Change management can mean a number of things to security managers. To some, change management constitutes the processes in place to enact changes in the IT environment, such as new firewall rules or router access control list entries and system upgrades. This process includes approvals, testing and scheduling. Too frequently, though, IT security teams equate the concept of change management with configuration control and management, which includes activities like file integrity monitoring and system scanning. Although they are distinct concepts, both are vitally important to security, and the ties between change management and configuration management are getting stronger.