This documentation supports the 25.1 version of BMC Helix Change Management.To view an earlier version, select the version from the Product version menu.

Assessing the risk for a change request

If Change risk management is enabled, you can view the overall risk factors associated with a change request in the IS-based calendar. Use this AI-suggested information to assess the risk of a change request and make a well-informed decision to approve, hold, or reject a change request without manually evaluating the risks. 

Related topic

Configuring-risk-assessment

Viewing-data-by-using-the-Calendar

Situations overview

Recommendation

No matter how well-planned or tested a change might be, you must consider the possibility that your change can create disruptions elsewhere in the IT infrastructure. Do not approve any change request that does not explicitly plan for the possibility of failure. For more information, see Rolling-back-a-change-request.

Scenario

Carol, a change manager in Apex Inc organization wants to calculate the risks involved in the change request Install Tomcat Server before implementing it.
In the Cognitive risk assessment panel, she views the machine learning(ML)-based operational metrics, and the key parameters that may get impacted after the change is implemented. The ML-based prediction helps her understand the risks associated with the change request Install Tomcat Server.
In the Risk information service history panel, she views the Service CI information attached to the change request and incident trend graph of the last 12 months. The Service-related details help her understand the efforts required in the overall service associated with the change request Install Tomcat Server.
Based on her analysis from the two panels, she understands that similar installations were completed in the past with no issues. Hence, the change request Install Tomcat Server is a fairly simple change with minimal risk, and therefore she approves it. 

The following video provides a high-level overview of the AI-based risk assessment of change request feature.

icon-play.pngWatch the Youtube video of the AI-based risk assessment feature.


The following video explains the configuration of the AI-based change risk assessment feature.

icon-play.pngWatch the Youtube video of how to configure AI-based change risk assessment feature.


Before you begin

Your tenant admin must enable and configure the Change risk assessment feature before you view the AI-based change risk assessment details.

  1. Enable Change risk assessment and Configure the Cognitive risk assessment panel
  2. Configure the Risk assessment from service history panel


To enable the Change risk assessment feature and configure the Cognitive risk assessment panel

You must enable the Change risk assessment feature and configure the Cognitive risk assessment panel in Innovation Studio.

  1. In BMC Helix ITSM, select More > Configuration > Innovation Studio Configuration.
    The ITSM Application page is displayed.
  2. Click Change Risk Configurations, and then click Enable change risk assessment.
    The Enable change risk assessment page is displayed.
    image-2024-9-24_12-37-12.png
  3. Configure the past number of days of change requests on which the AI model should be trained.
    You can select any value between 1 day and 90 days.
  4. Enable the Activate change risk assessment and train the AI model switch.
  5. Click Save.

Tip

After you save your configuration, the AI model begins training on the change request details that may last up to 24 hours based on the specified duration. You cannot make further changes in this page until the training is complete. Therefore, we recommend you to wait for at least 24 hours before viewing the Cognitive risk assessment panel or making any other changes on this page.


To configure the Risk assessment from service history panel

You must configure the Risk assessment from the service history panel in Innovation Studio. 

  1. In BMC Helix ITSM, select More > Configuration > Innovation Studio Configuration.
    The ITSM Application page is displayed.
  2. Click Change Risk Configurations, and then click General.
    The General page is displayed.
    image-2024-9-24_12-38-11.png
  3. Configure the default number of days of historical service details to be displayed in the Risk assessment from service history panel.
    You can select a value between 5 and 60 days.
  4. Click Save.


Viewing the Cognitive risk assessment panel

The Cognitive risk assessment panel displays machine learning-based operational metrics, such as service health, current open situations, situations closed in the past, and the key risk parameters which may get impacted after the change is implemented. Some examples of key risk parameters are Response Times, Availability, Memory Issues, and Situations.

BMC Helix AIOps correlates events collected from multiple sources into situations. These sources could be infrastructure, applications, network resources, and monitoring solutions from different vendors. To know more, see Situations overview.

Important

  • Key risk parameters displayed in the panel may change depending on the type of the change request. 
  • To view the details in the Cognitive risk assessment panel, your organization must have subscribed to BMC Helix AIOps.


To view the criticality in percentage, hover on the status pill. Click the past situations count to view more details about the similar changes that were impacted in the past.

image-2024-4-17_16-28-59.png

image-2024-4-18_15-14-55.png

Limitation for adding health indicators

You can configure only 20 metrics for a service in BMC Helix AIOps. If you configure more than 20 metrics for a service, the panel does not show any data from Customer Relationship Management (CRM). For more information about adding health indicators for a service, see Adding health indicators.

Viewing the Risk assessment from service history panel

The Risk assessment from service history panel displays the history of service management efforts taken for a similar change request. The panel displays the overall count of completed change requests, open incidents, work orders and planned outages in the past 7 days. It also displays the incident volume graph of up to last 12 months for trend analysis. The incident volume in the graph appears in the ascending order of months.

To view the list of all tickets in tabular format, click the count of completed changes, work order, incident or outages.

image-2024-4-17_15-25-18.png


image-2024-4-18_15-16-43.png

Click the ticket link for a detailed view in BMC Helix ITSM.

Instructions for classic interfaces

Instructions for Mid-tier

Risk assessment helps you achieve greater productivity by combining qualitative and quantitative criteria for assessing the risk level associated with a change. You can raise the accuracy of the changes by assessing risks with a consistent and standard process. The end output is a Change Risk Report, which can provide a key decision in change planning. For more information, see Computing-risk-levels.


Recommendation

No matter how well-planned or tested a change might be, you must consider the possibility that your change can create disruptions elsewhere in the IT infrastructure. Do not approve any change request that does not explicitly plan for the possibility of failure. For more information, see Rolling-back-a-change-request.

When approvers review a proposed change request, they want to see an analysis of potential risks and the impact of the change request.

Assessing the risk of a change request

During the planning phase, assess the risk of your change request. Risks can include the number of people affected, financial concerns, loss of productivity due to system or network downtime, and resource allocation. Risk also includes seasonal considerations, such as vacations, holidays, and weather. Impact analysis needs to be based on how many people are affected by the proposed change, and where those people are located. Here you can select the anticipated risk that this proposed change has from 5 (highest risk) to 1 (lowest risk).
For more details about impact analysis, see Disabling collision management and impact analysis.

Computing the risk of a change request

You can also compute the risk of a change request. Risk factors can include a set of questions used to calculate the risk value. During configuration, your application administrator defines a set of questions that apply to a specific company, or to the operational categorization of a change request, or globally to all change requests, and a weight for each question. For example, your application administrator can define a set of questions that apply only to change requests regarding decommissioning virtual machines, if those change requests are identified by operational categorization.

The support staff assigned to each change request provides the risk value and probability for each question, based on their specific request. The system calculates the total risk and saves the value in the Risk Level field of the Change form.

Finally, you can view a report of the total impact of your risk changes.

The Change form includes the following fields for risk management:

  • Risk Level—Enter the anticipated risk that this proposed change has from 5 (highest risk) to 1 (lowest risk). For example, if the support team needs to install a critical security update on all the machines in the sales department during peak working hours, the risk level can be 4 or 5. If the critical security update can be installed during offline working hours, the risk level can come down to 2.
  • Impact—Determine the impact of this change based on the number of affected users.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*