Skip to main content
 

Part 2. Information Technology

Chapter 125. Change Management

Section 2. Change Management Process

2.125.2 Change Management Process

Manual Transmittal

May 21, 2026

Purpose

(1) This transmits revised IRM 2.125.2 Change Management Process.

Material Changes

(1) IRM 2.125.2.1 Program Scope and Objectives. Revised to transition from policy-driven and control-based content to a lifecycle-based Change Management process. Updated organizational alignment to reflect Strategy & Product Management (SPM) and Infrastructure Tech Ops (ITO) Product Team ownership, clarified stakeholder roles based on lifecycle participation, and aligned process context with Configuration Management (IRM 2.150.1), ITIL 4 Change Enablement practices, and CI/CD integration.

(2) IRM 2.125.2.1.1 Background. Revised to remove descriptive and policy justification language and establish lifecycle-based process context, including alignment with Configuration Management, ITIL 4 practices, and CI/CD integration.

(3) IRM 2.125.2.1.2 Process Definition. Updated to define a lifecycle-driven Change Management process, replacing approval hierarchy and compliance-focused language with risk-based authorization and execution-focused lifecycle activities.

(4) IRM 2.125.2.1.3 Authority. Updated to clarify alignment with governing IRMs without establishing policy authority within the process section and to include additional referenced IRMs.

(5) IRM 2.125.2.1.4 Roles and Responsibilities. Revised to align roles with lifecycle execution activities, clarify advisory and authorization roles, standardize role definitions, and establish coordination with Configuration Management for Configuration Item (CI) updates.

(6) IRM 2.125.2.1.5 Program Management and Review. Updated to align with performance monitoring and continuous improvement practices. Removed prescriptive governance language and enhanced use of metrics to support lifecycle performance analysis and trend identification.

(7) IRM 2.125.2.1.6 Program Control. Revised to redefine controls as system, workflow, and role-based mechanisms supporting lifecycle execution. Removed policy-driven control definitions and aligned controls to lifecycle activities, including automation, CI/CD integration, and post-implementation review.

(8) IRM 2.125.2.1.7 Terms/Definitions/Acronyms. Updated to standardize terminology, align definitions with lifecycle execution and ITIL 4 concepts, clarify approval versus authorization, and remove legacy tool-specific and workflow-based references.

(9) IRM 2.125.2.1.8 Related Resources and IRM 2.125.2.1.9 Training. Updated to align references with current IRMs and ITIL 4 practices and revised training language to support lifecycle execution and stakeholder understanding.

(10) IRM 2.125.2.2 Change Management Process. Replaced legacy workflow-based structure (including process diagrams, inputs, outputs, and phase-based activities) with a lifecycle-driven execution model (ChM 1.0 through ChM 10.0). Incorporated risk-based authorization, standardized change models, post-implementation review activities, and integration with Configuration Management. Added alignment to ITIL 4 Change Enablement practices and introduced activity-level mapping of roles, change types, artifacts, and controls to improve traceability, coordination, and lifecycle visibility.

(11) Editorial Changes. Made editorial updates throughout the IRM to remove policy language, standardize terminology, improve clarity and consistency, and align content with lifecycle-based process structure and current enterprise standards.

Effect on Other Documents

This IRM supersedes IRM 2.125.2 revision date October 21, 2022.

Audience

This IRM section applies to all Internal Revenue Service (IRS) Information Technology (IT) organizations, contractors, and other stakeholders having responsibility for managing change and control of the IT infrastructure.

Effective Date

(05-21-2026)

Kaschit Pandya
Chief Information Officer

2.125.2.1 (10-21-2022)

Program Scope and Objectives

  1. Purpose. This section describes the Change Management process used to execute lifecycle activities for managing changes to IRS Information Technology (IT) services and Configuration Items (CIs). The process operates in alignment with IRM 2.125.1 and is implemented through the lifecycle activities, roles, controls, and artifacts defined in this IRM. The Change Management lifecycle defined in IRM 2.125.2.2 provides the execution model for managing changes from initiation through closure.

  2. Audience. This process is used by IT organizations, contractors, and stakeholders participating in Change Management lifecycle activities, including those responsible for creating, reviewing, coordinating, implementing, and validating changes.

