Sample Role-Play Change Advisory Board (CAB) Meeting with Best Practices

Properly managing changes to IT infrastructure is not just a necessity but a strategic imperative. A Change Advisory Board (CAB) plays a central role in this process. Their work in meeting together aims to thoroughly examine and proactively prepare these change plans.

Change Advisory Board (CAB) Meeting

Photo Attribution: Daly Design/

This article looks at the function and structure of a CAB meeting, using a real-life scenario to illustrate participant roles and CAB-meeting best practices.

What Is a Change Advisory Board (CAB)

A Change Advisory Board (CAB) is a group of people that are part of change management, usually within IT, tasked with assessing, approving, and making sure technology infrastructure changes are implemented in a controlled manner. They act as a governance body that works to mitigate change risks, which helps provide better stability and performance in the organization.

The CAB will review proposed changes and make decisions based on risk and reward results. It also analyzes technical aspects and business impacts of each proposed change. These then help prevent disruptions to business operations or a degrading of service quality.

The CAB typically includes the types of people from the following IT departments so changes can be reviewed more comprehensively:

  • Operations
  • Security
  • Application development
  • Network management
  • Other business units impacted by IT changes

Sometimes external consultants who have expert knowledge and a fresh perspective might be brought in as well.

Sample Role-Play of a CAB Meeting

The following is a CAB-meeting scenario presented so as to describe the roles, show the functions of the various players there, and provide examples of common types of issues discussed.

The Setting

The meeting is set in a large conference room equipped with a large table, chairs, a projector for presentations, and a conference call setup for remote participants. The walls are lined with charts and screens displaying the organization's IT infrastructure and current change requests status.

The Players

  • Chairperson: Senior IT manager, responsible for overseeing the meeting.
  • Change Manager: Facilitates the change management process, ensuring all changes are logged and reviewed.
  • IT Operations Head: Oversees the operational stability and performance of IT services.
  • Security Officer: Focuses on the security implications of changes.
  • Application Manager: Responsible for application development and maintenance.
  • Network Manager: Oversees the organization's network infrastructure.
  • External Consultant: Specialist in ITIL and change management best practices.
  • Various Stakeholders: Representatives from departments impacted by IT changes (e.g., Finance, HR).

The Opening

  • Chairperson: Opens the meeting, reviews the agenda, and states the purpose--to assess and decide on proposed changes to the IT infrastructure.
  • Change Manager: Informs everyone that he/she is taking notes of the meeting.

Review of Previous Changes

  • Change Manager: Presents a report on the status of previously approved changes, including any post-implementation issues or successes.
  • IT Operations Head: Shares feedback on the operational impact of recent changes.

New Change Proposals

  • Change Proposal 1: Upgrade of the Email System

    • Application Manager: Presents the proposal, including benefits, risks, and mitigation strategies.
    • Security Officer: Raises concerns about potential security vulnerabilities and suggests additional security measures.
    • Discussion: Board members debate the proposal, focusing on potential impacts on users and the overall IT environment.
    • Vote: The board votes to approve the change, contingent on the implementation of the suggested security measures.
  • Change Proposal 2: Implementation of a New VPN Solution

    • Network Manager: Introduces the proposal, explaining the need for improved remote access capabilities.
    • IT Operations Head: Questions the scalability of the solution and its integration with existing infrastructure.
    • External Consultant: Offers insights into alternative solutions and best practices.
    • Discussion and Vote: After a thorough discussion, the board decides to postpone the decision, requesting more information on alternative options.

Emergency Change Request

  • Urgent Security Patch: An emergency change request is presented due to a newly discovered vulnerability.
  • Security Officer: Stresses the importance of immediate action to prevent potential breaches.
  • Chairperson: Calls for an expedited review process.
  • Vote: The board unanimously agrees to approve the emergency change, emphasizing the need for a rapid response.


