ISO 10007:1995

Quality Management. Guidelines For Configuration Management


The text of the International Standard from Committee ISO/TC 176. "Quality management and quality assurance" of the International Organization for Standardization (ISO) has been taken over as an European Standard by Technical Board of CEN.

This European standard is a guidance document only. It provides a set of guidelines which may be used to improve performance in the field concerned.

Whether and to what extent, the individual clauses are applicable to an organization depends on a set of characteristics which are specific to that organization. These characteristics could typically include the complexity of the organization, the nature of its products, operational methods andthe skill and equipment available.

It also depends on the current performance level of, and objectives set by, the organization.

It follows, that the appropriate application of this guidance document can only be determined by the organization itself.

This guidance document is not to be used to interpret the requirements of EN ISO 9001, EN ISO 9002, EN ISO 9003 or other standards. Neither this document nor its individual clauses are intented for contractual or regulatory use.

This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by February 1997, and conflicting national standards shall be withdrawn at the latest by February 1997.

According to CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and the United Kingdom.

Endorsement notice

The text of the international standard ISO 10007:1995 has been approved by CEN as a European Standard without any modification.
  Note: Normative references to International Standards are listed in annex ZA (normative)


1 Scope
2 Normative references
3 Definitions
4 Configuration management system, description and objectives
4.2.1Configuration management process
4.2.2Organization of configuration management
4.2.3Configuration management procedures and plans
4.2.4Configuration management system audit
5 Configuration management process
5.2Configuration identification
5.2.1Product structure and selection of configuration items
5.2.2Documentation of configuration items
5.2.4Establishment of configuration baselines
5.3Configuration control
5.4Configuration status accounting (CSA
5.5Configuration audit (CA)
6 Organization of configuration management
6.2Structure of configuration management
7 Configuration management procedures
7.2Configuration identification procedures
7.2.1Selection of configuration items (CIs)
7.2.2Documentation of configuration items
7.2.3Numbering conventions
7.2.4Confuguration baselines
7.3Configuration board (CB)
7.4Configuration control procedure
7.4.1Identification and documentation of the need for change
7.4.2Evaluation of change
7.4.3Approval of change
7.4.4Implementation and verification of change
7.5Procedures for configuration status accounting (CSA)
7.6Configuration audit procedures
7.7Configuration management plan (CMP)
8 Configuration management system audit
Annex A Recommended structure and content of a configuration management plan
A.2Policies and procedures
A.3Configuration identification
A.4Configuration control
A.5Configuration status accounting
A.6Configuration audit
Annex B Cross-references to configuration management requirements and quality system elements
Annex C Project phases - Configuration management activities
Annex D Bibliography

1 Scope

This International Standard gives guidance on the use of configuration management in industry and its interface with other management systems and procedures. It first provides a management overview (clause 4), then describes the process, organization and detailed procedures.

It is applicable to the support of projects from concept through to design, development, procurement, production, installation, operation and maintenance and to the disposal of products. It amplifies the configuration management elements found in ISO 9004-1, while annex B provides a correlation between the guidance found in this International Standard and the quality system standards ISO 9001, ISO 9002, ISO 9003 and ISO 9004-1.

The application of configuration management may be tailored to suit individual projects, taking into account the size, complexity and nature of the work.
  NOTE 1 For further guidance related to special applications (e.g. software), refer to the relevant International Standards as listed in annex D.

2 Normative references

The following standards contain provisions which, through reference in this text, constitute provisions of this International Standard. At the time of publication, the editions indicated were valid. All standards are subject to revision, and parties to agreements based on this International Standard are encouraged to investigate the possibility of applying the most recent editions of the standards indicated below. Members of IEC and ISO maintain registers of currently valid International Standards.

ISO 8402:1994, Quality management and quality assurance - Vocabulary.

ISO 10011-1:1990, Guidelines for auditing quality systems - Part 1: Auditing.

ISO 10011-2:1991, Guidelines for auditing quality systems - Part 2: Qualification criteria for quality systems auditors.

ISO 10011-3:1991, Guidelines for auditing quality systems - Part 3: Management of audit programmed.

3 Definitions

For the purposes of this International Standard, the definitions given in ISO 8402 and the following definitions apply.

