Top Change Management Questions & Answers

By /






Mastering ITSM: Your Top Questions on Incident, Problem, and Change Management Answered


Mastering ITSM: Your Top Questions on Incident, Problem, and Change Management Answered

Ever felt like you’re caught in a never-ending loop of IT issues? One minute, a user can’t access their email, the next, a critical application crashes, and then your team is scrambling to deploy a patch. This whirlwind of activity is the daily reality for many IT professionals, but it doesn’t have to be chaos.

Enter the formidable trio of IT Service Management (ITSM): Incident Management, Problem Management, and Change Management. These aren’t just fancy terms from the ITIL framework; they’re the foundational pillars that allow IT teams to move beyond mere firefighting to deliver stable, reliable, and evolving services.

In this comprehensive guide, we’re going to dive deep into the most common and crucial questions surrounding these interconnected disciplines. We’ll strip away the jargon, provide practical examples, peek behind the curtain with scripting insights, and even give you a leg up for those tricky interview questions. Ready to transform your IT operations from reactive to proactive? Let’s get started!

The Core of IT Stability: Understanding Incidents

What Exactly is an Incident?

Let’s be real: an incident is that “oops!” moment when something suddenly breaks. Imagine a typical Monday morning: a user logs in, tries to access their project management tool, and… nothing. Or maybe their Outlook client just decided to spontaneously quit. That, my friend, is an incident.

In the world of ITSM, an incident is formally defined as an unplanned interruption to an IT service or a reduction in the quality of an IT service. The key here is “unplanned” and “interruption.” When an employee is working and something they rely on to do their job suddenly stops or isn’t working as it should, they need support. They’ll typically reach out to the service desk, and an “incident ticket” or “incident record” is created to track this interruption.

The primary goal of Incident Management is to restore normal service operation as quickly as possible and minimize the adverse impact on business operations. We’re talking speed and efficiency here, getting people back to work.

Think of it like a flat tire on your car. It’s an unexpected interruption to your journey, and your immediate goal is to get it fixed so you can continue driving.

Interview Relevance: Incident Definition

Interviewers want to see that you understand the immediate, disruptive nature of an incident. Emphasize that it’s about restoring service quickly. Distinguish it from a “service request” (which is a normal request for service, like “I need a new mouse”) and a “problem” (which we’ll get to shortly!).

Beyond the Quick Fix: Demystifying Problems

What Constitutes a Problem in ITSM?

Now, let’s say that flat tire wasn’t just a random nail. What if you’ve had three flat tires in two weeks, all on the same wheel? You’d start wondering, “Is there something wrong with this tire, or perhaps the road I’m driving on?” That line of questioning leads you from incident to problem.

In ITSM, a problem is the underlying cause of one or more incidents. It’s not the symptom (the service being down), but the root cause behind why it keeps happening or why it happened in the first place if the cause isn’t obvious. The reference correctly points out: “if the same issue is repeatedly happening to the same employee then it is called problem.”

But it’s more than just recurrence. A problem can also be a single, major incident where the root cause is unknown. The goal of Problem Management isn’t speed of restoration (that’s incident management), but rather identifying the root cause, finding a workaround, and ultimately preventing recurrence of incidents.

Consider the email outage. If it happens once, it’s an incident. If users across multiple departments report email outages every Tuesday for three weeks straight, then you have a problem. The incidents are symptoms; the problem is the faulty email server, the misconfigured firewall, or the overloaded network switch causing those symptoms.

Parent/Child Incidents vs. Problems: A Clarification

The reference mentions: “if the same problem is happening to the multiple people at the same time then its an incident, where will create a parent incident and rest of all will be child incidents, whenever you close the parent incident the child incidents will be also get closed.” This is a crucial distinction often misunderstood:

  • Parent/Child Incidents: This scenario is when a single, widespread outage affects many users concurrently. For example, the company network goes down. Hundreds of users call the service desk. Instead of managing 300 individual incident tickets, a “major incident” or “parent incident” is declared for the network outage. All subsequent calls related to that same outage are linked as “child incidents” to the parent. Resolving the parent resolves the children.
  • Problems: This is about the root cause. The network outage (the parent incident) happened because a specific network device failed. The device failure is the *problem*. This problem might cause *multiple* incidents over time, not just one widespread event. Problem Management focuses on fixing the device to prevent *any* future network outages.

Interview Relevance: Problem Definition

Interviewers want to know you understand Root Cause Analysis (RCA). Can you differentiate between a symptom (incident) and the underlying disease (problem)? Emphasize the proactive nature of Problem Management – preventing future issues – compared to the reactive nature of Incident Management.

The Engine of Evolution: Embracing Change Management

What is Change Management in the ITSM Context?