  3. Policy Owner. Strategy & Product Management (S&PM) - IT.

  4. Program Owner. Infrastructure Tech Ops (ITO) Product Management, within S&PM - IT.

  5. Primary Stakeholders. Stakeholders include IT organizations and service providers involved in Change Management activities, including management of change requests (CRs), lifecycle execution, coordination across teams, and maintenance of associated records and artifacts.

  6. Contact Information. To recommend updates or provide feedback for this IRM section, contact the Change Management PMO (ChM PMO): it.chm.pmo@irs.gov

2.125.2.1.1 (09-24-2018)

Background

  1. This section provides context for the Change Management process and its role in managing changes to CIs.

  2. The Change Management process defines a structured, lifecycle-based approach for identifying, documenting, assessing, authorizing, implementing, and reviewing changes to CIs in alignment with IRM 2.125.1. The process is executed through defined lifecycle activities and integrates with Configuration Management (IRM 2.150.1) to maintain consistency of CI records and baselines.

  3. The Change Management process aligns with ITIL 4 Change Enablement practices by incorporating risk-based evaluation, defined change types, and lifecycle-driven execution. Integration with CI/CD pipelines supports automation of change activities, including testing, validation, and deployment where applicable.

  4. The Change Management process maintains end-to-end traceability of changes from initiation through closure by recording lifecycle activities, approvals, testing evidence, and implementation outcomes. This supports visibility, coordination, and auditability of change activities across the enterprise IT environment.

2.125.2.1.2 (10-21-2022)

Process Definition

  1. Process Description. The Change Management process is a structured, lifecycle-driven process used to manage changes to IRS IT systems and services. Changes are initiated and executed through a Change Request (CR) and progress through the lifecycle activities defined in IRM 2.125.2.2.

    Lifecycle activities include validation and authorization steps performed at defined points in the process. Workflow execution supports segregation of duties by assigning distinct roles to validation, authorization, and implementation activities.

    Lifecycle activities are performed in sequence unless adjusted through approved tailoring as described in IRM 2.125.2.1.6.3. The process supports the progression of changes through defined activities to enable timely implementation while maintaining traceability and coordination across stakeholders.

  2. Process Goal. The goal of the Change Management process is to provide a consistent and repeatable lifecycle approach for managing changes while supporting timely delivery of changes that meet business and operational needs.

  3. Process Objectives. The Change Management process objectives include:

    • Supporting business and operational requirements while reducing incidents, disruption, and rework

    • Aligning requests for change with enterprise priorities and service needs

    • Managing changes through defined lifecycle activities, including recording, evaluation, prioritization, planning, testing, implementation, documentation, and review

    • Recording and maintaining change information associated with CIs within enterprise systems, including CMS and CMDB, in coordination with Configuration Management (IRM 2.150.1)

    • Improving visibility, coordination, and accountability across the change lifecycle

    • Supporting risk-informed decision-making throughout the lifecycle

  4. ITIL 4 Alignment. The Change Management process aligns with ITIL 4 Change Enablement practices by incorporating risk-based authorization, defined change models, and lifecycle-driven execution. The process supports streamlined handling of standard and low-risk changes and integrates with CI/CD pipelines to enable automation of testing, validation, and deployment activities where applicable.

    Standard changes are executed using predefined change models that define required procedures, implementation steps, and authorization criteria within the Change Management lifecycle.

  5. Required Artifacts. Lifecycle activities produce and maintain artifacts as defined in IRM 2.125.2.2.3, including records supporting traceability, validation, authorization, implementation, and closure.

2.125.2.1.3 (09-24-2018)

Authority

  1. This process operates in alignment with the following Internal Revenue Manuals (IRMs), which define governing policy, security, and related process requirements:

    • IRM 2.125.1 Change Management Policy

    • IRM 2.150.1 Configuration Management Policy

    • IRM 2.150.2 Configuration Management Process

    • IRM 10.8.1 Information Technology (IT) Security, Policy and Guidance

    • IRM 2.22.1 Unified Work Request (UWR) Process

2.125.2.1.4 (09-24-2018)

Roles and Responsibilities

  1. Roles defined in this section align to the Change Management lifecycle defined in IRM 2.125.2.2.

  2. Lifecycle activities assign responsible and accountable roles to support traceability, coordination, and segregation of duties.

