Change Request Template
Template​
# Change Request: [Title]
## Document Control
- **Request ID:** [CR-YYYY-NNN]
- **Date Submitted:** [YYYY-MM-DD]
- **Project:** [Project Name]
- **Requester:** [Name]
- **Status:** [Draft/In Review/Approved/Rejected]
- **Priority:** [High/Medium/Low]
## Change Description
### Current State
[Describe the current situation or implementation]
### Proposed Change
[Describe the proposed changes in detail]
### Justification
[Explain why this change is necessary]
## Impact Analysis
### Scope Impact
- **Features Affected:**
- [Feature 1]
- [Feature 2]
- **Documentation Changes:**
- [Doc 1]
- [Doc 2]
- **Test Cases Affected:**
- [Test 1]
- [Test 2]
### Schedule Impact
- **Original Timeline:** [Date]
- **New Timeline:** [Date]
- **Delay:** [Duration]
### Resource Impact
- **Additional Resources Required:**
- [Resource 1]
- [Resource 2]
- **Cost Estimate:** [Amount]
### Risk Assessment
| Risk | Impact | Likelihood | Mitigation |
|------|---------|------------|------------|
| [Risk 1] | High/Med/Low | High/Med/Low | [Strategy] |
| [Risk 2] | High/Med/Low | High/Med/Low | [Strategy] |
## Implementation Plan
### Technical Approach
[Describe the technical implementation approach]
### Testing Strategy
[Describe how the changes will be tested]
### Rollback Plan
[Describe how to revert the changes if needed]
## Stakeholder Impact
### Teams Affected
- [Team 1]
- Impact: [Description]
- [Team 2]
- Impact: [Description]
### Communication Plan
| Stakeholder | Message | Channel | Timing |
|-------------|---------|---------|---------|
| [Group 1] | [Message] | [Channel] | [When] |
| [Group 2] | [Message] | [Channel] | [When] |
## Approvals Required
- [ ] Product Owner
- [ ] Technical Lead
- [ ] Security Team
- [ ] Operations Team
- [ ] Change Advisory Board
## Additional Information
### References
- [Link to relevant documents]
- [Link to related issues]
### Notes
[Any additional notes or comments]
Usage Guide​
When to Use​
- Proposing significant changes
- Modifying project scope
- Updating requirements
- Requesting timeline changes
Best Practices​
-
Change Description
- Be specific
- Include context
- Explain benefits
- Show justification
-
Impact Analysis
- Cover all aspects
- Be thorough
- Include metrics
- Consider dependencies
-
Implementation
- Detail approach
- Include testing
- Have rollback plan
- Set milestones
-
Communication
- Identify stakeholders
- Plan messaging
- Set timing
- Choose channels
Example​
# Change Request: Add Multi-Factor Authentication
## Document Control
- **Request ID:** CR-2024-001
- **Date Submitted:** 2024-02-04
- **Project:** User Authentication Service
- **Requester:** Jane Smith
- **Status:** In Review
- **Priority:** High
## Change Description
### Current State
The system currently uses single-factor authentication (username/password only). This does not meet our updated security requirements for handling sensitive user data.
### Proposed Change
Implement Multi-Factor Authentication (MFA) using Time-based One-Time Passwords (TOTP) as a second factor. Users will be required to set up MFA during their next login.
### Justification
- Enhanced security requirements from compliance team
- Recent security audit recommendations
- Customer requests for additional security options
- Industry standard for sensitive data protection
## Impact Analysis
### Scope Impact
- **Features Affected:**
- Login flow
- User settings
- Password reset process
- **Documentation Changes:**
- User guide
- API documentation
- Security documentation
- **Test Cases Affected:**
- Authentication test suite
- User flow tests
- API integration tests
### Schedule Impact
- **Original Timeline:** March 1, 2024
- **New Timeline:** April 1, 2024
- **Delay:** 4 weeks
### Resource Impact
- **Additional Resources Required:**
- 1 Senior Developer (4 weeks)
- 1 QA Engineer (2 weeks)
- Security Team Review (1 week)
- **Cost Estimate:** $25,000
### Risk Assessment
| Risk | Impact | Likelihood | Mitigation |
|------|---------|------------|------------|
| User resistance | High | Medium | Clear communication, gradual rollout |
| Integration issues | Medium | Low | Thorough testing, phased deployment |
## Implementation Plan
### Technical Approach
1. Integrate TOTP library
2. Update user model
3. Create MFA setup flow
4. Update login process
5. Add backup codes
6. Update API endpoints
### Testing Strategy
1. Unit tests for TOTP implementation
2. Integration tests for MFA flow
3. E2E tests for user journey
4. Security penetration testing
5. Load testing with MFA enabled
### Rollback Plan
1. Keep old authentication code
2. Create feature flag for MFA
3. Maintain database backup
4. Document rollback procedure
## Stakeholder Impact
### Teams Affected
- Development Team
- Impact: New feature implementation
- QA Team
- Impact: Additional test scenarios
- Support Team
- Impact: New procedures to handle MFA issues
### Communication Plan
| Stakeholder | Message | Channel | Timing |
|-------------|---------|---------|---------|
| Users | MFA announcement | Email, Blog | 2 weeks before |
| Support | Training session | Workshop | 1 week before |
| Developers | Technical review | Meeting | Implementation start |
## Approvals Required
- [x] Product Owner
- [ ] Technical Lead
- [ ] Security Team
- [ ] Operations Team
- [ ] Change Advisory Board
## Additional Information
### References
- Security Audit Report #SA-2024-01
- MFA Implementation RFC #RFC-2024-03
- Industry Compliance Guidelines v2.1
### Notes
- Consider phased rollout starting with admin users
- Plan for additional support resources during initial rollout
- Document exceptions process for users unable to use MFA