Imagine your IT infrastructure as a complex ecosystem. To keep it healthy and adapting, you can’t just randomly introduce new species or remove old ones without thinking about the ripple effects. That’s where Change Management comes in.

In ITSM, Change Management is the process of controlling the lifecycle of all changes, enabling beneficial changes to be made with minimum disruption to IT services. This isn’t just about managing organizational changes (like a company merger or a shift in culture), though those often have IT components. Here, we’re talking about changes to the IT environment itself: a new software deployment, a server upgrade, a network configuration alteration, a patch application, or even a new hardware installation.

The goal is paramount: minimize risk, ensure stability, and facilitate innovation. Every change, no matter how small, has the potential to introduce new incidents. Change Management ensures that changes are planned, assessed for risk, approved, implemented, and reviewed in a controlled manner, typically overseen by a Change Advisory Board (CAB).

Using our car analogy: an incident is a flat tire. A problem is finding out the tire itself is defective. A change is replacing all four tires with a new, more durable model after a thorough assessment of road conditions, budget, and performance expectations.

Interview Relevance: Change Management Definition

Highlight your understanding of the controlled nature of changes and the goal of minimizing risk and disruption. Mention the importance of a CAB. Differentiate between types of changes: Standard (pre-approved, low risk), Normal (requires CAB approval), and Emergency (for immediate resolution of major incidents, post-review).

The Interwoven Fabric: Incident, Problem, and Change – A Trinity of IT Excellence

What is the Relationship Between Incident, Problem, and Change Management?

This is where the magic happens, and understanding this relationship is the hallmark of a true ITSM professional. These three processes are not isolated silos; they are deeply interconnected, forming a continuous improvement loop that drives IT maturity.

Let’s trace the journey:

  1. The Spark: An Incident Occurs. A user encounters an issue (“My network drive is inaccessible!”). An incident ticket is created. The immediate focus is to restore service quickly – maybe by restarting a service or checking basic connectivity.
  2. The Investigation: From Incident to Problem. If that network drive issue happens repeatedly, or if it’s a major outage with no obvious quick fix, it triggers Problem Management. We need to find out *why* this keeps happening. Is it a faulty server? A misconfigured share? A bug in the operating system?
  3. The Resolution: From Problem to Change. Once the root cause (the problem) is identified – let’s say it’s a critical bug in the server’s firmware – we can’t just “fix” it on the fly. Applying a firmware update is a significant alteration to the IT environment. This requires a controlled process: a Change Request. The Change Management process ensures this firmware update is planned, tested, approved (by the CAB), and implemented during a scheduled maintenance window to avoid further incidents.
  4. The Proactive Loop: Change Preventing Future Incidents/Problems. Changes aren’t just reactive. Proactive changes (like upgrading an aging server infrastructure or implementing new security measures) are designed specifically to *prevent* future incidents and problems from ever occurring.

In essence: Incidents are the symptoms. Problems are the diseases causing those symptoms. Changes are the surgical procedures, medications, or lifestyle adjustments made to cure the disease and prevent its recurrence.

Interview Relevance: The Interrelationship

This is a make-or-break question for ITSM roles. Don’t just list definitions; describe the flow and the value chain. Emphasize how each process feeds into and supports the others, contributing to overall service improvement and business value. A good answer will demonstrate a holistic understanding of IT operations.

Can We Create a Problem Record Directly from an Incident?

Absolutely, yes! This is a very common and highly recommended practice in mature ITSM environments.

As we discussed, if an incident is recurring, complex, or part of a larger pattern, it signals the need for deeper investigation beyond a quick fix. In many ITSM platforms (like ServiceNow), you can often find a “Create Problem” or “Link to Problem” button directly on an incident record. When you do this, key information from the incident (like its description, affected service, etc.) is often copied over to the new problem record, establishing a clear link.

When should you do this?

  • When the same incident keeps popping up.
  • When an incident is a Major Incident and its root cause isn’t immediately obvious.
  • When an incident appears to be symptomatic of a deeper, systemic issue.
  • When a quick workaround has been applied for an incident, but a permanent fix is still needed.

Creating a problem record from an incident ensures that the underlying issue gets the dedicated focus it deserves, leading to a permanent resolution rather than just band-aid fixes.

Interview Relevance: Incident to Problem

This shows your commitment to preventing recurrence and your understanding of the Problem Management process. It highlights a proactive mindset. Be ready to explain the triggers for escalating an incident to a problem.

Can We Create a Change Request from an Incident?

Yes, this is also possible, though often less direct than creating a problem from an incident.

