What is Engineering Change Management (ECM)? A Complete Guide
The Essential Guide to Requirements Management and Traceability
Chapters
- 1. Requirements Management
- Overview
- 1 What is Requirements Management? A Complete Guide
- 2 Why do you need Requirements Management?
- 3 Four Stages of Requirements Management Processes
- 4 Adopting an Agile Approach to Requirements Management
- 5 Status Request Changes
- 6 Conquering the 5 Biggest Challenges of Requirements Management
- 7 Three Reasons You Need a Requirements Management Solution
- 8 Guide to Poor Requirements: Identify Causes, Repercussions, and How to Fix Them
- 2. Writing Requirements
- Overview
- 1 Functional requirements examples and templates
- 2 Identifying and Measuring Requirements Quality
- 3 How to Write a System Requirements Specification (SRS) Document
- 4 The Fundamentals of Business Requirements: Examples of Business Requirements and the Importance of Excellence
- 5 Adopting the EARS Notation to Improve Requirements Engineering
- 6 Jama Connect Advisor™
- 7 Frequently Asked Questions about the EARS Notation and Jama Connect Advisor™
- 8 How to Write an Effective Product Requirements Document (PRD)
- 9 Functional vs. Non-Functional Requirements
- 10 What Are Nonfunctional Requirements and How Do They Impact Product Development?
- 11 Characteristics of Effective Software Requirements and Software Requirements Specifications (SRS)
- 12 8 Do’s and Don’ts for Writing Requirements
- 3. Requirements Gathering and Management Processes
- Overview
- 1 Requirements Engineering
- 2 Requirements Analysis
- 3 A Guide to Requirements Elicitation for Product Teams
- 4 Requirements Gathering Techniques for Agile Product Teams
- 5 What is Requirements Gathering in Software Engineering?
- 6 Defining and Implementing a Requirements Baseline
- 7 Managing Project Scope — Why It Matters and Best Practices
- 8 How Long Do Requirements Take?
- 9 How to Reuse Requirements Across Multiple Products
- 4. Requirements Traceability
- Overview
- 1 How is Traceability Achieved? A Practical Guide for Engineers
- 2 What is Requirements Traceability? Importance Explained
- 3 Tracing Your Way to Success: The Crucial Role of Traceability in Modern Product and Systems Development
- 4 Bidirectional Traceability: What It Is and How to Implement It
- 5 What is Engineering Change Management (ECM)? A Complete Guide
- 6 Change Impact Analysis (CIA): A Short Guide for Effective Implementation
- 7 What is Meant by Version Control?
- 8 What is Requirements Traceability and Why Does It Matter for Product Teams?
- 9 Key Traceability Challenges and Tips for Ensuring Accountability and Efficiency
- 10 The Role of a Data Thread in Product and Software Development
- 11 Unraveling the Digital Thread: Enhancing Connectivity and Efficiency
- 12 What is a Traceability Matrix? A Guide to Requirements Traceability
- 13 How to Create and Use a Requirements Traceability Matrix (RTM)
- 14 Traceability Matrix 101: Why It’s Not the Ultimate Solution for Managing Requirements
- 15 Live Traceability vs. After-the-Fact Traceability
- 16 Overcoming Barriers to Live Requirements Traceability™
- 17 Requirements Traceability, What Are You Missing?
- 18 Four Best Practices for Requirements Traceability
- 19 Requirements Traceability: Links in the Chain
- 20 What Are the Benefits of End-to-End Traceability During Product Development?
- 21 FAQs About Requirements Traceability
- 5. Requirements Management Tools and Software
- Overview
- 1 Selecting the Right Requirements Management Tools and Software
- 2 Why Investing in Requirements Management Software Makes Business Sense During an Economic Downturn
- 3 Why Word and Excel Alone is Not Enough for Product, Software, and Systems Development
- 4 Can You Track Requirements in Excel?
- 5 Application lifecycle management (ALM)
- 6 Is There Life After DOORS®?
- 7 Can You Track Requirements in Jira?