    1. Process Role Description
      Audit and Compliance / Quality Assurance (QA) Performs independent reviews of change records and lifecycle activities to evaluate alignment with defined process activities, controls, and documentation. Reviews completeness of approvals, risk assessments, post-implementation reviews, and record retention. Provides input to support continuous process improvement.
      Change Advisory Board (CAB) Provides cross-functional review and recommendations for Normal and high-risk changes. Evaluates risk, impact, dependencies, and scheduling considerations to support authorization decisions.
      Change Analyst Performs activities associated with initiating, developing, testing, and implementing changes. Responsibilities vary by lifecycle role assignment:

      • Initiating Change Analyst - creates and submits the CR.

      • Assigned Change Analyst - manages execution of the CR.

      • Supporting Change Analyst – provides specialized technical or functional expertise.

      • Implementing Change Analyst – performs implementation activities

      Note:

      Lifecycle activities are coordinated to support separation of duties across initiating, coordinating, and implementing roles.
      Change Approver Performs authorization or rejection of CRs based on documented risk, impact, and supporting information, including SIA where applicable.
      Change Authority Defines authorization levels, change classification criteria, and escalation paths used within the Change Management process. Supports consistent application of authorization approaches across change types.
      Change Coordinator Coordinates progression of a CR through lifecycle activities, including assessment, planning, scheduling, and implementation. Maintains coordination across stakeholders and supports completeness of required activities and records.
      Change Manager Oversees execution of the Change Management process and coordinates lifecycle activities across stakeholders. Monitors change progression, supports scheduling and closure activities, and escalates issues when needed.
      Configuration Management Authority Coordinates with the Change Management process to reflect approved changes in CI records and baselines in accordance with Configuration Management (IRM 2.150.1). Supports accuracy and synchronization of configuration data.
      Change Management Process Owner Provides oversight of the Change Management process, including lifecycle design, updates, and continuous improvement. Reviews and evaluates exceptions to lifecycle execution, including automated closure scenarios, and maintains associated documentation.
      Emergency Change Authority (ECA) Performs expedited authorization for Emergency changes outside standard review sequencing. Emergency changes are documented and reviewed during post-implementation activities.
      Frontline Manager Performs initial validation of the CR to confirm completeness, business need, and alignment with operational priorities. This activity supports progression of the CR for further assessment and does not represent final authorization.
      Information System Owner (ISO) Provides system-level input for changes affecting assigned systems, including review of risk, security considerations, and operational impact within system boundaries.
      Information System Security Officer (ISSO) Evaluates security considerations associated with proposed changes and provides input related to security controls and SIA where applicable.
      Release Manager Coordinates packaging, scheduling, and deployment of approved changes. Aligns change activities with release activities, including readiness validation and rollback planning.
      Technical Review Board (TRB) Provides technical evaluation of complex or high-risk changes, including alignment with architecture, design standards, and integration requirements. Identifies risks and recommended mitigations.

  3. Technical evaluation and cross-functional review activities may be performed through a coordinated or combined review forum supported by automated workflow. Roles participating in these activities maintain distinct responsibilities for technical evaluation and risk-based authorization inputs within the Change Management lifecycle.

  4. Roles map to lifecycle activities as defined in IRM 2.125.2.2.3 to support accountability, coordination, and traceability.

  5. This section defines roles and does not describe lifecycle execution.

2.125.2.1.5 (09-24-2018)

Program Management and Review

  1. Program Management and Review describes activities used to monitor, evaluate, and improve the Change Management process. These activities support measurement of process performance and alignment with enterprise objectives.

    1. Process Management. The Change Management process is supported by a Process Owner and Process Manager who coordinate lifecycle execution, process updates, and continuous improvement activities. The process is periodically reviewed to support alignment with business and operational needs.

      The process uses metrics to provide insight into performance, efficiency, and outcomes across the lifecycle. Metrics may include change success rate, change failure and rollback rate, emergency change rate, aged open change records (including those exceeding 60 calendar days), post-implementation review completion rates, and the percentage of changes integrated with CI/CD.

      Metrics are used to support analysis, trend identification, and continuous improvement of lifecycle activities.

