You have a project where I have to address weaknesses in my company's security and then draft policies to address them.
One of the weaknesses is: No configuration change management policy (to reduce unintentional threats)
What exactly is a configuration change management policy, and how should you address this for my project?