Policy on change and configuration management