There are a few scenarios where this makes sense:

  1. Immediate Controlled Fix: Sometimes, the immediate resolution of an incident *is* a change. For instance, a critical service has crashed due to a specific configuration error, and the fix involves applying a new configuration file. While this is reactive, applying a new config file should ideally go through a lightweight change process to ensure it’s documented and approved, even if expedited as an “Emergency Change.”
  2. Direct Software/Hardware Alteration: During incident resolution, a support engineer might realize that a simple software patch or a minor hardware adjustment is needed to resolve the incident, and this fix doesn’t warrant a full Problem Management cycle (perhaps the root cause is very obvious). In such cases, they might initiate a Change Request directly from the incident to properly manage and document the implementation of that patch or adjustment.
  3. Temporary Workaround Requiring a Change: An incident might be temporarily mitigated by a workaround that itself involves a change (e.g., rerouting traffic to a secondary server while the primary is down). This rerouting is a change that needs to be managed.

The key here is that if the *fix itself* requires an alteration to the IT infrastructure or services, it should ideally be managed through Change Management, regardless of whether it stemmed directly from an incident or a problem.

Important Distinction:

While you *can* create a change from an incident, in many mature organizations, if an incident implies a significant, non-obvious underlying issue, it will first be escalated to a Problem record. The Problem record then drives the root cause analysis, which then leads to a Change Request for the permanent fix. This “Incident -> Problem -> Change” flow is often preferred for systemic issues.

Interview Relevance: Incident to Change

This question probes your understanding of when a reactive fix necessitates a controlled process. It shows you think about risk mitigation and documentation, even in urgent situations. Be ready to explain scenarios where this direct path is appropriate versus when a Problem record should be involved.

Behind the Scenes: Scripting for Efficiency in ITSM

In modern ITSM platforms, automation is king. Manual processes are slow, error-prone, and don’t scale. Scripting allows us to automate routine tasks, integrate processes, and enforce best practices. Let’s look at some examples, likely from a platform like ServiceNow which uses JavaScript-based scripting with objects like GlideRecord.

How to Create a Change Request Using a Script (e.g., GlideRecord)?

Imagine a scenario where a specific type of incident (e.g., a security alert about an outdated antivirus definition) always requires a standard change to update the antivirus. Instead of someone manually creating a change request every time, you can automate it!

Here’s how you might script the creation of a new Change Request:

var gr = new GlideRecord('change_request');
gr.initialize();
gr.category = 'inquiry'; // Or a more appropriate category like 'software'
gr.subcategory = 'antivirus'; // Specific subcategory
gr.cmdb_ci = 'affd3c8437201000deeabfc8bcbe5dc3'; // Sys_ID of the affected Configuration Item (CI)
gr.short_description = 'Automated change for antivirus update';
gr.description = 'This change request was automatically generated to update antivirus definitions following a security alert.';
gr.assignment_group = 'a715cd759f2002002920bde8132e7018'; // Sys_ID of the assignment group
gr.insert();

Let’s break down what’s happening here:

  • var gr = new GlideRecord('change_request');: This line creates a new instance of the GlideRecord object, specifically targeting the ‘change_request’ table in the database. Think of GlideRecord as your programmatic interface to interact with database records in the ITSM platform.
  • gr.initialize();: This initializes a new, empty record on the ‘change_request’ table, preparing it for data entry.
  • gr.category = 'inquiry';, gr.subcategory = 'antivirus';: These lines set the category and subcategory fields of the new change request. These are usually dropdown choices in the UI, represented by string values.
  • gr.cmdb_ci = 'affd3c8437201000deeabfc8bcbe5dc3';: This is critical! It links the change request to a specific Configuration Item (CI) in the Configuration Management Database (CMDB). A CI could be a server, an application, a network device – essentially any component that needs to be managed to deliver an IT service. The value ‘affd3c8437201000deeabfc8bcbe5dc3’ is a sys_id, a unique identifier for that specific CI.
  • gr.short_description = 'Automated change for antivirus update'; and gr.description = 'This change request...';: These set the summary and detailed description of the change, making it understandable to humans.
  • gr.assignment_group = 'a715cd759f2002002920bde8132e7018';: This assigns the change request to a specific team or group, again using its unique sys_id.
  • gr.insert();: This is the magic line! It takes all the values we’ve set for the ‘gr’ object and commits them to the database, creating the new change request record.

Troubleshooting Scripting Tips:

  • Invalid sys_id: If your cmdb_ci or assignment_group sys_ids are incorrect, the record might still get created, but the fields will be empty or reference non-existent records, causing process failures. Always verify sys_ids.
  • Permissions: The user context running the script must have the necessary permissions to create and write to the ‘change_request’ table and its fields.
  • Field Names: Double-check field names (e.g., `gr.category` vs. `gr.u_category`). Case sensitivity matters.
  • Debugging: Use logging statements (e.g., `gs.log()` in ServiceNow) to print variable values and track script execution flow. Check system logs for errors.

