Change Control Process in Software Engineering with Steps
โก Smart Summary
Change Control is the formal process a company uses to document, identify, and authorise changes to an IT environment, cutting the risk of unauthorised alterations, disruption, and errors across projects, applications, and infrastructure.
What is Change Control?
Change Control is the process that a company uses to document, identify and authorize changes to an IT environment. It reduces the chances of unauthorized alterations, disruption and errors in the system.
Why Change Control?
Whenever stakeholders request new or different changes to the system, those changes are neither optional nor ignorable. The changes must be implemented without disrupting other components of the system. This is where change control becomes useful. It helps project teams modify project scope using defined controls and policies. Change Control is practiced whenever a project deviates from the plan.
A formal change request document must be completed and reviewed to keep control of every change request.
Common questions raised while analysing a change control request include:
- Who will approve the change?
- Does it need to be reviewed by a change control board?
- How much time is required to research and implement the change?
- What are the impacts of changes to other components of the system (schedules, cost, resources, etc.)?
- Is there a threshold below which project management can approve it directly?
Different Factors of the Change Control Process
There are various factors that a Change Control process should consider
| Steps in Change Control Process | Action taken in Change Control |
|---|---|
| Change request initiation and Control | Change requests should be standardised and reviewed by management, and the requestor should be kept informed. |
| Impact Assessment | Every change request should be assessed in a structured way to analyse potential impacts. |
| Control and Documentation of Changes | A change log should record the date, the person who made the change, and the change itself. Only authorised individuals should be allowed to make changes, and a rollback process should be defined. |
| Documentation and Procedures | Whenever system changes are implemented, the related procedures and documents should be updated to match. |
| Authorized Maintenance | System access rights should be controlled to prevent unauthorised access. |
| Testing and User signoff | Software should be thoroughly tested, and business users should sign off before release. |
| Version Control | Production source code should be version controlled so only the latest approved build is deployed. |
| Emergency Changes | A verbal authorisation should be obtained and the change documented as soon as possible. |
Process of Change Control
Before diving into the change control process, it is helpful to familiarise ourselves with the documents used in Change Control. Two documents are central to Change Control:
- Change Log: A change log lists details of every Change Request — project number, PCR (Project Change Request) ID, priority, owner, target date, status, status date, raised by, and date raised.
- Change Request Form: It captures the details needed for decision making — type of change, benefits, requestor, time and cost estimate, priority, approver, and change request status.
Change Process Flow Diagram
The change process follows a specific pattern to implement changes in the product or system. The flow diagram below shows the steps involved.
Steps in the Change Control Process
| Steps for Change Control | Action |
|---|---|
| Change request identification | Identify the need for a change and describe it on the Project Change Request form. |
| Change request assessment | If the change is not valid, defer or reject it. Assign the resources needed to analyse the request, complete a quick impact assessment, and update the change request form. Rejected requests stop at this stage. |
| Change request analysis | Assign the change request to an authorised member for full analysis. Deferred changes re-enter this step, and rejected requests stop here. |
| Change request approval | Identify the risk, complexity, and impact of the change before approval. Route the change request to the authorised approver for a decision. Rejected requests stop at this stage. |
| Change request implementation | Update project procedures and management plans, inform the team, monitor progress, record completion, and close the change request. |
NOTE: Change Control approval may be granted by the Project Manager, IT Lead or Lead Developer, or a designated Stakeholder.
Change Management vs. Change Control
| Change Management | Change Control |
|---|---|
| Manages and controls change requests across IT infrastructure and services to minimise disruption and maximise business benefit. | Covers the submission, recording, analysis, and approval of a change to improve the overall performance of the system or product. |




