A cloud administrator for an ISP identified a vulnerability in the software that controls all the firewall rules for a geographic area. To ensure the software upgrade is properly tested, approved, and applied, which of the following processes should the administrator follow?

A. Configuration management
B. Incident management
C. Resource management
D. Change management