A document or database that contains a report of each change initiation request (CIR) approved or rejected. The document or database must contain: reference to a Cyber Incident Response (CIR); date submitted; date of change; name of affected system; and approval status (approved or rejected).