Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system.