Change Approval Policies are a new feature of the Change Management application in the Madrid release. They allow approvals to be tailored for your change management processes through configuration. Previously, workflows and business rules would have been required as change approval requirements were identified or changed. Now you can achieve the same through policies which are based on a couple of simple record structures.

Change Approval Policies are based on a new platform capability called Decision Tables. Using Decision Tables, Change Approval policies allow an unlimited number of “Decisions” to be defined using a Condition Builder and when one or more Decision matches the variables being evaluated for a particular change request, Approvals are generated from a related “Approval Definition” record. Approval Definitions allow user or group approvals to easily be defined, including automated approval or rejection for the Normal and Emergency Change types.

New Record Structures

Change approval policies are based on a handful of relatively simple record structures. 

Change Approval Policies: A record which contains the inputs and related Decisions which dictate the policy. By default, there is a single approval policy for the Normal change type and Emergency change type. Customers new to ServiceNow in the Madrid release, will use these two policies to perform any required approval configuration.

Policy Inputs: Policy inputs define the variable sources or inputs a policy and its related Decisions will evaluate.

Decisions: Decisions contain the logic which evaluate policy inputs and trigger a related approval action when a decision matches the record being evaluated.

Approval Definition: Approval Definitions contain the approval action to take when the Decision it’s related to is matched (e.g. Generate Group Approval).

New Workflow Activity

Change Approval Policy: The Change Approval Policy Workflow activity references the policy to trigger and evaluate to determine the appropriate approval action. It replaces the Workflow Group Approval Activity used in prior releases.

How do they work?

A Change Approval Policy defines inputs and outputs. The Policy Input record creates reference to some form of information which provides the variable sources to evaluate within a Decision. By default, the Emergency Change Policy and Normal Change Policies refer to a change_request Policy Input. This Policy Input allows any field which exists in the change_request table or any field in a table referenced by the change_request table to be available for evaluation within a Decision. Think about that for a second: As a result of this single Policy Input you can evaluate information in the change request table, the CMDB, the User or Group tables, and more.

A Decision is an outcome of the policy, it applies when the conditions contained within it matches the Policy Input. How do you apply that logic? Using a simple condition builder.

The Decision record also references an Answer (Change Approval Definition), which specifies a related approval action. If it was up to my team, they may have a Decision which looks similar to this:

Change_request.state = Assess and Change_request.risk = low and Assigned_to = Jason Occhialini

They’d almost certainly have an associated answer which automatically rejected that change believing I’m inherently too high a risk.

Decisions allow authorized users to quickly define approval process using conditions. Requesting approvals according to the state of a Change Request no longer requires script or unique workflows or sub flows.

Do you want to reduce change authorization friction for the Normal or Emergency change types for your DevOps teams? Define a decision for them and associate an Approval Definition or Answer which automatically approves the change as their product owner.

Do you want to include additional approval stakeholders when the risk of the change activity is higher? Just add a new Decision to your policy that specifies that through its condition and related answer.

Change Approval Policies allow approval governance to be applied dynamically based on variable evaluation performed using simple record structures. From automated approval or rejection, to group and user approvals. Every action generates a standard platform approval record ensuring you maintain a full audit trail whether manual or through policy.

You can find out more about Change Approval Policies by visiting our documentation or by digging a little deeper in this post.