3.1 configuration: Functional and physical characteristics of a product as defined in technical documents and achieved in the product.

3.2 configuration audit (CA): Examination to determine whether a configuration item conforms to its configuration documents.

3.3 configuration baseline: Configuration of a product, formally established at a specific point in time, which serves as reference for further activities.

3.4 configuration board: Group of technical and administrative experts with the assigned authority and responsible to make decisions on the configuration and its management,
  NOTE 2 This group is frequently known as the configuration control board (CCB).
3.5 configuration control (CC): Activities comprising the control of changes to a configuration item after formal establishment of its configuration documents.
3 Control includes evaluation, coordination, approval or disapproval, and implementation of changes.
4 Implementation of changes includes engineering changes and deviations and waivers with impact on the configuration.
3.6 configuration documents: Documents that define the requirements, design, build/production and verification for a configuration item.
  NOTE 5 Documents can be in the form of any media.
3.7 configuration identification: Activities comprising determination of the product structure, selection of configuration items, documenting the configuration item's physical and functional characteristics including interfaces and subsequent changes, and allocating identification characters or numbers to the configuration items and their documents.

3.8 configuration item (CI): Aggregation of hardware, software, processed materials, services, or any of its discrete portions, that is designated for configuration management and treated as a single entity in the configuration management process.

3.9 configuration management (CM): Technical and organizational activities comprising:

  • configuration identification;
  • configuration control;
  • configuration status accounting;
  • configuration auditing;
3.10 configuration management plan (CMP): Document setting out the organization and procedures for the configuration management of a specific product or project.

3.11 configuration status accounting (CSA): Formalized recording and reporting of the established configuration documents, the status of proposed changes and the status of the implementation of approved changes.

3.12 interface: Physical or functional interaction at the boundary between configuration items.

4 Configuration management system, description and objectives

4.1 General

Configuration management (CM) is a management discipline that applkies technical and administrative direction to the development, production and support life cycle of a configuration item. This discipline is applicable to hardware, software, processed materials, services, and related technical documentation. CM is an integral pasn of life-cycle management. (A typical example thereof is illustrated in annex C.)

Other disciplines involved in the product life cycle (i.e. documentation management, logistic systems, maintenance) may contribute to the CM objectives.

The main objective of CM is to document and provide full visibility of the product's present configuration and on the status of achievement of its physical and functional requirements. Another objective is that everyone working on the project at any time in its life cycle uses correct and accurate documentation.

The following subclause provides an overview of the main elements of a CM system.

4.2 Overview

4.2.1 Configuration management process
The CM process comprises the following integrated activities:
  • configuration identification;
  • configuration control;
  • configuration status accounting;
  • configuration auditing;
These activities are further described in clause 5.
4.2.2 Organization of configuration management
CM should be organized with defined responsibilities and sufficient independence and authority to achieve the required CM objectives.

These activities are further described in clause 6.

4.2.3 Configuration management procedures and plans
Written procedures should be used to describe company policies, activities and conventions related to the CM process.

CM policies, activities and conventions that are specific to a particular programme or project should be defined in a configuration management plan (CMP). The plan may make reference to the company's standard CM procedures.

These activities are further described in clause 7.

4.2.4 Configuration management system audit
CM systems audits should be performed to assess conformance to the CM procedures and plans.

These activities are further described in clause 8.

5 Configuration management process

5.1 General

The activities which are performed within the CM process are described below. It is essential that these activities are fully integrated for this process to be effective.

5.2 Configuration identification

The configuration identification includes the following.
5.2.1 Product structure and selection of configuration items
The product structure should describe the relationship and the position of configuration items in the breakdown of the product.

Configuration items should be selected by applying a decomposition (i.e. breakdown) process to the product using guidance criteria for the selection of configuration items (see 7.2.1).

5.2.2 Documentation of configuration items
All necessary functional and physical characteristics of a configuration item including interfaces, changes, deviations and waivers should be contained in clearly identified documents. These are normally categorized as configuration documents.
5.2.3 Numbering
Numbering conventions should be established and applied to the identification of configuration items, their parts and assemblies, documents, interfaces, changes, deviations and waivers.
5.2.4 Establishment of configuration baselines
Configuration baselines should be established by formal agreement at specific points in time and used as starting points for the formal control of a configuration.

