What is change-management?

A structured process to plan, review, approve, schedule, and rollback changes in production.

When is CAB required?

CAB approval is required for high-risk or high-visibility changes as defined by the change classifications in the skill.

How are rollback plans used?

Rollback plans document steps to revert the change and are included in the change request and PR templates to enable quick recovery if tests fail.

change-management

Scanned

npx machina-cli add skill BagelHole/DevOps-Security-Agent-Skills/change-management --openclaw

Files (1)

SKILL.md

1.5 KB

Change Management

Implement structured change management processes.

Change Process

change_workflow:
  1_request:
    - Change description
    - Risk assessment
    - Rollback plan
    - Testing evidence
    
  2_review:
    - Technical review
    - Security review
    - CAB approval (if high risk)
    
  3_schedule:
    - Change window
    - Communication
    - Resource allocation
    
  4_implement:
    - Execute change
    - Verify success
    - Update documentation
    
  5_review:
    - Post-implementation review
    - Lessons learned

Change Classification

Type	Risk	Approval	Example
Standard	Low	Pre-approved	Patching
Normal	Medium	Manager	Config change
Emergency	Variable	Expedited	Security fix

Pull Request Template

## Change Description

## Risk Level
- [ ] Low - Standard change
- [ ] Medium - Normal change
- [ ] High - CAB required

## Testing
- [ ] Unit tests pass
- [ ] Integration tests pass
- [ ] Staging deployment verified

## Rollback Plan

## Stakeholders Notified
- [ ] Operations
- [ ] Security
- [ ] Business owners

Best Practices

Clear change categories
Required approvals by risk
Rollback procedures documented
Post-change verification
Change freeze windows

Source

git clone https://github.com/BagelHole/DevOps-Security-Agent-Skills/blob/main/compliance/governance/change-management/SKILL.md

View on GitHub

Overview

This skill enables a formal change management process for production systems. It defines a five-step workflow (request, review, schedule, implement, post-review) and classifies changes as Standard, Normal, or Emergency to determine approvals, windows, and rollback needs.

How This Skill Works

It uses a YAML-based change_workflow with five stages: 1_request, 2_review, 3_schedule, 4_implement, 5_review. The process enforces CAB approval for high-risk changes, establishes change windows, and requires a rollback plan and testing evidence in the request and PR templates, followed by a post-implementation review.

When to Use It

Deploying a security patch to production during a scheduled window
Making a production configuration change with risk assessment and approvals
Performing routine low-risk changes (Standard) with pre-approved procedures
Handling an emergency fix that requires expedited CAB approval
Conducting planned maintenance with stakeholder communication and rollback readiness

Quick Start

Step 1: Prepare change_workflow with description, risk assessment, rollback plan, and testing evidence
Step 2: Submit for review and obtain CAB approval if high risk; set change window and notify stakeholders
Step 3: Implement the change, verify success, update documentation, and perform post-implementation review

Best Practices

Clear change categories
Required approvals by risk
Rollback procedures documented
Post-change verification
Change freeze windows

Example Use Cases

Patching a production server using a standard change with pre-approved rollback
Updating a config parameter with normal risk and CAB approval
Deploying a security patch during a CAB-approved change window
Executing an emergency security fix with expedited CAB approval
Documenting rollback and conducting post-change review after deployment

Frequently Asked Questions

Add this skill to your agents