BLOG

Kill the CAB (Change Approval Board)

September 27, 2024
curved line

In today’s world of work, speed and flexibility are critical. Yet, many organizations still rely on template intensive, milestone-based ways of managing projects which often slows down the process in delivering value. This blog post, inspired by the podcast featuring Peter Maddison and our CEO Dave Sharrock, dives into why we may want to re-think the role of Change Approval Boards (CABs), and apply more modern approaches to managing change to stay agile and compliant.

What are CABs?

Traditional CABs act as gatekeepers around changes to, for instance, IT environments. They require multiple approvals before any change can be implemented. While this may sound good in theory, it often slows down delivery times. In a world where fast feedback loops are essential, this is a significant drawback. CABs become barriers rather than facilitators of change, which contradicts the principles of agile and DevOps.

Evolution of the CAB

As organizations shift towards more agile and DevOps centric ways of working, the role of the CAB must also evolve. In these more modern ways of working, delivery teams take more responsibility for changes. CABs should focus on more complex changes that have an impact on multiple business areas, rather than getting involved in every minor update. This shift helps streamline workflows and enhances overall efficiency.

Dual Tracks for Changes

A common approach to manage overall efficiency around change in today’s work world is to develop a dual-track system. One track handles significant changes requiring formal approval, while the other allows for smaller, quicker changes. However, integrating these tracks effectively is a challenge. It’s crucial to balance agility and compliance, ensuring that both tracks work in harmony without sacrificing one for the other.

DevOps and Risk Management

DevOps practices offer excellent tools for managing change. Compliance and security checks can be embedded within the delivery pipeline. This approach not only speeds up the process but also ensures that all necessary checks are performed. Educating delivery teams about risks and compliance requirements is vital for making informed decisions.

Building a Safety Culture

Creating a culture of safety is essential. Delivery teams should work closely with compliance and security experts. These safety teams can engage with high-risk changes and guide teams right from the initial planning phase. This collaboration ensures that safety and compliance are integral parts of the development process.

Simplified Risk Models

One effective strategy is to categorize applications based on their risk levels. For example, you can classify them into internal non-PII, internal PII, and external PII categories. This helps streamline processes. A framework like TACO (Traceability, Access, Compliance, Operations) can assist in managing these risk levels, making the entire process smoother and more efficient.

The Strategic Role of CABs

CABs should focus on facilitating change rather than acting as barriers. They should continuously inspect and adapt processes to balance speed and risk management. This strategic role involves more than just approving changes; it requires actively working to enable efficient and safe transitions.

The traditional role of CABs is no longer viable in agile and DevOps environments. CABs must evolve to support these modern practices by shifting from gatekeepers to enablers of efficient and safe changes. This requires a dual-track approach, integrating compliance and risk management within delivery teams, and fostering a culture of safety and continuous improvement.

By rethinking the role of CABs, organizations can achieve a balance between speed and safety, ensuring that they remain competitive in today’s fast-paced business environment. If you're ready to revolutionize change in your organization, consider integrating these strategies. For personalized guidance, book a call with one of our consultants today and take the first step towards a more agile future.

As experts in agile and DevOps transformations, we at IncrementOne provide customized solutions to turn your CABs into efficient change facilitators. Our services include:

  • Compliance integrations
  • Risk management frameworks
  • Personalized training for your teams

Contact us today to learn how we can support your journey to agile excellence.

Subscriber Exclusives
Elevate YOUR agile game week by week. Join the community and get early access to our blog, newsletter, and special pricing!

In today’s world of work, speed and flexibility are critical. Yet, many organizations still rely on template intensive, milestone-based ways of managing projects which often slows down the process in delivering value. This blog post, inspired by the podcast featuring Peter Maddison and our CEO Dave Sharrock, dives into why we may want to re-think the role of Change Approval Boards (CABs), and apply more modern approaches to managing change to stay agile and compliant.

What are CABs?

Traditional CABs act as gatekeepers around changes to, for instance, IT environments. They require multiple approvals before any change can be implemented. While this may sound good in theory, it often slows down delivery times. In a world where fast feedback loops are essential, this is a significant drawback. CABs become barriers rather than facilitators of change, which contradicts the principles of agile and DevOps.

Evolution of the CAB

As organizations shift towards more agile and DevOps centric ways of working, the role of the CAB must also evolve. In these more modern ways of working, delivery teams take more responsibility for changes. CABs should focus on more complex changes that have an impact on multiple business areas, rather than getting involved in every minor update. This shift helps streamline workflows and enhances overall efficiency.

Dual Tracks for Changes

A common approach to manage overall efficiency around change in today’s work world is to develop a dual-track system. One track handles significant changes requiring formal approval, while the other allows for smaller, quicker changes. However, integrating these tracks effectively is a challenge. It’s crucial to balance agility and compliance, ensuring that both tracks work in harmony without sacrificing one for the other.

DevOps and Risk Management

DevOps practices offer excellent tools for managing change. Compliance and security checks can be embedded within the delivery pipeline. This approach not only speeds up the process but also ensures that all necessary checks are performed. Educating delivery teams about risks and compliance requirements is vital for making informed decisions.

Building a Safety Culture

Creating a culture of safety is essential. Delivery teams should work closely with compliance and security experts. These safety teams can engage with high-risk changes and guide teams right from the initial planning phase. This collaboration ensures that safety and compliance are integral parts of the development process.

Simplified Risk Models

One effective strategy is to categorize applications based on their risk levels. For example, you can classify them into internal non-PII, internal PII, and external PII categories. This helps streamline processes. A framework like TACO (Traceability, Access, Compliance, Operations) can assist in managing these risk levels, making the entire process smoother and more efficient.

The Strategic Role of CABs

CABs should focus on facilitating change rather than acting as barriers. They should continuously inspect and adapt processes to balance speed and risk management. This strategic role involves more than just approving changes; it requires actively working to enable efficient and safe transitions.

The traditional role of CABs is no longer viable in agile and DevOps environments. CABs must evolve to support these modern practices by shifting from gatekeepers to enablers of efficient and safe changes. This requires a dual-track approach, integrating compliance and risk management within delivery teams, and fostering a culture of safety and continuous improvement.

By rethinking the role of CABs, organizations can achieve a balance between speed and safety, ensuring that they remain competitive in today’s fast-paced business environment. If you're ready to revolutionize change in your organization, consider integrating these strategies. For personalized guidance, book a call with one of our consultants today and take the first step towards a more agile future.

As experts in agile and DevOps transformations, we at IncrementOne provide customized solutions to turn your CABs into efficient change facilitators. Our services include:

  • Compliance integrations
  • Risk management frameworks
  • Personalized training for your teams

Contact us today to learn how we can support your journey to agile excellence.

Interested in becoming a catalyst for positive change in your organization?

Click here for
a free consult