  • Chairperson: Summarizes the decisions made, outlines next steps for each approved change, and schedules the next meeting.
  • Change Manager: Reminds participants to update the change log and prepare implementation plans for approved changes.
  • Chairperson: Emphasizes the importance of communication and documentation throughout the change process.

The meeting concludes with participants understanding their responsibilities regarding the upcoming changes.

CAB Meeting Best Practices

The above meeting scenario demonstrates several best practices that should be incorporated in CAB meetings:

  • Prepare a Structured Agenda

    Always start with a clear, structured CAB meeting agenda. This should include a review of outstanding and completed changes, discussion of new proposals, any emergency changes, and a summary of next steps. Having a fixed agenda keeps all necessary topics covered and the meeting focused.

  • Include the Right Stakeholders

    Make sure all relevant stakeholders are represented in the meeting. This includes members from IT operations, security, application management, and any other departments impacted by the proposed changes. Their diverse perspectives help in making well-rounded decisions.

  • Document Everything

    Maintain thorough documentation of each meeting. This should include details of all discussions, decisions made, justifications for each decision, and assigned actions. This documentation is necessary for accountability and for future reference.

  • Review Previous Changes

    Allocate time to review the status of changes approved in previous meetings. This review should look at the success of the implementation, any issues encountered, and lessons learned, thereby refining future change processes.

  • Clearly Present Proposals

    Ensure that each change proposal is presented clearly and comprehensively. Presentations should include the scope of the change, the impact assessment, risk analysis, resources required, and a rollback plan in case of failure.

  • Conduct a Thorough Risk Assessment

    Discuss the potential risks associated with each proposed change. This should include an examination of impacts on security, compliance, performance, and other critical areas. The risk assessment helps in making informed decisions and in planning mitigations.

  • Encourage Open Discussion

    Facilitate open discussions to allow board members to express concerns, ask questions, and suggest improvements. This collaborative approach not only enhances the quality of the decision-making process but also brings transparency.

  • Implement a Voting Process

    Use a formal voting process to decide on proposed changes. This makes sure that all voices are heard. The criteria for approval should be clear and agreed upon by all members.

  • Plan for Emergency Changes

    Establish a protocol for reviewing and approving emergency changes that need immediate attention. This causes urgent issues to be handled promptly without bypassing necessary checks.

Other CAB Best Practices

  • Regularly Review CAB Processes

    Periodically review and refine the CAB processes themselves. This includes assessing the effectiveness of the meetings, the decision-making process, and the implementation of approved changes. Continuous improvement helps adapt to new challenges and changes in organizational strategy.

  • Use Technology Effectively

    Utilize change management and collaboration tools to streamline scheduling, documentation, and follow-up tasks. Effective use of technology can enhance communication and efficiency, especially in hybrid or remote settings.

For more on the Change Advisory Board and other ITSM practices and principles, visit our complete ITIL® Resource Center.

Key Takeaway: Well-Planned CAB Meetings Bring Well-Planned Changes

Effective Change Advisory Board (CAB) meetings are essential for the successful management of IT changes in bringing controlled and systematic change processes. CAB meeting best practices can help organizations mitigate risks associated with changes and benefit overall operational success.

In the end, successful IT changes benefit the company overall, keeping systems online and revenue flowing.

Streamline Your ITSM Organization with Giva Software

Giva offers a best-in-class IT Change Management software application that is standalone or integrated with our Service Management software offering.

Giva software allows you to:

  • Define processes to speed up approvals and manage the documentation needed to support high velocity releases
  • Provide visibility into code and configuration changes throughout the organization by creating a central system of record of all IT changes
  • Get up and running fast with Giva's out-of-the-box services that can be easily configured to meet organizational and regulatory compliance requirements
  • Have more peer reviews and collaboration around releases with our dashboard, notifications and alerts, which keep everyone informed

Let Giva be your ITSM and Change Management best-practices partner! Schedule a demo today, or start a free 30-day trial.