Configuration baselines plus approved changes to those baselines constitute the current approved configuration.

5.3 Configuration control

After the release of configuration documents, all changes should be controlled. The impact of the change, customer requirements and the configuration baseline affected will decide the degree of formality in processing the change and may be the basis for any classification system used for classifying/categorizing the change.

Configuration control involves the following activities, which should be documented in detail in a change-control procedure:

  • document and justify the change,
  • evaluate consequenses of the change,
  • approve or disapprove the change;
  • implement and verify the change;
  • process deviations and waivers.
To protect the integrity of the configuration and to provide a basis for the control of change, it is essential that configuration items, their constituent park and their documentation be held in an environment which:
  • is commensurate with the environmental conditions required (e.g. for computer hardware, software, data, documents, drawings, etc.);
  • protects them from unauthorized change or corruption;
  • provides means for disaster recovery;
  • in the case of software, data, documentation and drawings, permits the controlled retrieval of a copy of the controlled master;
  • supports the achievement of consistency between the as-built/produced state of a configuration and the as-designed state.

5.4 Configuration status accounting (CSA)

Configuration status accounting should commence as and when configuration data are first generated.

CSA should provide information of all configuration identifications and all departures from the specified configuration baselines. It thus enables changes to configuration baselines to be traceable.

CSA records and reports should be a by-product of the identification and control activities. Redundant CSA records should be avoided.

5.5 Configuration audit (CA)

Configuration audits should be performed before the acceptance of a configuration baseline to assure the product complies with its contracted or specified requirements and to assure the product is accurately reflected by its configuration documents (see annex C):

Normally there are two types of configuration audits as follows.

  1. Functional configuration audit: a formal examination to verify that a configuration item has achieved the performance and functional characteristics specified in its configuration documents.
  2. Physical configuration audit: a formal examination of the "as-built/produced" configuration of a configuration item to verify that it conforms to its product configuration documents.
A CA may be required for the formal acceptance of a configuration item.

6 Organization of configuration management

6.1 General

Configuration management should be organized to the extent appropriate to maintain impartiality, independence and integrity to achieve the required CM objectives.

6.2 Structure of configuration management

To enable effective CM, the organizational structure should be defined.

This structure is normally project-related and adapted as necessary to meet the needs of the different lifecycle stages. It should define the relationships between activities directly involved in the CM process. It should include the CM function, interfacing organizations, design, procurement and contracting offices, data management, manufacturing, quality assurance, and other disciplines that may be involved, including as necessary subcontractors and vendors.

The CM organizational structure should ensure the coordination of CM activities with these other disciplines and the assignment of the appropriate authorities and responsibilities for all CM activities.

Within a project organization, the authority to approve configuration baselines and any changes therein (normally a "configuration board") should be identified.

For small projects, the CM responsibilities man be delegated by project management to certain individuals in the project.

7 Configuration management procedures

7.1 General

This clause describes the procedures which comprise an effective CM system. The CM system should be documented in procedures of the organization and referenced in a configuration management plan (CMP). Project-specific procedures and the depth of their application during the life cycle of the product should be defined in a CMP.

7.2 Configuration identification procedures

7.2.1 Selection of configuration items (CIs)
Configuration items are selected by a process of decomposition. This top-down process divides the total product structure into logically related and subordinated aggregates of hardware, software, processed materials, services, or a combination thereof which are selected for CM. Selection of the higher level CIs should start at the early stage of the project (e.g. feasibility and definition phases). Selection of lower level CIs should be completed early in the development phase.

Guidance criteria should be used in the selection of CIs.

The selection of too many CIs affects product visibilty, hampers management and increases cost. The selection of too few CIs, or insufficient decomposition, creates logistic and maintenance difficulties and limits management possibilities.

The main criterion is to select those items whose performance parameters and physical characteristics can be separately managed to achieve the overall end-use performance of the item.

Other selection criteria which should be applied are:

  • critically in terms of high risks, safet, mission success, etc.;
  • new or midified technology, design or development;
  • interfaces with other items;
  • procurement conditions;
  • logistic and maintenance aspects,
7.2.2 Documentation of configuration items
All physical and functional characteristics necessary to define a CI throughout its life cycle should be documented.

