4.3. CONFIGURATION MANAGEMENT

Purpose

The purpose of Configuration Management (CM) is to establish and maintain the integrity of work products using configuration identification, configuration control, configuration status accounting, and configuration audits.

Introductory Notes

The Configuration Management process area involves the following:
· Identifying the configuration of selected work products that compose the baselines at given points in time
· Controlling changes to configuration items
· Building or providing specifications to build work products from the configuration management system
· Maintaining the integrity of baselines
· Providing accurate status and current configuration data to developers, end users, and customers
The work products placed under configuration management include the products that are delivered to the customer, designated internal work products, acquired products, tools, and other items that are used in creating and describing these work products. (See the definition of “configuration management” in the glossary.)
Acquired products may need to be placed under configuration management by both the supplier and the project. Provisions for conducting configuration management should be established in supplier agreements. Methods to ensure that the data is complete and consistent should be established and maintained.
Refer to the Supplier Agreement Management process area for more information about establishing and maintaining agreements with suppliers.
Examples of work products that may be placed under configuration management include the following:
· Plans
· Process descriptions
· Requirements
· Design data
· Drawings
· Product specifications
· Code
· Compilers
· Product data files
· Product technical publications
Configuration management of work products may be performed at several levels of granularity. Configuration items can be decomposed into configuration components and configuration units. Only the term “configuration item” is used in this process area. Therefore, in these practices, “configuration item” may be interpreted as “configuration component” or “configuration unit” as appropriate. (See the definition of “configuration item” in the glossary.)
Baselines provide a stable basis for continuing evolution of configuration items.
An example of a baseline is an approved description of a product that includes internally consistent versions of requirements, requirement traceability matrices, design, discipline-specific items, and end-user documentation.
Baselines are added to the configuration management system as they are developed. Changes to baselines and the release of work products built from the configuration management system are systematically controlled and monitored via the configuration control, change management, and configuration auditing functions of configuration management.
This process area applies not only to configuration management on projects, but also to configuration management on organizational work products such as standards, procedures, and reuse libraries.
Configuration management is focused on the rigorous control of the managerial and technical aspects of work products, including the delivered system.
This process area covers the practices for performing the configuration management function and is applicable to all work products that are placed under configuration management.
Related Process Areas
Refer to the Project Planning process area for information on developing plans and work breakdown structures, which may be useful for determining configuration items.
Refer to the Project Monitoring and Control process area for more information about performance analyses and corrective actions.

Specific Goal and Practice Summary

SG 1 Establish Baselines
SP 1.1 Identify Configuration Items
SP 1.2 Establish a Configuration Management System
SP 1.3 Create or Release Baselines

SG 2 Track and Control Changes
SP 2.1 Track Change Requests
SP 2.2 Control Configuration Items
SG 3 Establish Integrity
SP 3.1 Establish Configuration Management Records
SP 3.2 Perform Configuration Audits

SG 1 Establish Baselines

Baselines of identified work products are established.

Specific practices to establish baselines are covered by this specific goal. The specific practices under the Track and Control Changes specific goal serve to maintain the baselines. The specific practices of the Establish Integrity specific goal document and audit the integrity of the baselines.

SP 1.1 Identify Configuration Items

Identify the configuration items, components, and related work products that will be placed under configuration management.

Configuration identification is the selection, creation, and specification of the following:
· Products that are delivered to the customer
· Designated internal work products
· Acquired products
· Tools and other capital assets of the project's work environment
· Other items that are used in creating and describing these work products
Items under configuration management will include specifications and interface documents that define the requirements for the product. Other documents, such as test results, may also be included, depending on their criticality to defining the product.
A “configuration item” is an entity designated for configuration management, which may consist of multiple related work products that form a baseline. This logical grouping provides ease of identification and controlled access. The selection of work products for configuration management should be based on criteria established during planning.

Typical Work Products

1. Identified configuration items
Subpractices
1. Select the configuration items and the work products that compose them based on documented criteria.
Example criteria for selecting configuration items at the appropriate work product level include the following:
· Work products that may be used by two or more groups
· Work products that are expected to change over time either because of errors or change of requirements
· Work products that are dependent on each other in that a change in one mandates a change in the others
· Work products that are critical for the project

Examples of work products that may be part of a configuration item include the following:
· Process descriptions
· Requirements
· Design
· Test plans and procedures
· Test results
· Interface descriptions
· Drawings
· Source code
· Tools (e.g., compilers)

2. Assign unique identifiers to configuration items.
3. Specify the important characteristics of each configuration item.
Example characteristics of configuration items include author, document or file type, and programming language for software code files.