- 8 Checklist: Selecting a Requirements Management Tool
- 6. Requirements Validation and Verification
- 7. Meeting Regulatory Compliance and Industry Standards
- Overview
- 1 Understanding ISO Standards
- 2 Understanding ISO/IEC 27001: A Guide to Information Security Management
- 3 What is DevSecOps? A Guide to Building Secure Software
- 4 Compliance Management
- 5 What is FMEA? Failure Mode and Effects Analysis Guide
- 6 TÜV SÜD: Ensuring Safety, Quality, and Sustainability Worldwide
- 8. Systems Engineering
- Overview
- 1 What is Systems Engineering?
- 2 How Do Engineers Collaborate? A Guide to Streamlined Teamwork and Innovation
- 3 The Systems Engineering Body of Knowledge (SEBoK)
- 4 What is MBSE? Model-Based Systems Engineering Explained
- 5 Digital Engineering Between Government and Contractors
- 6 Digital Engineering Tools: The Key to Driving Innovation and Efficiency in Complex Systems
- 9. Automotive Development
- 10. Medical Device & Life Sciences Development
- Overview
- 1 The Importance of Benefit-Risk Analysis in Medical Device Development
- 2 Software as a Medical Device: Revolutionizing Healthcare
- 3 What’s a Design History File, and How Are DHFs Used by Product Teams?
- 4 Navigating the Risks of Software of Unknown Pedigree (SOUP) in the Medical Device & Life Sciences Industry
- 5 What is ISO 13485? Your Comprehensive Guide to Compliant Medical Device Manufacturing
- 6 What You Need to Know: ANSI/AAMI SW96:2023 — Medical Device Security
- 7 ISO 13485 vs ISO 9001: Understanding the Differences and Synergies
- 8 Failure Modes, Effects, and Diagnostic Analysis (FMEDA) for Medical Devices: What You Need to Know
- 9 Embracing the Future of Healthcare: Exploring the Internet of Medical Things (IoMT)
- 11. Aerospace & Defense Development
- 12. Architecture, Engineering, and Construction (AEC industry) Development
- 13. Industrial Manufacturing & Machinery, Automation & Robotics, Consumer Electronics, and Energy
- 14. Semiconductor Development
- 15. AI in Product Development
- 16. Risk Management
- 17. Product Development Terms and Definitions
Chapter 4: What is Engineering Change Management (ECM)? A Complete Guide
Chapters
- 1. Requirements Management
- Overview
- 1 What is Requirements Management? A Complete Guide
- 2 Why do you need Requirements Management?
- 3 Four Stages of Requirements Management Processes
- 4 Adopting an Agile Approach to Requirements Management
- 5 Status Request Changes
- 6 Conquering the 5 Biggest Challenges of Requirements Management
- 7 Three Reasons You Need a Requirements Management Solution
- 8 Guide to Poor Requirements: Identify Causes, Repercussions, and How to Fix Them
- 2. Writing Requirements
- Overview
- 1 Functional requirements examples and templates
- 2 Identifying and Measuring Requirements Quality
- 3 How to Write a System Requirements Specification (SRS) Document
- 4 The Fundamentals of Business Requirements: Examples of Business Requirements and the Importance of Excellence
- 5 Adopting the EARS Notation to Improve Requirements Engineering
- 6 Jama Connect Advisor™
- 7 Frequently Asked Questions about the EARS Notation and Jama Connect Advisor™
- 8 How to Write an Effective Product Requirements Document (PRD)
- 9 Functional vs. Non-Functional Requirements
- 10 What Are Nonfunctional Requirements and How Do They Impact Product Development?
- 11 Characteristics of Effective Software Requirements and Software Requirements Specifications (SRS)
- 12 8 Do’s and Don’ts for Writing Requirements
- 3. Requirements Gathering and Management Processes
- Overview
- 1 Requirements Engineering
- 2 Requirements Analysis
- 3 A Guide to Requirements Elicitation for Product Teams
- 4 Requirements Gathering Techniques for Agile Product Teams
- 5 What is Requirements Gathering in Software Engineering?
