Take control of change across every dimension of your organisation with our comprehensive Configuration and Change Management Procedure — a professionally structured document template designed for organisations that need a rigorous, audit-ready framework for managing controlled changes to products, systems, processes, equipment, facilities, documentation, and organisational structures.

Change is one of the most significant sources of risk in any regulated or quality-driven organisation. Poorly managed changes can compromise product integrity, introduce safety hazards, trigger regulatory non-conformances, and disrupt business continuity — often in ways that are difficult and costly to unwind. This procedure gives your organisation the structured, systematic approach it needs to ensure that every change is properly categorised, prioritised, planned, evaluated, tested, documented, and approved before it is implemented, and that a clear audit trail exists to demonstrate that those controls were followed.

At its foundation, the procedure establishes a comprehensive framework for change governance that applies consistently across your entire operation. It defines how changes are initiated, how they are classified by type and risk level, and how appropriate levels of authorisation are determined and applied. Clear accountability and responsibility are established throughout the change lifecycle, ensuring that the right people are involved in planning, reviewing, approving, and implementing each change, and that no modification proceeds without the oversight its potential impact demands.

The scope of the procedure is deliberately broad, reflecting the reality that consequential changes can originate anywhere in an organisation. It covers information technology systems and infrastructure, manufacturing processes and equipment, facility layouts and building systems, supply chain and logistics processes, product designs and specifications, management systems, environmental health and safety procedures, and regulatory compliance protocols. This organisation-wide reach ensures that change management is not siloed within a single department or function, but applied consistently wherever controlled change can affect performance, safety, quality, or compliance.

The procedure applies to all individuals operating within your organisation's environment or using company resources — including employees at all levels, contractors, vendors, and third parties. Uncontrolled changes are explicitly prohibited except in genuine emergency situations, which must be retroactively documented and reviewed through the established emergency change pathway. This firm stance on change discipline, balanced with practical provisions for real-world urgency, reflects the kind of mature change management culture that regulators and certification bodies look for.

Impact assessment is central to the procedure's approach. Before any change is implemented, a comprehensive evaluation of its potential effects — on product quality, system integrity, safety, regulatory compliance, and business continuity — must be completed and documented. This front-loaded rigour minimises the likelihood of unintended consequences and gives decision-makers the information they need to authorise changes with confidence. Configuration item inventory management is also addressed, ensuring that your organisation maintains an accurate, current record of all assets and configurations subject to change control.

Traceability is built into every stage of the process, providing the documented evidence chain that auditors, regulators, and notified bodies require when reviewing how changes have been identified, assessed, approved, and implemented. Whether you are subject to ISO 13485, ISO 9001, ISO 27001, or other regulatory frameworks, this procedure provides the change management documentation infrastructure those standards demand.

The procedure also defines clearly what falls outside its formal requirements. Routine preventive maintenance that does not alter functionality, like-for-like replacements, operational adjustments within predefined and documented parameters, controlled test environment trials, and individual user preference settings are all identified as exempt categories — reducing unnecessary administrative burden while preserving the integrity of the change control process where it matters most. Where uncertainty exists about whether a change falls within scope, the procedure defaults to treating it as in-scope until the Change Advisory Board determines otherwise, closing a common gap that leaves organisations exposed during audits.

Fully customisable to your organisation's structure, systems, risk appetite, and regulatory environment, this template is suitable for organisations of all sizes operating across regulated industries including medical devices, pharmaceuticals, manufacturing, information technology, and professional services. Whether you are establishing a change management process for the first time, strengthening an existing one ahead of an audit or certification assessment, or standardising change control practices across a growing or complex organisation, this procedure provides the robust, comprehensive foundation your team needs.

Comes with a FREE training effectiveness evaluation assessment!