4. Specify when each configuration item is placed under configuration management.
Example criteria for determining when to place work products under configuration management include the following:
· Stage of the project lifecycle
· When the work product is ready for test
· Degree of control desired on the work product
· Cost and schedule limitations
· Customer requirements

5. Identify the owner responsible for each configuration item.

SP 1.2 Establish a Configuration Management System

Establish and maintain a configuration management and change management system for controlling work products.

A configuration management system includes the storage media, the procedures, and the tools for accessing the configuration system.
A change management system includes the storage media, the procedures, and tools for recording and accessing change requests.

Typical Work Products

1. Configuration management system with controlled work products
2. Configuration management system access control procedures
3. Change request database
Subpractices
1. Establish a mechanism to manage multiple control levels of configuration management.
The level of control is typically selected based on project objectives, risk, and/or resources. Control levels may vary in relation to the project lifecycle, type of system under development, and specific project requirements.
Example levels of control include the following:
· Create – controlled by author
· Engineering – notification to relevant stakeholders when changes are made
· Development – lower level CCB control
· Formal – higher level CCB control with customer involvement

Levels of control can range from informal control that simply tracks changes made when the configuration items are being developed to formal configuration control using baselines that can only be changed as part of a formal configuration management process.
2. Store and retrieve configuration items in a configuration management system.
Examples of configuration management systems include the following:
· Dynamic (or author’s) systems contain components currently being created or revised. They are in the author’s workspace and are controlled by the author. Configuration items in a dynamic system are under version control.
· Master (or controlled) systems contain current baselines and changes to them. Configuration items in a master system are under full configuration management as described in this process area.
· Static systems contain archives of various baselines released for use. Static systems are under full configuration management as described in this process area.

3. Share and transfer configuration items between control levels within the configuration management system.
4. Store and recover archived versions of configuration items.
5. Store, update, and retrieve configuration management records.
6. Create configuration management reports from the configuration management system.
7. Preserve the contents of the configuration management system.
Examples of preservation functions of the configuration management system include the following:
· Backups and restoration of configuration management files
· Archiving of configuration management files
· Recovery from configuration management errors

8. Revise the configuration management structure as necessary.

SP 1.3 Create or Release Baselines

Create or release baselines for internal use and for delivery to the customer.

A baseline is a set of specifications or work products that has been formally reviewed and agreed on, that thereafter serves as the basis for further development or delivery, and that can be changed only through change control procedures. A baseline represents the assignment of an identifier to a configuration item or a collection of configuration items and associated entities. As a product evolves, several baselines may be used to control its development and testing.

For Systems Engineering
One common set of baselines includes the system-level requirements, system-element-level design requirements, and the product definition at the end of development/beginning of production. These are typically referred to as the “functional baseline,” “allocated baseline,” and “product baseline.”


For Software Engineering
A software baseline can be a set of requirements, design, source code files and the associated executable code, build files, and user documentation (associated entities) that have been assigned a unique identifier.

Typical Work Products

1. Baselines
2. Description of baselines
Subpractices
1. Obtain authorization from the configuration control board (CCB) before creating or releasing baselines of configuration items.
2. Create or release baselines only from configuration items in the configuration management system.
3. Document the set of configuration items that are contained in a baseline.
4. Make the current set of baselines readily available.

SG 2 Track and Control Changes

Changes to the work products under configuration management are tracked and controlled.

The specific practices under this specific goal serve to maintain the baselines after they are established by the specific practices under the Establish Baselines specific goal.

SP 2.1 Track Change Requests

Track change requests for the configuration items.

Change requests address not only new or changed requirements, but also failures and defects in the work products.
Change requests are analyzed to determine the impact that the change will have on the work product, related work products, budget, and schedule.