Document types typically include specifications, design documents, lists, software data and manuals for operation and maintenance.

Documentation required for a CI depends on the level of control needed. However, all documentation should include relevant information on change and traceability.

7.2.3 Numbering conventions
Numbering conventions should be established and applied to the identification of configuration items, configuration documents and changes, as well as to parts and assemblies.

The numbering conventions should take into account the wxisting corporate or supplier numbering procedures. However, identification numbers must be unique.

The numbering conventions or other information management systems should permit the management of:

  • hierarchical or subordinate relationships between configuration items within the product structure;
  • hierarchical or subordinate relationships of parts and assemblies in each configuration item;
  • relationships between items and documents;
  • relationships between documents and changes;
  • constitution of typical files;
  • other grouping requirements.
7.2.4 Confuguration baselines
A configuration basline consists of all approved documents that represent the definition of the product at a specific point.

Configuration baselines should be established whenever it is necessary to define a reference configuration during the product life cycle which serves as a starting point for further activities.

The level of detail to which the product is defined in a configuration baseline is dependent on the degree of control required. Functional configuration baselines, for example, may consist of only one document, whereas production configuration baselines may include a full document set, including those for tools and processes.

7.3 Configuration board (CB)

The project manager may establish a configuration board with the authority to review and approve/disapprove the CM plan, CM procedures, the selection of configuration items, configuration baselines and changes to those baselines including deviations and waivers.

The members of the CB are typically appointed by the project manager. All required disciplines should be represented on the CB. The CB should be chaired by the project manager or a delegate.

The CB may exist on several levels of authority, for example where contractual requirements need customer involvement in the process, the customer may also establish a CB.

The function of the CB is to verify that:

  • it has the correct authority in relation to the relevant configuration baseline;
  • the change is necessary;
  • the consequences are acceptable
  • the change has been properly documented and classified;
  • the plan for the implementation of the change into documents, hardware and/or software is satisfactory.

7.4 Configuration control procedure

7.4.1 Identification and documentation of the need for change
A change may be initiated internally or by the customer, a subcontractor or a supplier. All change proposals should be documented and should typically include the following information prior to their submission to the CB:
  • configuration item(s) and related documents to be changed, name(s) and revision status;
  • name of the individual preparing the proposal, the organization and date prepared;
  • reason for the change;
  • urgency.
It is recommended that this information be entered on a standard form which will serve as documentation of the steps in the change process.

It is also recommended that the change proposal give a unique identification number at this early stage for ease of traceability and identification.

The status of change processing and the related decisions and the dispositions should be recorded.

Other information, such as classification and priority, may be included to indicate the procedure to be followed.

7.4.2 Evaluation of change
The following typical evaluations concerning the proposed change should be performed and documented:
  • the technical merits of the proposed change;
  • the impact on interchangeability, interfaces, etc., and the necessity for re-identification;
  • the impact on contract, schedule and cost;
  • the impact on manufacturing, test and inspection methods;
  • the impact on purchases and stock;
  • the impact pn maintenance, user handbooks, spare parts and spare-part manuals.
The evaluation criteria as described above may be tailored to suit the complexity of the product.
7.4.3 Approval of change
After the change has been evaluated, an authorized person or group of persons should review the documented evaluations and decide upon approval or disapproval of the change.

The change procedure should identify the authority, responsibility and mode of operation for such people.

The authority for approval/disapproval may vary depending on the significance of the change.

A decision concerning approval/disapproval should be documented and notified to relevant areas.

7.4.4 Implementation and verification of change
The implementation and verification of an approved change normally includes the following steps:
  • changes to the configuration identification should be formally approved;
  • appropriate consequential actions by the affected departments should be initiated;
  • compliance should be verified (design, test, manufacture, etc.).

7.5 Procedures for configuration status accounting (CSA)

7.5.1 General
A prerequisite for correct configuration status accounting is a proper identification and change control.

CSA records and reports information for the management and administration of the CM process and its related activities. It commences with the availability of the first configuration document and continues through the product's life cycle.

7.5.2 Recording
CSA records selected data during the configuration identification and control processes. This allows visibility and traceability for the efficient management of the evolving configuration.