Interview Relevance: Scripting Change Requests

Demonstrating scripting ability, especially with GlideRecord (or similar platform-specific APIs), showcases your technical prowess and understanding of automation. Explain *why* you’d automate this (efficiency, consistency, reducing manual errors) and what the key components of the script do.

When a Problem is Closed, Do Associated Incidents Also Get Closed?

Ideally, yes! And it’s a fundamental best practice in ITSM.

Think about it: if a problem represents the root cause, and that problem has been thoroughly investigated, fixed, and closed, it means the underlying issue that caused all those related incidents has been resolved. Therefore, all the incidents stemming from that specific problem should logically also be resolved and closed.

This automatic closure or resolution of associated incidents serves several purposes:

  • Data Integrity: Ensures that your incident backlog accurately reflects truly open issues.
  • Process Efficiency: Prevents support staff from manually closing potentially dozens or hundreds of related incidents.
  • User Satisfaction: Confirms to affected users that the root cause of their interruption has been addressed.
  • Reporting Accuracy: Provides a clearer picture of resolved issues and the effectiveness of Problem Management.

Here’s how you might script this behavior, typically as a “Business Rule” or “Workflow” that triggers when a Problem record’s state changes:

if (current.state == 7) { // Assuming '7' is the numerical value for the 'Closed' state
         
    // GlideRecord to find incidents associated with the problem
    var grIncident = new GlideRecord('incident');
    grIncident.addQuery('problem_id', current.sys_id); // Find incidents linked to THIS problem
    grIncident.addQuery('state', '!=', 7); // Only update incidents that are NOT already closed
    grIncident.query(); // Execute the query
         
    while (grIncident.next()) { // Loop through each found incident
        grIncident.state = 7; // Set the incident's state to Closed
        grIncident.update(); // Update the incident record in the database
    }
}

Let’s dissect this important script:

  • if (current.state == 7) { ... }: This is the trigger. The script only executes if the problem record (represented by the current object) is being set to a state with a value of ‘7’ (which, in many systems, means ‘Closed’).
  • var grIncident = new GlideRecord('incident');: A new GlideRecord object is created, this time targeting the ‘incident’ table.
  • grIncident.addQuery('problem_id', current.sys_id);: This is the core of the association. It tells the query to find all incident records where their ‘problem_id’ field matches the unique ID (sys_id) of the problem record that is currently being closed.
  • grIncident.addQuery('state', '!=', 7);: A smart addition! This ensures that only incidents that are *not already closed* are considered for closure. No need to update records that are already in the target state.
  • grIncident.query();: Executes the defined query, fetching all matching incident records.
  • while (grIncident.next()) { ... }: This loop iterates through each incident record found by the query.
  • grIncident.state = 7;: Inside the loop, for each associated incident, its ‘state’ field is updated to ‘7’ (Closed).
  • grIncident.update();: Saves the changes to the current incident record in the loop.

Troubleshooting Scripting Tips:

  • Incorrect State Value: The numerical value ‘7’ for ‘Closed’ might differ in your specific environment (e.g., ‘3’ for Resolved, ‘6’ for Closed). Verify the correct state values.
  • Mass Updates: If a problem is linked to a very large number of incidents (e.g., thousands), ensure the script runs efficiently and doesn’t cause performance issues. Consider asynchronous processing for very large sets.
  • Edge Cases: What if an incident linked to a problem was already resolved for a different reason, or needs to remain open for follow-up? Your process might need to account for these exceptions, perhaps by updating a different state (e.g., ‘Resolved’ instead of ‘Closed’) or adding more conditions.

Interview Relevance: Problem Closure and Incidents

This question reveals your understanding of process automation, data hygiene, and the full lifecycle of a problem. Explaining the script demonstrates your ability to translate process requirements into technical solutions. Emphasize the benefits of this automation (efficiency, accuracy).

Final Thoughts and Your Next Steps

Phew! We’ve covered a lot of ground, delving into the nuances of Incident, Problem, and Change Management. If you’ve absorbed these concepts, you’re not just understanding IT jargon; you’re grasping the very heartbeat of effective IT service delivery.

These three pillars, when implemented correctly and working in harmony, empower IT teams to:

  • Respond quickly to disruptions (Incidents).
  • Identify and eliminate underlying causes (Problems).
  • Introduce necessary alterations to the IT environment safely and efficiently (Changes).

Whether you’re looking to ace your next technical interview, optimize your organization’s ITSM processes, or simply understand the “why” behind what you do every day, mastering Incident, Problem, and Change Management is non-negotiable. It’s about moving from a reactive “break-fix” mentality to a proactive, strategic approach that continuously improves service quality and drives business value.

Keep learning, keep questioning, and keep striving for excellence in ITSM. The more you understand these interconnected processes, the more valuable you become to any IT organization.


Scroll to Top