DraftInternalISO 9001ISO 27001

SW-IMS-FRM-011

Change Request Form

Version

1.0

Owner

Change Manager

Effective Date

TBD

Review Date

TBD

Change Request Form

Purpose

This form is used to request, document, and track changes to Swedwise's systems, infrastructure, applications, processes, or services. It ensures that changes are properly evaluated, approved, and implemented in a controlled manner, minimizing risk and maintaining service quality.

Instructions

Submit before implementation: All changes require approval before execution (except emergency changes—see procedure)
Complete all sections: Provide sufficient detail for informed decision-making
Assess impact and risk: Use SW-IMS-FRM-012 for detailed impact and risk assessment
Obtain approvals: Route to appropriate approvers based on change type and risk
Track implementation: Update status throughout change lifecycle
Post-implementation review: Complete SW-IMS-FRM-013 after change is deployed

Section 1: Change Request Information

Field	Details
Change Request ID	[Auto-assigned: CHG-YYYY-NNN]
Submission Date	[YYYY-MM-DD]
Requested By
Requester Email
Requester Department
Requester Phone

Section 2: Change Classification

2.1 Change Type

What type of change is this?

Standard Change: Pre-approved, low-risk, routine change with documented procedure
- Specify standard change procedure: _______________________
Normal Change: Requires evaluation, approval, and CAB review
Emergency Change: Urgent change to restore service or prevent critical impact
- Emergency justification: _______________________

2.2 Change Category

What is being changed?

Infrastructure (servers, network, storage)
Application/Software (installation, upgrade, configuration)
Database (schema, data, configuration)
Security (firewall rules, access controls, security tools)
Process/Procedure (business process, workflow, documentation)
Hardware (equipment addition, replacement, maintenance)
Environment (development, test, staging, production)
Third-Party/Vendor (supplier system, integration, service)
Other: _______________________

2.3 Affected Service/System

Which services or systems are affected?

Specific component(s): [e.g., Production web servers, Salesforce instance, VPN gateway]

Section 3: Change Description

3.1 Change Title

Brief, descriptive title:

[e.g., "Upgrade SaaS platform database to PostgreSQL 15.2", "Implement MFA for admin access", "Update incident response procedure"]

3.2 Detailed Description

What will be changed?

[Describe the change in detail. What is the current state and what will the new state be?]

Current State:

Proposed State:

3.3 Business Justification

Why is this change needed?

Detailed Justification:

[Explain the business need, problem being solved, or opportunity being pursued]

What happens if this change is NOT made?

[Consequences of not implementing the change]

3.4 Benefits

Expected benefits of this change:

Quantified benefits (if possible):

[e.g., "Reduce response time by 30%", "Save 50k SEK annually", "Eliminate critical security vulnerability"]

Section 4: Change Details

4.1 Implementation Plan

How will this change be implemented?

[High-level implementation approach. Detailed steps should be in separate implementation plan for complex changes.]

Implementation Steps:

Implementation Duration: [Hours or days]

Implementer(s): [Who will perform the change?]

4.2 Proposed Schedule

Field	Details
Preferred Implementation Date	[YYYY-MM-DD]
Preferred Implementation Time	[Time window, e.g., 02:00-06:00]
Maintenance Window Required?	[ ] Yes - Duration: _______ [ ] No - No downtime expected
Change Window Type	[ ] Standard business hours [ ] After hours [ ] Weekend [ ] Planned maintenance window

Scheduling Considerations:

[Blackout periods to avoid? Customer events? Peak usage times? Dependencies on other changes?]

4.3 Testing and Validation

Has this change been tested?

Yes - in development environment
Yes - in test environment
Yes - in staging environment
Yes - in production (small-scale pilot)
No - will be tested in production (explain why): _______
Not applicable (explain why): _______

Test Results Summary:

Post-Implementation Validation Plan:

[How will you verify the change was successful? Specific tests, checks, or measurements.]

Success Criteria:

[What conditions must be met to consider the change successful?]

4.4 Rollback Plan

If the change fails, how will it be rolled back?

[Describe the procedure to return to the previous state]

Rollback Duration: [Time required to rollback]

Rollback Decision Point: [At what point/under what conditions will rollback be triggered?]

