The global skills and competency framework for the digital world

Change control CHMG


Assessing risks associated with proposed changes and ensuring changes to products, services or systems are controlled and coordinated.

SFIA 9 is in development

  • SFIA 9 beta due in early July 2024
  • SFIA 9 planned for publication October 2024

This is a prototype for SFIA 9. It is subject to change before publication.

Guidance notes


Change control is applied to anything that impacts live products, services or systems. This typically includes — applications, infrastructure, documentation, processes, configuration items, suppliers.

Activities may include — but are not limited to:

  • managing the lifecycle of change requests — registering, assessing, authorising, planning, deploying
  • assessing risks and reducing risks to the availability, performance, security and compliance of the products and services impacted by the change
  • developing processes for standard, normal or emergency changes
  • developing methods and tools to automate change control processes to enable continuous integration.


Defined at these levels: 2 3 4 5 6

Change control: Level 1

Change control: Level 2


Administer, track, log, report on change requests, using appropriate tools, techniques and processes.

Provide assistance to implement standard low-risk changes, in accordance with defined change control procedures.

Change control: Level 3


Develops, documents and implements changes based on requests for change.

Applies change control procedures.

Applies tools, techniques and processes to manage and report on change requests.

Change control: Level 4


Assesses, analyses, develops, documents and implements changes based on requests for change.

Ensures that operational processes are in place for effective change control.

Develops, configures and maintains tools to manage and report on the lifecycle of change requests.

Identifies problems and issues and recommend corrective actions.

Change control: Level 5


Leads the assessment, analysis, development, documentation and implementation of changes.

Develops implementation plans for complex requests for change.

Reviews proposed implementations and evaluates the risks to the integrity of the product and service environment. Ensures appropriate change approval is applied to changes.

Reviews the effectiveness of change implementation. Identifies, evaluates and manages the adoption of appropriate tools, techniques and processes for change control.

Change control: Level 6


Sets the organisation's policy for the management of change in live services and test environments.

Ensures effective control and treatment of risk.

Leads the development of new methods and tools for change control.

Measures and monitors adherence to standards and ensures consistent execution of the process across the organisation.

Change control: Level 7