By Yousef AlSuwaidan, Anwar Ayub, and Abdullah Aldhamin

EXECUTIVE SUMMARY
IT change management is a core process for IT operations in the oil and gas industry as changes to systems could impede real-time drilling and exploration activities, and may lead to cascading implications. Managing change is further complicated given the complex and disperse operations for oil and gas companies typically spanning multiple data centers, user locations, and geographically dispersed operational areas. Given the importance and criticality of this process, it has been known to be a risk-averse and deliberate process to avoid any potential disruptions to the 24×7 time-sensitive operations. However, this rigid approach is not streamlined with modern IT technologies and practices, such as, Continuous Integration/Continuous Deployment (CI/CD) pipelines for DevOps, cloud computing, and Software Defined Networking (SDN) that are characterized by rapid small changes.

More importantly, the digital transformation is revolutionizing the oil and gas in an unprecedented pace in the history of the industry. As a result, this elevates the challenge for IT operations in this industry to cater for the aforementioned emerging necessities, while at the same time continuing to provide close oversight and review of associated risk and impact. Proper categorization of change activities, accurate change assessments, enhanced communication plans, and simplified approval workflows results in a framework that supports rapid delivery of IT changes and still mitigate the potential risks associated with these changes.

METHODOLOGY
The main motivations behind optimizing the IT change management process is to simplify the process, reduce lead time for implementing routine changes, and avail the needed focus on high risk and impact activities, or new activities. Previously, there was a lack of clarity over the implementation and impact of change requests resulting in some changes going through multiple reviews and approval stages. Hence, major changes occasionally were either delayed or rushed, which has created an overhead for both support and business users alike.

To achieve these objectives, a project-based task force was established to work on three frontiers: data collection, analysis, and process policy documents update. First, data about the IT change management process practices was collected and reviewed. During that, a survey was conducted with the stakeholders as an input for the analysis. Next, structured analysis was conducted to identify and prioritize key pain points. In other words, a thorough historical changes review was conducted that involved analyzing different types of change activities along with the tasks associated with
these change activities.

This analysis determined that proper change planning and assessments would alleviate the consistency issues with processing major changes. Therefore, the process enhancements focused on improving the initial change planning and assessment phases in order to streamline the downstream approval, scheduling, and implementation phases. Finally, in order to achieve user and customer buy-in, the revised policy and process documents were reviewed and signed by all key stakeholders.

IT CHANGE MANAGEMENT ENHANCEMENTS
Identifying and Categorizing Change Activities

The first step of developing the new framework was to understand the type and nature of changes implemented in the environment. This was done by performing historical analysis of changes and working with support groups to understand their changes. The analysis provided insight into the risk, impact, and frequency of change activities. Based on this information, required resources, standard deployment times, and outage windows, authorization and communication requirements were identified for change activities. Segregating the known activities based on their potential impact and history expedites the implementation of routine, low risk and impact activities while ensuring that IT change management time and resources are dedicated to high risk and impact changes.

VALUE STREAM MAPPING APPROVAL FOR CHANGE ACTIVITIES

A standard, global change window for all changes does not align with the evolving needs of the business users. Different business priorities and objectives made it challenging to schedule IT changes. As part of the change activity analysis, IT change management identified the services and users affected for each change activity using the Value Stream Mapping (VSM) methodology. VSM is a practice based upon Lean management principles to visualize the flow of work, information, and services required to deliver services to users. One of the primary benefits of VSM is identifying inefficiencies in service delivery.

VSM reduces the review and processing overhead with evaluating change request. Instead of a global Change Advisory Board (CAB) reviewing all changes and trying to fit the changes into a single maintenance window, the VSM allows routing the approval and scheduling of IT changes only to the business entities affected by the activity. Consequently, change authorities across the organization are likely to spend more time analyzing these targeted changes for approval, as compared to the previous practice. As formerly they would receive a larger volume of changes, many of which did not affect their area of concern.

Since these changes have a defined and known impact, they can also be scheduled at any time and do not need to be included as part of the standard maintenance window. This allows for greater flexibility for the business users in the scheduling and implementation of IT changes in alignment with their current business requirements. It also enables IT support to implement changes faster rather than waiting for the weekly maintenance window.

SYSTEMIZING THE RISK AND IMPACT ASSESSMENTS
Risk and impact assessments are key parts of a Change Request as the result of these assessment determine the level of approval and lead time for a change activity. Therefore, it is important to have a consistent, repeatable assessment for all changes. The updated IT change management introduced a systematic approach to determine the associated risk and impact level of a change activity. The assessments consist of a set of weighted questions that are captured as part of the creation of a Change Request. This makes it easier for the process managers to review Change Requests and gauge the overall risk and impact without the need to involve other Subject Matter Experts in the evaluation. It also facilitates the historical review of similar changes.

COMMUNICATION PLANS
Although users do not need to be informed of all changes implemented in IT services, they do need to be informed about instances where the change activity will or may cause service disruption or require some action from the users. The revised IT change management process requires developing the communication plan as part of the implementation task for high risk and impact changes to ensure that the necessary details about a change are communicated in a timely manner to the relevant users and support groups. Making the communication plan a requirement results in closer communication across IT support groups and users which helps identify potential roadblocks ahead of time. The result is that business users now have more lead time to adjust their plans to accommodate for IT
changes.

INTEGRATION WITH DEVOPS CI/CD PIPELINES
Traditional IT change management requires documenting, reviewing, approving, and scheduling all change requests. Given the volume and frequent changes in DevOps and cloud services, this practice becomes impractical and burdensome on support groups. Integrating the IT change managementt system with CI/CD orchestration tools will enable automating the various steps of a traditional change request from creation, approval, to closure via APIs or web services. The introduced enhancements provide the required flexibility from both a technology and process perspective that facilitates the continuous and rapid changes that are characteristic of CI/CD pipelines.

CONCLUSION
Oil and gas IT operations rely on an effective IT change management process to minimize the downtime and impact on operations and users. Due to the sensitivity and criticality of oil and gas drilling and exploration services, service disruptions must be minimized. IT change management oversees a complex environment spanning multiple data centers, user area buildings, and IT support groups. The traditional practice of evaluating all changes during a weekly CAB meeting does not align with the increasing volume and frequency of changes related to IT systems and applications. Therefore, the updated IT change management framework streamlined the processing of changes while still ensuring that high risk and impact changes are adequately reviewed and approved to reduce the impact on 24×7 operations and users.

Yousef AlSuwaidan is Senior Operating Systems Specialist at Saudi Arabian Oil Company. He can be reached at yousef.suwaidan@aramco.com.
Anwar Ayub is Lead Operating Systems Analyst at Saudi Arabian Oil Company. He can be reached at anwar.ayub@aramco.com.
Abdullah Aldhamin is Service Continuity Group Leader at Saudi Arabian Oil Company. He can be reached at abdallah.aldhamin@aramco.com.

Read Other Articles