    2. People. Roles and responsibilities are aligned to lifecycle activities across the Change Management process. Personnel participating in lifecycle activities are supported by training, communication, and role clarity to enable consistent execution across IT and business stakeholders.

    3. Process. The Change Management process integrates with related processes, including Incident Management (IRM 2.148.2), Problem Management, Release Management, and Configuration Management (IRM 2.150.1). High-impact or unsuccessful changes may be evaluated through Problem Management to support identification of root causes and improvement opportunities.

    4. Technology and Tools. Tools supporting the Change Management process enable execution of lifecycle activities, including change tracking, workflow management, authorization, and reporting. Automation capabilities, including workflow routing, notifications, and integration with enterprise systems such as CMS and CMDB, support consistency, efficiency, and traceability across the lifecycle. Integration with CI/CD pipelines supports automated testing, validation, and deployment activities where applicable.

2.125.2.1.6 (09-24-2018)

Program Control

  1. Program Control describes the mechanisms used to support execution of lifecycle activities defined in IRM 2.125.2.2. These mechanisms include system functionality, workflow configuration, and role-based activities that support consistent execution of the Change Management process.

2.125.2.1.6.1 (09-24-2018)
Controls

  1. Controls support execution of lifecycle activities by guiding how activities are performed within the Change Management process. Controls are implemented through system capabilities, workflow configuration, and role assignments.

    Name Description
    Audit and Traceability Controls Support recording, tracking, and traceability of changes across lifecycle activities to enable visibility and reconstruction of change history.
    Authorization and Approval Control System functionality supports documented authorization within the System of Record prior to implementation.
    Automated Closure System functionality may close change records that remain in a completed or pending closure state for more than 60 calendar days. Exceptions are documented and reviewed as part of lifecycle activities.
    Change Classification Workflow includes classification of changes as Standard, Normal, or Emergency to support routing and lifecycle handling.
    Change Registration Workflow includes creation and registration of a CR prior to evaluation or implementation activities.
    CI/CD Integration Integration with CI/CD pipelines supports automated execution of testing, validation, and deployment activities where applicable.
    Lifecycle Closure Lifecycle activities include closure of changes following validation, documentation, and completion of required records.
    Management Reports Reporting capabilities provide visibility into process performance and outcomes to support analysis and continuous improvement.
    Post-Implementation Review (PIR) Lifecycle activities include post-implementation review for major, emergency, or unsuccessful changes.
    Segregation of Duties Control Role assignments and workflow configuration support separation of validation, authorization, and implementation activities to reduce the risk of conflicting actions. Access and role design support enforcement of separation where applicable, and exceptions are documented and reviewed as part of lifecycle activities.
    Technical Review Control Lifecycle activities may include technical review (e.g., TRB) for applicable changes to evaluate design, architecture, and integration considerations.
    Validation Control Lifecycle activities include validation and review steps prior to authorization to support completeness, accuracy, and readiness. Activities may include technical, managerial, or independent assessment where applicable.
    Workflow Controls Workflow configuration supports lifecycle progression, including routing, notifications, escalation, and management of change attributes during review and implementation.
2.125.2.1.6.2 (09-24-2018)
Metrics

  1. Metrics provide insight into performance and outcomes of the Change Management process across lifecycle activities.

  2. Metrics support monitoring, reporting, and analysis of process effectiveness and efficiency. These metrics may be used to identify trends, risks, and opportunities for improvement across the lifecycle.

2.125.2.1.6.3 (09-24-2018)
Tailoring Guidelines

  1. Tailoring supports adaptation of lifecycle activity execution based on the context of the change while maintaining alignment with the defined lifecycle.

    • Lifecycle activities defined in IRM 2.125.2.2 are retained, with adjustments applied to sequencing or execution depth where appropriate

    • Tailoring decisions are documented by the Change Analyst or Change Coordinator, including rationale and scope of adjustment

    • Tailoring decisions are reviewed as part of lifecycle governance activities and recorded with the associated change record

    • Tailored execution continues to utilize applicable controls and lifecycle activities

    • Records of tailoring decisions are maintained to support traceability of lifecycle execution

2.125.2.1.7 (09-24-2018)

