Skip to Main Content
In the Change Management process within IT Service Management, some activities need to evaluate the risk exposure associated with changes to be made to the infrastructure and services. The paper presents a method to evaluate risk exposure associated with a change. Further, we show how to use the risk exposure metric to automatically assign priorities to changes. The formal model developed for this purpose captures the business perspective by using financial metrics in the evaluation of risk. Thus the method is an example of Business-Driven IT Management. A case study, performed in conjunction with a large IT service provider, is reported and provides good results when compared to decisions made by human managers.