Rollback Tested? [ ] Yes [ ] No

Section 5: Impact and Risk Assessment

Complete SW-IMS-FRM-012 (Change Impact and Risk Assessment) and attach.

Summary of impact assessment:

5.1 Impact Summary

Affected Stakeholders:

Estimated User Impact:

No Impact: No user disruption
Low Impact: Minor inconvenience, limited users affected
Medium Impact: Noticeable disruption, significant user population affected
High Impact: Major disruption, widespread impact
Critical Impact: Service outage, all users affected

Downtime Required?

No downtime
Planned downtime: _______ minutes/hours
Potential unplanned downtime (explain): _______

5.2 Risk Summary

Overall Change Risk Rating:

Low: Routine change, low complexity, well-understood, minimal impact
Medium: Moderate complexity, some unknowns, noticeable impact
High: Complex change, significant unknowns, major impact
Critical: Very complex, high uncertainty, critical systems affected

Key Risks:

Risk	Likelihood	Impact	Mitigation
	[ ] Low [ ] Medium [ ] High	[ ] Low [ ] Medium [ ] High
	[ ] Low [ ] Medium [ ] High	[ ] Low [ ] Medium [ ] High
	[ ] Low [ ] Medium [ ] High	[ ] Low [ ] Medium [ ] High

Reference: SW-IMS-FRM-012 (Change Impact and Risk Assessment)

Section 6: Dependencies and Relationships

6.1 Change Dependencies

Does this change depend on other changes?

Yes - specify: _______________________
No

Are other changes dependent on this change?

Yes - specify: _______________________
No

Related incidents, problems, or requests:

Type	ID	Description
[ ] Incident [ ] Problem [ ] Request
[ ] Incident [ ] Problem [ ] Request

Related projects or initiatives:

Section 7: Resources Required

7.1 Resource Requirements

Resource Type	Requirement	Cost	Availability Confirmed?
Staff Time	[Person-hours]		[ ] Yes [ ] No
Tools/Software			[ ] Yes [ ] No [ ] N/A
Hardware			[ ] Yes [ ] No [ ] N/A
External Support	[Vendor, consultant]		[ ] Yes [ ] No [ ] N/A
Downtime/Maintenance Window	[Hours]	[Opportunity cost]	[ ] Yes [ ] No [ ] N/A
Other			[ ] Yes [ ] No [ ] N/A

Total Estimated Cost: _______________________

Budget Approved? [ ] Yes [ ] No [ ] N/A

7.2 Communications

Who needs to be notified about this change?

Communication Plan:

Stakeholder Group	Message	Channel	Timing	Owner
	[What to communicate]	[Email, meeting, portal]	[When]

Reference: SW-IMS-FRM-010 (Communication Plan) if detailed plan required

Section 8: Approval Workflow

8.1 Technical Approval

Technical review by system/service owner:

Field	Response
Technical Feasibility	[ ] Feasible [ ] Feasible with modifications [ ] Not feasible
Implementation Plan Adequate?	[ ] Yes [ ] No - see comments
Rollback Plan Adequate?	[ ] Yes [ ] No - see comments
Testing Sufficient?	[ ] Yes [ ] No - see comments
Recommendation	[ ] Approve [ ] Approve with conditions [ ] Reject [ ] Defer

Technical Reviewer Comments:

Technical Approval:

Name	Role	Date	Signature
	System/Service Owner

8.2 Change Advisory Board (CAB) Approval

Required for: Normal changes (Medium/High/Critical risk), Major changes, Cross-functional changes

CAB Meeting Date: [YYYY-MM-DD]

CAB Decision:

Approved: Change approved as submitted
Approved with Conditions: See conditions below
Deferred: More information required; resubmit
Rejected: Change not approved; see rationale

CAB Conditions/Comments:

CAB Members Present:

Name	Role

8.3 Management Approval (if required)

Required for: High/Critical risk changes, Changes affecting SLA, Budget > [threshold]