- 6 Defining and Implementing a Requirements Baseline
- 7 Managing Project Scope — Why It Matters and Best Practices
- 8 How Long Do Requirements Take?
- 9 How to Reuse Requirements Across Multiple Products
- 4. Requirements Traceability
- Overview
- 1 How is Traceability Achieved? A Practical Guide for Engineers
- 2 What is Requirements Traceability? Importance Explained
- 3 Tracing Your Way to Success: The Crucial Role of Traceability in Modern Product and Systems Development
- 4 Bidirectional Traceability: What It Is and How to Implement It
- 5 What is Engineering Change Management (ECM)? A Complete Guide
- 6 Change Impact Analysis (CIA): A Short Guide for Effective Implementation
- 7 What is Meant by Version Control?
- 8 What is Requirements Traceability and Why Does It Matter for Product Teams?
- 9 Key Traceability Challenges and Tips for Ensuring Accountability and Efficiency
- 10 The Role of a Data Thread in Product and Software Development
- 11 Unraveling the Digital Thread: Enhancing Connectivity and Efficiency
- 12 What is a Traceability Matrix? A Guide to Requirements Traceability
- 13 How to Create and Use a Requirements Traceability Matrix (RTM)
- 14 Traceability Matrix 101: Why It’s Not the Ultimate Solution for Managing Requirements
- 15 Live Traceability vs. After-the-Fact Traceability
- 16 Overcoming Barriers to Live Requirements Traceability™
- 17 Requirements Traceability, What Are You Missing?
- 18 Four Best Practices for Requirements Traceability
- 19 Requirements Traceability: Links in the Chain
- 20 What Are the Benefits of End-to-End Traceability During Product Development?
- 21 FAQs About Requirements Traceability
- 5. Requirements Management Tools and Software
- Overview
- 1 Selecting the Right Requirements Management Tools and Software
- 2 Why Investing in Requirements Management Software Makes Business Sense During an Economic Downturn
- 3 Why Word and Excel Alone is Not Enough for Product, Software, and Systems Development
- 4 Can You Track Requirements in Excel?
- 5 Application lifecycle management (ALM)
- 6 Is There Life After DOORS®?
- 7 Can You Track Requirements in Jira?
- 8 Checklist: Selecting a Requirements Management Tool
- 6. Requirements Validation and Verification
- 7. Meeting Regulatory Compliance and Industry Standards
- Overview
- 1 Understanding ISO Standards
- 2 Understanding ISO/IEC 27001: A Guide to Information Security Management
- 3 What is DevSecOps? A Guide to Building Secure Software
- 4 Compliance Management
- 5 What is FMEA? Failure Mode and Effects Analysis Guide
- 6 TÜV SÜD: Ensuring Safety, Quality, and Sustainability Worldwide
- 8. Systems Engineering
- Overview
- 1 What is Systems Engineering?
- 2 How Do Engineers Collaborate? A Guide to Streamlined Teamwork and Innovation
- 3 The Systems Engineering Body of Knowledge (SEBoK)
- 4 What is MBSE? Model-Based Systems Engineering Explained
- 5 Digital Engineering Between Government and Contractors
- 6 Digital Engineering Tools: The Key to Driving Innovation and Efficiency in Complex Systems
- 9. Automotive Development
- 10. Medical Device & Life Sciences Development
- Overview
- 1 The Importance of Benefit-Risk Analysis in Medical Device Development
- 2 Software as a Medical Device: Revolutionizing Healthcare
- 3 What’s a Design History File, and How Are DHFs Used by Product Teams?
