Implement change control - Benefit is company has a trail of changes that has been effected on its configuration and also will minimize any bad ramifications on its infrastructure.

Security is a function of configuration. Configuration in simplistic terms is a snapshot of arrangement of various things in an infrastructure. In a collection of servers, if one of the servers is upgraded: the upgrade task, however simple it may be, could have far reaching ramifications - good and bad. The objective of change control mechanism is to minimize any bad ramifications. Change control mechanism not only keeps track of changes to the existing configuration, but also will enable a company to roll back the changes if there are any issues. 

Change control mechanism should keep track of: date/time of change, duration of change, description of change,  business owner of  change, resources needed to implement change, systems/application affected, roll back procedure, list of approvers for change, security ramifications,  and last but not the least. justification for change. There could be other things that change control mechanism can keep track of depending on company's needs.

Change control mechanism can be simplistically implemented as a web based application. It is a good idea to follow up the change control by a postmortem report. Any change that  bypasses the change control mechanism should be discouraged and dealt with appropriately.

Thought #7:  Which division head is a mandatory approver for the change contorl?