This needs to show our processes around auditable change control and configuration change processes. The requirement is twofold:

 
1) Configuration Management: I don't have specific examples of a configuration management document (Alison and InfoSec might), but we don't expect anything terribly involved. Anything that covers your pipeline and talks about how changes to the product are tracked/committed should be fine.
 
2) We need to understand any special configurations that might affect the behaviour of installed packages.