Controlled Network Change Management That Eliminates Downtime Risk

A Change Advisory Board (CAB) is a governance body that reviews, approves, and schedules significant network changes before deployment. Composed of network engineers, security architects, business representatives, and management, the CAB evaluates risk, confirms rollback plans, and ensures changes are scheduled to minimise business disruption. We facilitate CAB meetings — typically weekly — and maintain all meeting records as part of your change audit trail.

We manage three change categories: Standard changes — pre-approved, low-risk, repeatable changes (e.g., adding a VLAN, creating a firewall rule) with a simplified process. Normal changes — new or moderate-risk changes requiring full impact assessment and CAB approval. Emergency changes — urgent security patches or incident-driven changes fast-tracked through an expedited e-CAB approval process. All categories maintain complete audit trails.

We employ four safeguards: (1) Lab testing — changes are validated in a representative lab environment before production. (2) Rollback plans — every change has a tested rollback procedure with a defined decision point and maximum acceptable downtime threshold. (3) Staged rollout — high-risk changes are deployed incrementally, monitoring between each stage. (4) Maintenance windows — changes scheduled during low-traffic periods with a dedicated NOC engineer on standby throughout.

Approval timelines depend on change category: Standard changes — same-day or next-day as they follow a pre-approved template. Normal changes — typically 3–5 business days from request submission to CAB approval, allowing time for impact analysis and documentation. Emergency changes — e-CAB approval within 2–4 hours for critical security incidents. We work with your organisation to pre-classify as many routine changes as possible to accelerate standard change throughput.

Yes — we integrate natively with ServiceNow, Jira Service Management, Freshservice, and BMC Remedy for change request management. Change records are created, updated, and closed within your ITSM, with all approval workflows, risk assessments, and deployment notes captured there. If you do not have an ITSM, we provide a hosted change management portal with full change lifecycle tracking, notification workflows, and reporting included in our service.

Cloud migrations follow a specialised change management track that includes: a pre-migration network readiness assessment, cloud connectivity architecture design, a phased migration plan with clearly defined go/no-go criteria at each stage, and a cutover runbook with parallel-running capability during the transition period. We support migrations to AWS (Direct Connect), Azure (ExpressRoute), and GCP (Dedicated/Partner Interconnect), ensuring network performance and security objectives are maintained throughout the transition.

Each change produces: a Change Request (RFC) — scope, justification, risk rating, and business impact. An Implementation Plan — step-by-step deployment instructions with timing. A Rollback Plan — documented reversal procedure with decision criteria. A Test Plan — pre- and post-change validation checks. A Post-Implementation Review — success confirmation or lessons learned. All documentation is retained for a minimum of 3 years for compliance purposes.

For emergency security changes — such as zero-day vulnerability patches or active threat containment — we operate an expedited e-CAB process with a designated approver available 24/7. The risk assessment is condensed to critical items only, and the change can be authorised within 2 hours. The full RFC documentation is completed retrospectively within 24 hours of deployment. Change freeze periods are suspended for genuine security emergencies with CISO-level authorisation.

Our change management process is designed to satisfy the change control requirements of ISO 27001 (Annex A.12.1.2), ITIL v4 Change Enablement Practice, PCI-DSS Requirement 6.4 and 11.3, SOC 2 Common Criteria CC8, NIST SP 800-53 CM-3, and CIS Controls 4.1. We maintain full audit evidence — change records, approval logs, deployment timestamps, and PIR documents — formatted for direct submission to auditors and compliance reviewers.

Yes — change and incident management are fully integrated in our service delivery. When an incident requires a network change to resolve, an emergency change record is automatically created and linked to the incident ticket. Post-incident analysis also identifies whether a change is needed to prevent recurrence, creating a proactive change backlog from incident intelligence. Change freeze periods are surfaced to incident responders so NOC engineers can make informed decisions during high-pressure situations.

Click "Plan Your Next Change Safely" to describe your change requirement — what you want to change, the business reason, and your desired timeline. Our team will respond within 4 hours to confirm the change category, initiate the RFC process, and assign an engineer. For standard changes, we target same-day acknowledgement and next-available-window deployment. All clients receive a dedicated change manager as their single point of contact throughout the lifecycle.