Change Management is the structured process for requesting, reviewing, approving, implementing, and documenting changes to IT systems. Every modification—software updates, configuration changes, new deployments—follows defined procedures to minimize risk of outages, security vulnerabilities, and unintended consequences.
The process typically includes change requests with impact analysis, review by a Change Advisory Board (CAB), approval based on risk assessment, scheduled implementation with rollback plans, and post-implementation review. Emergency changes follow expedited procedures with retrospective documentation.
CISSP Relevance
Change management appears in Domain 7 (Security Operations) as essential for maintaining secure, stable environments. Understand change management processes, how they prevent unauthorized modifications, and the relationship to configuration management. Know that many security incidents result from poorly managed changes.
ITIL provides change management frameworks at AXELOS ITIL.
Related terms: Configuration Management, Patch Management