The correct answer is 'Change management'. Change management policies govern how changes to the IT environment are assessed, approved, and implemented to minimize any negative impact on services, including potential security vulnerabilities. 'Offboarding' is incorrect because it involves processes associated with the departure of an employee, not the implementation of software updates. 'Asset management' is also incorrect as it is concerned with the tracking and protection of company assets, rather than how changes to those assets are managed. 'Acceptable use policy' is not correct as this deals with how employees may use company resources, not with systems updates or changes.