An impact assessment is a structured analysis that examines the potential consequences of a planned change for security, availability, and compliance. It is a central element of the change management process. You assess which assets are affected, what risks the change introduces or modifies, and what rollback strategy applies if problems occur. In your ISMS, the impact assessment ensures that changes to IT systems do not create uncontrolled new vulnerabilities. You document the results in the change request before approval is granted.