Terms/Definitions/Acronyms

  1. The tables in the Terms and Definitions and Acronyms sections define terms and acronyms used in this IRM.

2.125.2.1.7.1 (09-24-2018)
Terms and Definitions

  1. The following terms and definitions are used in this IRM.

    Term Definition
    Approval A decision to permit progression of a change based on review of risk, impact, readiness, and supporting information.
    Artifact A work product produced or used within the Change Management process, such as plans, test results, or implementation records.
    Authorization The decision to allow implementation of a change based on risk, impact, and defined approval levels.
    Backout Method See Remediation Plan.
    Change Any addition, modification, or removal of a CI or its attributes.
    Change Category A classification describing the type or domain of a change (e.g., application, infrastructure, database, security) used to support routing and assignment.
    Change Classification The categorization of a change based on risk and characteristics to determine lifecycle handling. Classifications include Standard, Normal, and Emergency. Major changes are identified as a subset of Normal changes requiring additional review.
    Change Management (ChM) The process used to manage changes to CIs through defined lifecycle activities from initiation through closure.
    Change Request (CR) The record used to capture, assess, authorize, implement, and track a proposed change through lifecycle activities defined in IRM 2.125.2.2.
    Change Type See Change Category.
    Closure Completion of a CR following implementation, validation, post-implementation review (when applicable), and update of associated records.
    Configuration Baseline A documented state of a system or service used as a reference point for future changes.
    Configuration Control Board (CCB) A group that evaluates and provides decisions on proposed changes related to configuration baselines.
    Configuration Item (CI) A component or service asset required to deliver IT services that is tracked within configuration management systems.
    Configuration Management (CM) The process that maintains information about CIs, including attributes, relationships, and lifecycle status.
    Configuration Management Database (CMDB) A repository that stores records of CIs and their relationships.
    Deferral The postponement of a CR decision or implementation based on risk, priority, or scheduling considerations.
    Demand Management The process through which work is requested, evaluated, prioritized, and may result in initiation of a CR.
    Development or Core Engineering Change A complex change involving design and engineering activities affecting one or more CIs.
    Emergency Change A change implemented to address or prevent a high-priority incident or service disruption using an expedited lifecycle sequence.
    Environment A defined set of systems or infrastructure designated for a specific purpose (e.g., Development, Test, Production).
    Governance Boards Groups that provide review and input for changes, including CAB and TRB.
    Incident An unplanned interruption to, or reduction in the quality of, an IT service.
    Incident Management The process used to restore normal service operation following an incident.
    Known Error A problem with an identified root cause and documented workaround.
    Normal Change A change that follows the standard lifecycle with assessment, review, and authorization prior to implementation.
    Priority A classification derived from impact and urgency used to determine response and handling.
    Problem Management The process used to identify root causes of incidents and implement solutions to prevent recurrence.
    Rejection or Denial A decision that prevents a CR from progressing based on incomplete information or unacceptable risk.
    Release Management The process used to plan and coordinate deployment of approved changes across environments.
    Remediation Plan A documented approach for restoring a system or service to a stable state if a change is unsuccessful.
    Service Level Management The process used to manage service performance against defined service level agreements (SLAs).
    Standard Change A pre-defined, low-risk, repeatable change that follows an established procedure and does not require additional authorization.
    Successful Change A change implemented as planned that achieves the intended outcome without causing incidents or requiring remediation.
    Urgency The time sensitivity associated with implementing a change.
    Validation Activities performed to confirm completeness, accuracy, and readiness of a CR prior to authorization.
    Withdrawal The removal of a CR from the lifecycle prior to implementation.
    Work Request A request submitted through Demand Management that may result in initiation of a CR.
2.125.2.1.7.2 (09-24-2018)
Acronyms

  1. The following acronyms are used in this IRM.

    Acronym Definition
    CAB Change Advisory Board
    CCB Configuration Control Board
    ChM Change Management
    CI Configuration Item
    CM Configuration Management
    CMDB Configuration Management Database
    CMS Configuration Management System
    CI/CD Continuous Integration / Continuous Deployment
    ISO Information System Owner
    ISSO Information System Security Officer
    ITIL Information Technology Infrastructure Library
    P1/P2 Priority 1 / Priority 2
    QA Quality Assurance
    RfC Request for Change
    SIA Security Impact Assessment
    SLA Service Level Agreement
    SME Subject Matter Expert
    TRB Technical Review Board
2.125.2.1.8 (09-24-2018)