- 4 Navigating the Risks of Software of Unknown Pedigree (SOUP) in the Medical Device & Life Sciences Industry
- 5 What is ISO 13485? Your Comprehensive Guide to Compliant Medical Device Manufacturing
- 6 What You Need to Know: ANSI/AAMI SW96:2023 — Medical Device Security
- 7 ISO 13485 vs ISO 9001: Understanding the Differences and Synergies
- 8 Failure Modes, Effects, and Diagnostic Analysis (FMEDA) for Medical Devices: What You Need to Know
- 9 Embracing the Future of Healthcare: Exploring the Internet of Medical Things (IoMT)
- 11. Aerospace & Defense Development
- 12. Architecture, Engineering, and Construction (AEC industry) Development
- 13. Industrial Manufacturing & Machinery, Automation & Robotics, Consumer Electronics, and Energy
- 14. Semiconductor Development
- 15. AI in Product Development
- 16. Risk Management
- 17. Product Development Terms and Definitions
What is Engineering Change Management (ECM)? A Complete Guide
Products change constantly during development. Design improvements, regulatory updates, supplier shifts, and lessons from testing all make the end product better. The challenge is making sure every one of those changes is evaluated, approved, and verified before it reaches production, and that’s what engineering change management (ECM) is built for.
This guide covers ECM definitions, process steps, common challenges, best practices, and how requirements traceability keeps changes under control.
What is Engineering Change Management (ECM)?
Engineering change management (ECM) is the formal process that controls how changes to baselined products are proposed, evaluated, approved, implemented, and documented. It’s part of configuration management (CM), and teams across aerospace, automotive, and medical devices rely on it to keep change decisions and the evidence behind them in one traceable record.
Those records have to hold up against regulatory scrutiny. Standards like ISO 10007 and 21 CFR 820 set expectations for how changes are controlled, and most regulated industries have their own requirements on top of that.
How ECRs, ECOs, and ECNs Drive the ECM Process
ECM runs on three documents that move a change from idea to implementation to record. The first is an Engineering Change Request, or ECR. This is where the team documents the proposed change, the reasoning behind it, and a preliminary look at what it might affect. The ECR goes to the Change Control Board (CCB) for review, but on its own it doesn’t authorize any work to begin.
If the CCB approves, it issues an Engineering Change Order (ECO), which is the formal go-ahead. The ECO spells out what needs to happen, who’s responsible, and when the change takes effect. Once the work is done, an Engineering Change Notice (ECN) documents the completed change and communicates the final revision details to manufacturing, service, suppliers, and anyone else who needs to know which configuration is now in force.
Why ECM Matters for Regulated Product Development
The timing and control of engineering changes shapes a program’s cost, schedule, and certification outcome. Without a structured ECM process, changes tend to accumulate consequences that nobody sees until it’s expensive to fix. That cost surfaces in a few places:
- Late-stage rework costs multiply: Peer-reviewed research found that 86% of total program cost is locked in by design freeze. Separately, NASA and software engineering cost-of-change research has consistently shown that rework multipliers can exceed 10x when defects are caught late in the development cycle.
- Coordination overhead grows with every change: Each ECO forces re-alignment across engineering, quality, manufacturing, and test, and frequent changes during new product introduction compound that overhead quickly.
- Compliance gaps go unnoticed: In medical devices, an undocumented change can create a gap between the product and the approved design history file, the kind of gap that triggers recalls and warning letters.
- Audit readiness erodes: Without traceable evidence of who approved what and why, teams end up scrambling to reconstruct the record before audits and regulatory submissions.
A controlled ECM process forces the impact conversation earlier, while there’s still time to adjust design, verification, and supplier plans.
Ready to Find Out More?
Our team of experts is here to answer any questions and learn how we can help enable your continued success. Get started with a free 30-day trial, or book a demo!
The ECM Process Step by Step
Whether you’re working under ISO 10007, EIA-649, or another regulated design control framework, ECM processes generally follow the same basic steps, with variations in terminology and approval routing.
1. Submit an Engineering Change Request (ECR)
The process begins when someone identifies a need to modify an established baseline. Teams document the problem, the proposed fix, which configuration items are affected, and a preliminary assessment of technical, cost, and schedule impact. Teams then classify the change. EIA-649 and its military predecessor MIL-STD-973 distinguish between Class I changes (affecting form, fit, function, safety, or compliance, requiring full CCB approval) and Class II changes (minor corrections that the CCB can delegate).
