The diagram below shows a Value Stream Map of a Change Control process together with the involved departments or officers. Later in this section the steps are explained.
Risk based steps
The process described in the VSM shows the maximum number of steps that are executed in the process Dependent of the type of change some of these steps may be skipped. Details about using Risk Assessment to determine the required steps are described in Risk based decisions during Change Control.
Risk based signatures
Risk Assessment should determine which signatures are required for each change. An example how to determine the required signatures is shown at Risk based decisions during Change Control.
In many cases signatures are in place for reasons as: "We used to do that" or "It is required by regulations"'. Never take these answers for granted. Take a look at the regulations or procedures to see if the signature is really required. Make a reference to the regulation found if the signature is required by that regulation. When a signature is not required and does not add value to a step, avoid the signature.
Unnecessary signatures introduce a lot of muri (overdoing). To get signatures takes a lot of time running around with documents and finding the proper persons. Electronic signatures help to reduce the running around activity but will still delay the process.
When modules are being changed, it is not allowed to use that module in production. To minimize the time that the module cannot be used a test environment or test system may be required. Secure version control is required to keep track of the module version and the versions of the test environment. The module that required a change can be modified and tested on the test environment while production is using the previous version of the module. When test of the changed module are completed, in a short time the new version is installed on the production system where the qualification is completed, where after production is continued.