Related Resources

  1. The following resources support execution of the Change Management process and provide additional guidance aligned to lifecycle activities:

    • IRM 2.150.2 Configuration Management Process

    • IRM 2.148.2 Incident Management Process

    • IRM 10.8.2 IT Security Roles and Responsibilities

    • ISO/IEC 20000-1:2018 — Information technology — Service Management — Part 1: Service Management System Requirements (Clause 8.6 — Change Management)

    • ISO/IEC 20000-2:2019 — Information technology — Service Management — Part 2: Guidance on the Application of Service Management Systems

    • Information Technology Infrastructure Library (ITIL) 4 — Change Enablement practice

2.125.2.1.9 (09-24-2018)

Training

  1. Training supports execution of the Change Management process by providing stakeholders with an understanding of lifecycle activities, roles, and responsibilities.

  2. Training resources include:

    • Change Management Process Overview (ELMS Course #43161)

    • Configuration Management Overview (ELMS Course #23279)

    • Configuration Management Combo Course (ELMS #64877)

2.125.2.2 (09-24-2018)

Change Management Process

  1. The Change Management process defines a structured, lifecycle-based approach for managing changes to CIs across all environments. The lifecycle provides the execution model for managing changes from initiation through closure.

  2. Lifecycle activities are defined in this section and describe how changes progress through the process.

  3. The lifecycle activities align with ITIL 4 Change Enablement practices to support consistency with industry approaches while reflecting IRS-specific operational context.

  4. Changes are managed through a CR and progress through lifecycle activities from initiation through closure.

2.125.2.2.1 (09-24-2018)

IRS Change Management Activities (Authoritative Lifecycle)

  1. The Change Management process includes the following lifecycle activities, which are performed in sequence unless adjusted for Emergency Changes.

    Activity ID Activity Name Description
    ChM 1.0 Change Pre-Coordination Translates work requests, incidents, or problems into defined changes and aligns them with responsible technical teams.
    ChM 2.0 Change Logging Creates and records the CR in the System of Record.
    ChM 3.0 Frontline Manager Validation Performs initial validation of the CR to confirm business need, scope, and completeness, and supports progression of the CR for further assessment. This activity is not applicable to Emergency Changes.
    ChM 4.0 Coordinator Review Reviews the CR for completeness, classification, and readiness for assessment.
    ChM 5.0 Assess and Evaluate Performs analysis of risk, impact, dependencies, and resource considerations, including SIA where applicable.
    ChM 6.0 Plan, Design, Build & Test Develops, designs, builds, and tests the change as applicable.
    ChM 7.0 Technical Review and Validation Performs technical evaluation of the change, including completeness and readiness for authorization through TRB review. Provides recommendations to support authorization decisions.
    Technical review (ChM 7.0) and cross-functional review and authorization activities (ChM 8.0) may be conducted through a coordinated or combined review forum or automated workflow while maintaining distinct responsibilities for technical evaluation and authorization inputs.
    ChM 8.0 Schedule and Authorize Coordinates scheduling within defined deployment windows and performs authorization based on risk classification (Change Authority, CAB, or ECA). Standard changes follow predefined change models that support consistent and repeatable execution. Emergency changes follow an expedited sequence and are reviewed during post-implementation activities.
    ChM 9.0 Implementation Performs implementation of the authorized change in the designated environment(s).
    ChM 10.0 Review and Close Reviews and validates implementation outcomes, performs post-implementation review for major, emergency, or unsuccessful changes, updates associated records and configuration baselines in coordination with Configuration Management (IRM 2.150.1), and closes the CR.

  2. These activities represent the end-to-end lifecycle of a CR and describe how changes progress through the Change Management process.

