Just my thoughts here:

I'm not entirely sure integrating change management into patching is worth the effort.

Mainly because right now, with standalone ZPM we simply created a test group of workstations and we blow those up first.

If things go away, we proceed with the rest of the groups

However, this may not work for everyone, but I can see some issues with internally versioning the patches from Lumension/Novell.