Field	Response
Business Impact Acceptable?	[ ] Yes [ ] No
Risk Acceptable?	[ ] Yes [ ] No
Resource Allocation Approved?	[ ] Yes [ ] No
Decision	[ ] Approve [ ] Approve with conditions [ ] Reject [ ] Defer

Management Comments:

Management Approval:

Name	Role	Date	Signature
	CEO / Management Team

8.4 Final Approval

Change Approved for Implementation? [ ] Yes [ ] No

Approved By: _______________________

Approval Date: [YYYY-MM-DD]

Scheduled Implementation Date/Time: [YYYY-MM-DD HH:MM]

Section 9: Implementation Tracking

9.1 Pre-Implementation Checklist

Item	Status	Completed By	Date
All approvals obtained	[ ] Complete [ ] Pending
Resources confirmed available	[ ] Complete [ ] Pending
Stakeholders notified	[ ] Complete [ ] Pending
Backups verified current	[ ] Complete [ ] Pending [ ] N/A
Rollback plan documented	[ ] Complete [ ] Pending
Implementation team briefed	[ ] Complete [ ] Pending
Maintenance window scheduled	[ ] Complete [ ] Pending [ ] N/A
Monitoring/alerting prepared	[ ] Complete [ ] Pending [ ] N/A

9.2 Implementation Log

Date/Time	Activity	Status	Notes	Updated By
	Change implementation started


	Change implementation completed

9.3 Post-Implementation Validation

Validation Performed? [ ] Yes [ ] No

Validation Date/Time: [YYYY-MM-DD HH:MM]

Validation Results:

Success Criterion	Result	Evidence
	[ ] Pass [ ] Fail
	[ ] Pass [ ] Fail
	[ ] Pass [ ] Fail

Overall Validation: [ ] Successful [ ] Unsuccessful - Rollback initiated

9.4 Implementation Outcome

Change Status:

Successful: Change implemented successfully; no issues
Successful with Issues: Change implemented but minor issues noted (see notes)
Partially Successful: Some objectives achieved; further work needed
Failed: Change failed; rolled back to previous state
Cancelled: Change cancelled before/during implementation

Actual Implementation Date/Time: [YYYY-MM-DD HH:MM]

Actual Downtime: _______ (if applicable)

Issues Encountered:

Resolution of Issues:

Section 10: Post-Implementation Review

Complete SW-IMS-FRM-013 (Post-Implementation Review) within [TBD - e.g., 7 days] of implementation.

PIR Completed? [ ] Yes [ ] No [ ] N/A

PIR Date: [YYYY-MM-DD]

PIR Summary:

Field	Result
Objectives Achieved?	[ ] Yes [ ] Partially [ ] No
Issues Encountered?	[ ] Yes - documented in PIR [ ] No
Lessons Learned Captured?	[ ] Yes [ ] No
Follow-Up Actions Required?	[ ] Yes - see PIR [ ] No

Section 11: Change Closure

Change Record Closed By: _______________________

Closure Date: [YYYY-MM-DD]

Final Status: [ ] Successful [ ] Unsuccessful [ ] Cancelled

Change Record Complete?

Closure Comments:

Notes for Users

When to Submit a Change Request

Submit a change request for:

Infrastructure changes: Server, network, storage modifications
Application changes: Software installations, upgrades, configuration changes
Security changes: Firewall rules, access controls, security tool changes
Process changes: Significant updates to documented procedures or workflows
Database changes: Schema changes, significant data updates

Exceptions (no formal CR required):

Routine user access provisioning/de-provisioning (follow access control procedure)
Document updates (follow document control procedure)
Pre-approved standard changes with documented procedures

When in doubt, submit a change request.

Change Types Explained

Standard Change:

Low-risk, routine change
Pre-approved by CAB (doesn't need individual approval)
Documented procedure exists
Examples: Password resets, routine patching, standard user provisioning

Normal Change:

Requires evaluation and approval
Reviewed by CAB for medium/high risk
Most changes fall into this category
Examples: System upgrades, configuration changes, new integrations

Emergency Change:

Urgent change to restore service or prevent critical impact
Abbreviated approval process (post-implementation approval allowed)
Must still be documented and reviewed
Examples: Hotfix for critical security vulnerability, emergency service restoration