definition
Quick Answer: The purpose of the change enablement practice is to maximize the number of successful service and product changes by ensuring that risks have been properly assessed, authorizing changes to proceed, and managing the change schedule. A change is the addition, modification, or removal of anything that could have a direct or indirect effect on services.
Note the goal is to maximize successful changes, not to minimize or block change. Change enablement balances the need to make beneficial changes against the risk of disruption — it is an enabler, which is why ITIL 4 renamed it from ITIL v3's 'change management' to change enablement. The practice ensures every change is assessed for risk, authorized by the right person, and scheduled so it does not collide with other work.
The scope of 'change' is deliberately broad. Because a change is anything that could have a direct or indirect effect on services, it covers far more than code releases: infrastructure, applications, documentation, supplier relationships, and processes can all be the subject of a change. ITIL 4 is careful to distinguish change enablement from organizational change management (OCM), which focuses on the people side — managing how individuals adopt and adapt to change. Change enablement deals with the controlled introduction of service and product changes; OCM is a separate discipline that supports it but is not the same practice.
The Three Change Types
This is the most heavily tested topic in change enablement. ITIL 4 recognizes three types of change, distinguished by risk and the authorization route.
| Change type | Description | Authorization | Example |
|---|---|---|---|
| Standard change | Low-risk, pre-authorized, well-understood and fully documented; can be implemented without extra authorization | Pre-authorized — authorization is delegated in advance; often automated | Resetting a password; provisioning a standard laptop |
| Normal change | Needs to be scheduled, assessed, and authorized following a standard process; risk varies from low to high | Authorized by the appropriate change authority (may use a Change Advisory Board for high-risk) | Upgrading a database server; deploying a new app release |
| Emergency change | Must be implemented as soon as possible, e.g. to resolve a major incident or apply an urgent security patch | Expedited authorization, often via a separate emergency change authority | Patching a zero-day vulnerability under active attack |
Key traps: a standard change is not the same as a 'normal' change — 'standard' means pre-authorized and routine. An emergency change still requires authorization; it is simply expedited, and assessment/documentation may be completed after implementation. Testing and assessment for emergency changes may be reduced, but never skipped without acceptance of the added risk.
Change Authority and the Change Schedule
Change authority
A change authority is the person or group responsible for authorizing a change. ITIL 4 moved away from centralizing all decisions in a single Change Advisory Board (CAB). Instead, authority should be assigned to each type of change to ensure efficiency: for low-risk standard changes, the authority is delegated in advance (often to automation), so no human sign-off is needed each time. High-risk normal changes may still be reviewed by a CAB or senior authority.
Decentralizing authorization speeds throughput while keeping risky changes under control — a direct expression of the practice's purpose to maximize successful changes.
The change schedule
The change schedule (in ITIL v3 the change calendar or forward schedule of changes) is used to plan changes, assist communication, avoid conflicts, and assign resources. It tells stakeholders which changes are planned and when, so teams can spot clashes (two changes hitting the same service at once) and set user expectations about downtime.
Why change enablement matters
Many incidents are caused by poorly managed changes. By assessing risk, authorizing appropriately, and scheduling carefully, change enablement directly improves service quality — which is why it feeds into the deliver & support, obtain/build, and design & transition value chain activities. It also receives change requests from problem management when a permanent fix for a known error needs to be deployed.
Change enablement, release, and deployment
The exam frequently tests how change enablement relates to two neighboring practices. Change enablement decides whether a change is authorized and when it is scheduled. Release management makes new or changed services available for use. Deployment management moves components into live (or other) environments. A single change might authorize a release that is then deployed — three distinct practices cooperating. Keeping these straight is a common stumbling block: authorizing a change is not the same as releasing it, and releasing is not the same as deploying it.
Balancing speed and control
The defining tension of change enablement is velocity versus risk. Too much control and the organization cannot respond to business needs; too little and changes cause incidents. The three change types are precisely the mechanism for striking that balance — pre-authorizing routine work as standard changes removes friction, while reserving full assessment for genuinely risky normal changes focuses scrutiny where it matters. This is why ITIL 4 frames the practice's success as maximizing successful changes, a metric that rewards both throughput and quality at once.
What is the purpose of the change enablement practice?
A change that is low-risk, well-understood, fully documented, and can be implemented without additional authorization is which type of change?
Which statement about emergency changes is correct?
What is the main use of the change schedule in ITIL 4?