Managing change is one of the most difficult challenges that IT organisations face, and to effectively support and facilitate enterprise business goals, IT must also continually change.

Change must be controlled to mitigate the inherent risk to IT's compliance, service quality, and security posture. Indeed, national and local laws, as well as private contractual arrangements, demand that organisations deploy effective controls on their IT infrastructures. One form of control is developing change management processes. These processes are often based on best practices, and are supported by an array of system management techniques, tools, procedures, and policies that together help define the organisation's change management process. Having processes in place is not enough, however. Change management policies and controls must be systematically evaluated and enforced.