Typical Work Products

1. Change requests
Subpractices
1. Initiate and record change requests in the change request database.
2. Analyze the impact of changes and fixes proposed in the change requests.
Changes are evaluated through activities that ensure that they are consistent with all technical and project requirements.
Changes are evaluated for their impact beyond immediate project or contract requirements. Changes to an item used in multiple products can resolve an immediate issue while causing a problem in other applications.
3. Review change requests that will be addressed in the next baseline with the relevant stakeholders and get their agreement.
Conduct the change request review with appropriate participants. Record the disposition of each change request and the rationale for the decision, including success criteria, a brief action plan if appropriate, and needs met or unmet by the change. Perform the actions required in the disposition, and report the results to relevant stakeholders.
4. Track the status of change requests to closure.
Change requests brought into the system need to be handled in an efficient and timely manner. Once a change request has been processed, it is critical to close the request with the appropriate approved action as soon as it is practical. Actions left open result in larger than necessary status lists, which in turn result in added costs and confusion.

SP 2.2 Control Configuration Items

Control changes to the configuration items.

Control is maintained over the configuration of the work product baseline. This control includes tracking the configuration of each of the configuration items, approving a new configuration if necessary, and updating the baseline.

Typical Work Products

1. Revision history of configuration items
2. Archives of the baselines
Subpractices
1. Control changes to configuration items throughout the life of the product.
2. Obtain appropriate authorization before changed configuration items are entered into the configuration management system.
For example, authorization may come from the CCB, the project manager, or the customer.

3. Check in and check out configuration items from the configuration management system for incorporation of changes in a manner that maintains the correctness and integrity of the configuration items.
Examples of check-in and check-out steps include the following:
· Confirming that the revisions are authorized
· Updating the configuration items
· Archiving the replaced baseline and retrieving the new baseline

4. Perform reviews to ensure that changes have not caused unintended effects on the baselines (e.g., ensure that the changes have not compromised the safety and/or security of the system).
5. Record changes to configuration items and the reasons for the changes as appropriate.
If a proposed change to the work product is accepted, a schedule is identified for incorporating the change into the work product and other affected areas.
Configuration control mechanisms can be tailored to categories of changes. For example, the approval considerations could be less stringent for component changes that do not affect other components.
Changed configuration items are released after review and approval of configuration changes. Changes are not official until they are released.

SG 3 Establish Integrity

Integrity of baselines is established and maintained.

The integrity of the baselines, established by processes associated with the Establish Baselines specific goal, and maintained by processes associated with the Track and Control Changes specific goal, is provided by the specific practices under this specific goal.

SP 3.1 Establish Configuration Management Records

Establish and maintain records describing configuration items.

Typical Work Products

1. Revision history of configuration items
2. Change log
3. Copy of the change requests
4. Status of configuration items
5. Differences between baselines
Subpractices
1. Record configuration management actions in sufficient detail so the content and status of each configuration item is known and previous versions can be recovered.
2. Ensure that relevant stakeholders have access to and knowledge of the configuration status of the configuration items.
Examples of activities for communicating configuration status include the following:
· Providing access permissions to authorized end users
· Making baseline copies readily available to authorized end users

3. Specify the latest version of the baselines.
4. Identify the version of configuration items that constitute a particular baseline.
5. Describe the differences between successive baselines.
6. Revise the status and history (i.e., changes and other actions) of each configuration item as necessary.

SP 3.2 Perform Configuration Audits

Perform configuration audits to maintain integrity of the configuration baselines.

Configuration audits confirm that the resulting baselines and documentation conform to a specified standard or requirement. Audit results should be recorded as appropriate. (See the glossary for a definition of “configuration audit.”)
Examples of audit types include the following:
· Functional Configuration Audits (FCA) – Audits conducted to verify that the as-tested functional characteristics of a configuration item have achieved the requirements specified in its functional baseline documentation and that the operational and support documentation is complete and satisfactory.
· Physical Configuration Audit (PCA) – Audits conducted to verify that the as-built configuration item conforms to the technical documentation that defines it.
· Configuration management audits – Audits conducted to confirm that configuration management records and configuration items are complete, consistent, and accurate.

Typical Work Products

1. Configuration audit results
2. Action items
Subpractices
1. Assess the integrity of the baselines.
2. Confirm that the configuration management records correctly identify the configuration items.
3. Review the structure and integrity of the items in the configuration management system.
4. Confirm the completeness and correctness of the items in the configuration management system.
Completeness and correctness of the content is based on the requirements as stated in the plan and the disposition of approved change requests.
5. Confirm compliance with applicable configuration management standards and procedures.
6. Track action items from the audit to closure.