Change Management
What is Change Management?
Change ManagementStructured process to propose, review, approve, schedule, implement, and review changes to IT systems with controlled risk and clear traceability.
Change management ensures that modifications to production environments — code deploys, infrastructure changes, configuration updates, identity changes, network rule changes — are authorized, documented, and reversible. It defines change types (standard, normal, emergency), approval flows, change advisory boards, communication, and post-implementation reviews. From a security standpoint, it provides accountability, supports incident-response timelines, and prevents unreviewed changes that introduce vulnerabilities. Modern teams blend ITIL-style governance with CI/CD pipelines, infrastructure-as-code, and automated guardrails to keep agility without losing oversight.
● Examples
- 01
An emergency change ticket to roll back a firewall rule that broke critical traffic.
- 02
A standard change template auto-approving renewal of low-risk TLS certificates.
● Frequently asked questions
What is Change Management?
Structured process to propose, review, approve, schedule, implement, and review changes to IT systems with controlled risk and clear traceability. It belongs to the Defense & Operations category of cybersecurity.
What does Change Management mean?
Structured process to propose, review, approve, schedule, implement, and review changes to IT systems with controlled risk and clear traceability.
How do you defend against Change Management?
Defences for Change Management typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Change Management?
Common alternative names include: Change control.