Hacker News new | ask | show | jobs
by arethuza 2198 days ago
A long time ago, I once had a deployment rejected by a change management team because I used the wrong form - the right form was identical to the form I had used apart from the title. They insisted I resubmit the whole thing and wait until the next time they reviewed changes.....

I think I almost cried - after that I simply ignored them and deployed stuff when I wanted... :-)
3 comments
politician 2198 days ago
Arguably, this is the intended outcome. The form exists so that the change management team can supply evidence of process compliance to its auditors, but when the scope of the change management processes is driven arbitrarily it can be ridiculously hard to quantify risk of change which slows decision making.

However, if a rogue engineer might decide to flout the policy and deploy stuff whenever they wanted, then the business stands to profit from the gains more quickly and with less hassle. If the risk doesn't pay off, the responsible engineer can be fired for cause, itself demonstrating that the business is in control.

You may not want to take on uncompensated personal risk by operating outside these lazily-defined change management policies.

link
arethuza 2198 days ago
It was about 10 years ago and a former employer that I left 5 years ago.
link
protomyth 2198 days ago
I think I almost cried - after that I simply ignored them and deployed stuff when I wanted... :-)

Yeah, great. I'm sure nothing ever happened and if an outside audit showed up, the organization would have failed. Never mind if something bad happened, its not only you getting axed.

link
arethuza 2198 days ago
The systems that needed that level of auditing were carefully controlled and I wasn't daft enough to modify those without CAB approval (in fact, I couldn't modify them).

One of the problems I have with these kind of processes is that it often applies the same level of process to all systems when some systems really don't need that level of control.

link
rwj 2198 days ago
This is a really tricky thing to get right. If you put too many controls in place, people route around and you lose control. If you place too few in place, you lose control. If you try to make the rules flexible, people don't understand the rules, and you lose control.
link
olau 2198 days ago
Maybe it would work better if you educate people instead of insisting on controlling them?
link
protomyth 2198 days ago
Maybe, but one thing I've found is the normal developer often doesn't have visibility into the financial or legal side of the company that often mandate things. Liability is often a problem and they don't often come for the developer when problems arise.
link
igravious 2198 days ago
> I think I almost cried

The difference between capitalism (as a whole) and communism (as a whole) is that one of them has one less layer of bureaucracy.

link