A change request is a formal proposal to modify an IT system, configuration, or process. It documents what should be changed, why, what risks exist, and what the rollback plan looks like.
ISO 27001 Annex A control A.8.32 (Change Management) requires that changes are carried out in a controlled, traceable, and risk-assessed manner. The change request is the central document of this process. It typically passes through the phases: submission, risk assessment, approval (potentially by the CAB), implementation, testing, and closure. Standard changes (recurring, low risk) can be pre-approved; normal changes go through the full process; emergency changes are assessed retrospectively.