2.125.2.2.2 (05-21-2026)

Alignment to ITIL 4 Change Enablement

  1. The Change Management process aligns with ITIL 4 Change Enablement practices as follows:

    ITIL 4 Practice Activity ITIL Description IRS Activity Alignment
    Create and Record Change Capture, define, and log the change request ChM 1.0 – Change Pre-Coordination
    ChM 2.0 – Change Logging
    Review Change Perform initial validation for completeness and business context ChM 3.0 – Frontline Manager Validation
    ChM 4.0 – Coordinator Review
    Assess and Evaluate Change Analyze risk, impact, dependencies, and resource requirements ChM 5.0 – Assess and Evaluate
    Build and Test Change Develop, configure, and test the change ChM 6.0 – Plan, Design, Build & Test
    Review and Validate Change Perform technical and quality validation prior to implementation ChM 7.0 – Technical Review and Validation (TRB)
    Authorize Change Make a risk-based decision to allow or not allow implementation of the change ChM 8.0 – Schedule and Authorize
    Coordinate Change Implementation Plan scheduling, deployment, and communication activities ChM 8.0 – Schedule and Authorize
    Implement Change Perform the change in the target environment ChM 9.0 – Implementation
    Review and Close Change Review outcomes, perform post-implementation activities, and close the change record ChM 10.0 – Review and Close

  2. IRS-specific lifecycle activities, including ChM 7.0 (Technical Review and Validation), extend ITIL practices by incorporating technical evaluation activities within the lifecycle to support design, architecture, and integration considerations.

2.125.2.2.3 (05-21-2026)

Activity-Level Roles, Change Type, Artifacts, and Controls Applicability

  1. Each Change Management lifecycle activity (ChM 1.0 through ChM 10.0) identifies:

    • Primary roles participating in execution

    • Applicable change types that influence when the activity occurs

    • Artifacts produced and maintained during lifecycle execution

    • Controls that support execution of lifecycle activities

  2. The following table describes activity-level roles, change type applicability, artifacts, and controls for the Change Management lifecycle.

  3. This structure supports traceability, coordination, and visibility across lifecycle activities.

    Activity ID and Name Primary Roles Applicable Change Types Required Artifacts Key Controls
    ChM 1.0 - Change Pre-Coordination Change Analyst (Initiating); Change Coordinator Standard; Normal; Development/Core Engineering; Emergency (expedited) Pre-Coordination notes; initial request details; stakeholder communications Stakeholder engagement and initial request completeness are reviewed during activity execution
    ChM 2.0 - Change Logging Change Analyst (Initiating) Standard; Normal; Development/Core Engineering; Emergency CR record; CI associations; initial classification System workflow supports capture of required fields and unique identification of the CR
    ChM 3.0 - Frontline Manager Validation Frontline Manager Standard; Normal; Development/Core Engineering; Not applicable to Emergency Validation comments; progression decision Validation activities support progression of the CR; role separation supports segregation of duties
    ChM 4.0 -Coordinator Review Change Coordinator Standard; Normal; Development/Core Engineering; Not applicable to Emergency Review notes; completeness checklist Review activities support completeness and readiness for assessment
    ChM 5.0 - Assess and Evaluate Change Analyst (Assigned); Change Coordinator; ISO; ISSO Standard (as applicable); Normal; Development/Core Engineering; Emergency (expedited) Risk assessment; impact analysis; security review inputs (ISO/ISSO) Risk and impact analysis activities support evaluation and decision-making
    ChM 6.0 - Plan, Design, Build & Test Change Analyst (Implementing); Supporting Technical Teams Normal; Development/Core Engineering Implementation plan; test plans; test results; backout plan Testing and preparation activities support readiness for authorization and implementation
    ChM 7.0 - Technical Review and Validation TRB; SMEs Normal; Development/Core Engineering; Major Changes Technical review outputs; SME inputs Technical review activities provide evaluation of design, architecture, and integration considerations
    ChM 8.0 - Schedule and Authorize Change Authority; CAB; ECA; Change Manager Standard (pre-approval); Normal; Development/Core Engineering; Emergency Authorization records; implementation schedule Authorization activities are performed based on risk classification; workflow supports routing and documentation of decisions
    ChM 9.0 -Implementation Change Analyst (Implementing); Release Manager Standard; Normal; Development/Core Engineering; Emergency Implementation logs; deployment records; incident logs (if applicable) Implementation activities are performed in alignment with approved plans; workflow supports tracking of execution
    ChM 10.0 -Review and Close Change Manager; Audit/QA; Change Analyst Standard; Normal; Development/Core Engineering; Emergency Post-implementation review records; closure record; supporting logs Review activities support validation of outcomes and completion of lifecycle records; updates to CI records are coordinated with Configuration Management (IRM 2.150.1)