2. Assess Impact and Risk
Before the CCB commits resources, the downstream effects need to be clear. Teams typically review a few key dimensions:
- Technical feasibility: Engineers confirm interface compatibility, safety constraints, and design integrity, and identify required updates to drawings, code, and specifications.
- Cost and schedule: Program owners estimate budget exposure and shifts to integration, verification, or release milestones.
- Risk: Quality and systems engineering update hazard analyses and failure mode and effects analyses (FMEAs), then confirm the remaining risk is still within acceptable bounds. Teams often manage this in a risk management workflow that keeps risk evidence linked to the change record.
- Regulatory: Regulatory teams determine whether the change affects submissions, standards conformance, or required verification per 21 CFR 820.30(i).
- Supplier: Supply chain teams evaluate effects on procurement and approved vendor lists, and confirm effectivity (the point at which the change takes effect by serial number, lot, or date) to prevent uncontrolled mixing of old and new parts.
These inputs give the CCB what it needs to make a decision backed by evidence rather than assumptions.
3. Review and Approve Through the CCB
Class I changes go to the CCB for a formal decision. The board can approve, reject, or defer, and who sits on it varies by industry, but it typically includes engineering, quality, manufacturing, and configuration management. If the CCB approves, it also approves effectivity, verification evidence requirements, and any rollout constraints.
4. Execute the Engineering Change Order (ECO)
Once approved, the ECR becomes an ECO that authorizes implementation. The ECO covers bill of materials (BOM) changes, affected drawings and specifications, process modifications, effectivity, and an implementation plan. Execution follows the approved plan with updates to documentation, quality inspection, and training. Teams in regulated environments also define rollback criteria so production doesn’t continue against a partially implemented baseline.
5. Verify, Validate, and Close
Once a change is implemented, formal audits confirm it meets functional requirements and documentation standards. In aerospace and defense, teams typically use a Functional Configuration Audit (FCA) for performance and a Physical Configuration Audit (PCA) to check that what was built matches what was approved. The cycle wraps up with status accounting updates, baseline revisions, and archiving. Closure should include verification evidence so the record captures both what was approved and proof that it was actually implemented.
Common ECM Challenges
Even teams with formal ECM procedures hit recurring obstacles, and most trace back to evidence that’s either missing or disconnected from the decision it was supposed to support:
- Siloed teams and poor visibility: When teams can’t see the same baseline, parallel updates become conflicting ones, and that usually means duplicate ECOs, mismatched BOMs, and verification gaps.
- Manual workflows and version control breakdowns: When change workflows run through email and spreadsheets, a team can approve the right change and still ship the wrong configuration because the documentation on the floor isn’t the approved set.
- Losing sight of downstream effects: Poorly defined requirements drive avoidable change orders, especially when ambiguity creates miscommunication between design and supplier teams. Without clear traceability, the evidence linking a change to its downstream impact often doesn’t exist until someone asks for it.
In every case, the gap between what was decided and what actually happened is where audit findings, rework, and compliance risk live.
Best Practices for Effective ECM
Good ECM comes down to governance. Every change needs a clear owner, cross-functional input before approval, and enough documentation to prove the decision was informed.
Define Clear Procedures and Assign Ownership
Assign a single owner to each change, someone responsible for moving it from ECR submission through verification and closure. That owner makes sure nothing stalls between handoffs, and when an auditor asks why a change was made, they can point to a single record that answers the question instead of pulling five people into a room to reconstruct what happened.
Build a Cross-Functional CCB
A CCB pulled from a single discipline will miss things. A material substitution might pass engineering review but create a procurement problem, or a design change might clear quality but break a supplier qualification. Staffing the board with engineering, quality, manufacturing, and regulatory affairs is how those blind spots get caught before approval, and it’s also where effectivity, training needs, and production constraints get validated.
