The purpose of the configuration management (CM) plan is to establish uniform CM practices to manage the establishment of and changes to the system hardware and software. The plan identifies the physical location of system baselines; the locations in which hard copy documentation is stored; and the automated libraries used to store other documentation and the software components of the system. CM helps maintain the integrity of the system throughout its life cycle and facilitates communication about the system among project team members, users, and other supporting organizations. CM guidelines are applied through the systematic identification, control, and audit of system characteristics. They include the following:
o Configuration identification of functional and physical characteristics of a system through structured documentation baselines;
o Configuration control of changes to the physical and functional characteristics of hardware and software systems and baseline documentation describing them;
o Configuration status accounting about the current configuration and changes to it;
o Configuration audits to verify that system performance and configuration are accurately identified in the baseline documentation; and
o Storage and control of access to the baseline documentation, source code, and executable code.
1. General
2. Configuration Identification
3. Configuration Control
4. Configuration Accounting
5. Configuration Audits
a. Functional Configuration Audit b. Physical Configuration Audit
6. Problem Reporting and Corrective Action
7. Tools, Techniques, and Methodologies
Exhibit 4-3: Configuration Management Plan Outline
A baseline is a documented technical description that becomes a reference point against which changes can be proposed, evaluated, and incorporated. Follow the outline in Exhibit 4-3 to complete the configuration management plan.
1. General
Identify the specific purpose and scope of the CM plan. Name and briefly describe the project covered by the CM plan. Include the name of the configuration
manager for the system who will be responsible for establishing and maintaining the configuration management records for the system. In addition, include plans to establish the change control board. The change control board examines requested changes to the system, direct the change request impact analysis and, based on the results, determine the changes that are to be made and those that are not to be made to the system.
2. Configuration Identification
Cite the project documents that identify and define the configuration baseline characteristics. Identify the following:
o Documentation that establishes the selected system baseline;
o Documentation and media defining code and documentation that are placed under configuration control, and the corresponding version, release, and change status of each deliverable item; and
o System components comprising the application system, to the module level.
Configuration identification serves to clearly delineate the significant characteristics of the system, providing a common language, or referencing scheme, for describing the system. It is the delineation of specific configuration items that will enable all individuals involved in the evolution of the system to communicate effectively, using the common language. Examples of such characteristics include specific functional and data requirements, specific characteristics of the system design and system documentation.
3. Configuration Control
Identify approval/disapproval authority for changes, library controls, and the librarian used for the project. In addition, procedures for controlling the preparation and dissemination of changes to deliverable software and
documentation that have been placed under configuration control. Specific change control and software control procedures are covered in detail.
Change control is a process for determining what changes are to be made to the system. Change control requires the documentation of specific requests for modifications, and a review of the requested modifications, and consideration of their impact on the system, before they are made.
Software control is a set of procedures to ensure that the integrity of the system is preserved when approved changes are being made to the system, or in the event of a disaster and restoration of the system is needed. Software control procedures are particularly important during the operation phase of the life cycle. Software control ensures that changes to the computer programs are developed and tested using a copy of the programs and test database, and do not adversely affect system users. However software control is also important during the development and implementation phases to control changes during the planning and installation of the system.
4. Configuration Accounting
State the procedures for generating documentation that will provide traceability of changes to controlled products and communicate the status of configuration items to management. Identify data content and format of accounting records, and their frequency and distribution.
Configuration accounting is an administrative procedure for maintaining system baselines and monitoring the status of the system throughout the life cycle. The configuration accounting procedure may also include documentation for use by the project team throughout the life cycle.
5. Configuration Audits
State the procedures for preparation and execution of audits for establishing the
traceability of requirements identified for the project. The procedures identify what will be certified and provided to management for approval.
Configuration audits are examinations of the products and related documents submitted for inclusion in a baseline to assure that they are complete, clearly presented, and internally consistent. This examination is oriented to adherence to guidance and standards. These audits support reviews and evaluations of the system by ensuring that required products and documents are complete and provide effective traceability to related products. Audits do not evaluate qualitatively the programmatic and/or technical content of the product. This is done by other reviews and other quality assurance activities. Audits help ensure that the resources used to conduct reviews and evaluations are not applied to products that are not yet ready for the review.
a. Functional Configuration Audit (FCA). Describe the point at which an FCA will be completed and the process to be followed. An FCA is a means of validating that the developer (contractor) has completed the system in accordance with the requirements definition. The FCA ensures that technical documentation and test analysis/reports accurately reflect the functional, operational, and performance characteristics specified.
b. Physical Configuration Audit (PCA). Describe the point at which a PCA will be completed and the process that will be followed. The PCA is a means for validating the system baseline. The PCA ensures that
configuration items are developed as specified in the design documents;
that the items are tested, verified and/or validated successfully and that any differences are resolved.
6. Problem Reporting and Corrective Action
Describe the procedures for reporting, prioritizing, tracking, and resolving problems that result from reviews, audits, and tests.
7. Tools, Techniques, and Methodologies
Identify the automated tools, techniques, and methodologies to be used to support configuration management.