Module · Compliance Enablers

ChangeManagement

A.8.32 Change Control Beyond the Ticket Queue

ISO 27001 control A.8.32 demands that changes to information processing facilities follow a controlled process — request, risk assessment, approval, implementation, and rollback. This module runs that process end to end: change requests with risk levels, CAB approval workflow, scheduling, and implementation tracking through to completion or back-out. It is operational ISMS machinery, not an evidence screenshot of someone else’s ticketing tool.

All Modules
Before → After

The problem we solve.

Why teams switch to Compliance Enablers for change management.

Industry challenges

  • Changes happen in tickets with no security review, no risk level, and no CAB trail
  • Auditors sample changes and find approvals that exist only as Slack messages
  • Emergency changes bypass process entirely and are never retrofitted with records
  • No single view of what is changing across in-scope systems this week

How we solve it

  • A controlled request-to-completion pipeline with CAB approval evidence on every change
  • Risk levels and types on each request bring security into the change conversation
  • Status tracking covers the full lifecycle including back-outs
  • Filterable change views give security and audit a live window into change activity
Capabilities

Built for depth,
out of the box.

Every capability is production-ready on day one. No add-ons, no extra subscriptions.

Flagship capability

Change Request Intake

Raise change requests with requester, type, risk level, and planned start — a consistent record for every change touching in-scope systems.

CAB Approval Workflow

Route changes through Change Advisory Board review with explicit approve and reject decisions, so approval evidence exists for every change, not just the big ones.

Risk-Assessed Changes

Every change carries a risk level, connecting change control to the wider risk picture instead of treating it as an IT-only formality.

Implementation & Back-Out Tracking

Track changes from requested through review, scheduling, and in-progress execution to completed — or backed out, with that outcome recorded rather than buried.

Change Calendar Visibility

See what is scheduled this week and filter by type and status, keeping change activity visible to security rather than siloed in operations.

The impact

Why it matters.

Demonstrable A.8.32 compliance — every change has a request, an approval, and an outcome
CAB decisions recorded once, retrievable forever — no reconstructing approvals from email
Risk levels on changes surface dangerous work before it ships
Backed-out changes are visible data, feeding lessons learned instead of disappearing
Unified data model

Part of a connected whole.

Change Management shares a unified data model with every other module. Zero silos, by design.

Workflow & Automation Engine
Risk Management
Explore all 52 modules
14-day free trial · no card required

See Change Management
in action.

Book a 30-minute demo and we'll walk you through change management tailored to your team, frameworks, and priorities.

Book a Demo