Document Everything and Maintain a Full Audit Trail
Every change record should capture what changed, why it changed, who approved it, what was affected, and how the change was verified. When an auditor or a new team member pulls up an ECO six months later, those five pieces should be there without anyone having to chase them down.
This is also how teams protect themselves from tribal knowledge loss, because when the reasoning is in the record, new engineers don’t have to reopen old debates to understand why a decision was made.
Measure ECM Performance with KPIs
KPIs give engineering leadership early warning when the change system is getting inconsistent or under-documented. Four metrics are worth tracking:
- ECO cycle time: The elapsed time from ECR submission to completed implementation, with targets that typically differ for routine versus major changes.
- Change effectiveness rate: The percentage of changes approved without rework or rejection, where a low rate signals weak upfront analysis.
- Implementation accuracy: The percentage of approved changes executed correctly the first time, tracked closely in regulated programs because errors trigger repeat validation.
- Audit trail completeness: Whether ECM records contain justification, risk evidence, dated approvals, verification results, and documented regulatory impact.
Tracking these metrics helps teams catch process drift before it shows up in an audit.
How Requirements Management Supports ECM
Requirements are change-controlled configuration items, which means every engineering change should link to the requirements it modifies and the test cases that verify it. That traceability is what turns a change log into a proof chain. When any part of it is missing, teams tend to find out through a failed test or an auditor asking for evidence the record doesn’t contain.
That proof chain only works if traceability stays current. Spreadsheet-based matrices fall out of date as soon as a requirement changes, and when upstream requirements shift, downstream artifacts like test cases, risk items, and design elements need to be flagged immediately so owners can assess the consequences before gaps grow.
Bringing ECM Under Control
The teams that run ECM well have one thing in common. They can trace any production configuration back through verification results, approval decisions, and evidence to the original change request. That traceability is what keeps configuration baselines credible and audit evidence current, and it’s what separates engineering governance from paperwork.
Jama Connect®, a requirements management platform for regulated product development, supports this through Live Traceability™, which links requirements, design elements, test cases, and risk items in a single traceable record. When a requirement changes, the system flags each linked artifact so teams can run change impact analysis before the effects spread. Try Jama Connect free for 30 days and see how it connects change decisions to requirements, risk evidence, and verification records in one place.
Frequently Asked Questions About Engineering Change Management
What is the difference between an ECR, ECO, and ECN?
An ECR proposes a change and packages the rationale and impact analysis, but it doesn’t authorize any work to begin. An ECO is the formal go-ahead to implement, issued after the CCB reviews and approves the change. An ECN documents what was done and communicates the final revision details to everyone who needs to know.
What industries rely most on ECM?
Aerospace and defense programs tend to have the most rigorous ECM expectations because configuration audits and effectivity control are central to certification. Medical device manufacturers rely heavily on ECM because FDA design controls and ISO 13485 require documented approval of design changes before implementation. Automotive programs with ISO 26262 requirements face similar pressure.
How does ECM relate to configuration management?
ECM is one of the core functions within configuration management, alongside planning, configuration identification, status accounting, and verification and audit. Configuration management defines what the baseline is and how it’s identified, and ECM controls how that baseline is allowed to change and how you prove each change was properly evaluated.
What should you look for in ECM software?
Engineering teams typically look for software that enforces change workflows, approvals, and effectivity while keeping artifacts linked to the change record. In regulated work, strong traceability, signature control, and audit-ready reporting are common priorities, along with integration into existing application lifecycle management (ALM) and product lifecycle management (PLM) toolchains so change control doesn’t fall apart where one team’s tools end and another’s begin.
In This Webinar, Explores the Change Management Capabilities Within Jama Connect.
Engineering Change Management (ECM) is the formal process that controls how changes to baselined products are proposed, evaluated, approved, implemented, and documented.
Book a Demo
See Jama Connect in Action!
Our Jama Connect experts are ready to guide you through a personalized demo, answer your questions, and show you how Jama Connect can help you identify risks, improve cross-team collaboration, and drive faster time to market.