The following types of data are normally reported:

Identification (part number,        \
document number, issue/revision,    |          ______ Documents
serial number)                      |         /
                                    |        /    ___ Changes
Title                               |       /    /
                                     \ ____/____/____ Deviations and waivers
Date                                 /     \    \
                                    |       \    \___ Configuration baselines
Release status                      |        \
                                    |         \______ Configuration items
Implementation status               |
(designed/built/produced standard) _/

The above data should be recorded in a manner that contains the cross-references and interrelationships necessary to provide the required reports.

7.5.3 Reporting
Reports of varying types should be issued at internals necessary for management purposes.

Typical reports are:

  • a list of configuration baseline documents;
  • a list of configuration items and their configuration baselines;
  • current configuration status (such as "as-designed", "as-built/produced");
  • status reports on changes, deviations and verification of changes.
Such reports may be issued to cover individual configuration items or the complete product, and may be prepared using either manual or computer-based systems.

7.6 Configuration audit procedures

Configuration audits should be performed to documented, agreed procedures which include required methods of recording and reporting.

The functional configuration audit (FCA) is conducted by identifying the individual functional and performance requirements of a configuration item as expressed in its functional configuration baseline, then confirming by examination of the review, inspection and test records that the requirements have been achieved.

The physical configuration audit (PCA) is conducted by examining the "as-build/produced" and tested product to its configuration documents to ensure compliance. This audit (in conjunction with the functional configuration audit) confirms that the product (as defined by tis configuration documents) conforms to the physical and functional requirements.

these audits are usually conducted once for each configuration and may be carried out on a progressive basis (see annex D).
  NOTE 5 An audit is not intended to replace other forms of review, test or inspection of an item for conformance or delivery.

7.7 Configuration management plan (CMP)

A configuration management plan exists for application within the organization, for projects or for contractual reasons.

A CMP provides for each project the CM procedures that are to be used, and states who will undertake these and when. In a multilevel contract situation, the CMP of the lead contractor will usually be the main plan. Any subcontractors should prepare their own plan, which may be published as a stand-alone document or be included with that of the lead contractor. The customer should also prepare a CMP that describes the customer involvement in the lead contractor's CM activities. It is essential that all such plans be compatible and that they describe a CM system, that will provide a basis for the practice of CM during later project phases.

The CMP may be one of the management documents that is identified in the contract. The CMP should itself be subject to document control procedures.

It is recommended that the plan make reference to existing procedures of the organization wherever possible to maintain simplicity and avoid duplication. Annex A describes a recommended structure and content for a CMP.

8 Configuration management system audit

CM system audits should be performed to documented procedures of the organization. CM system audits are performed to:
  • verify that the CM system is effective and meets the specified requirements;
  • determine conformity of the applied CM practives to the procedures described in the respective CMP.
The audit may be initiated either by quality assurance, the customer or CM, depending on the contractual situation.

Principles, criteria and practices of the CM system audit should conform to the relevant parts of ISO 10011.

Annex A (normative)
Recommended structure and content of a configuration management plan

A.1 Introduction

This chapter should include general information. The following topics are typical and may be included here:
  • a description of the system or configuration item(s) to which the plan applies;
  • a schedule to provide guidance on the time-scale of important CM activities;
  • the purpose and scope of the CMP;
  • related documents (i.e. CMPs of suppliers, contractors, etc., which have a close connection to the relevanbt CMP).
  • applicable documents and their order of precedence.

A.2 Policies and procedures

This chapter should include elements of CM that have been agreed with the customer or subcontractor and which provide the basis for CM activities within the contract. Such subjects are:
  • policies on the practice of CM and related management disciplines;
  • the CM organization, together with the agreed responsibilities of the configuration board, committees, groups and advisors of the supplier and other involved organizations;
  • the agreed criteria for the selection of configuration items;
  • the frequency, distribution and control of reports, both internally and to the customer;
  • agreed terminology.

A.3 Configuration identification

This chapter should include:
  • a family tree of configuration items, specifications and other top-level documents;
  • the numbering conventions to be adopted for specifications, drawings and changes;
  • configuration baselines to be established, schedules, and the type of documents that will be referred to therein;
  • the use and allocation of serial numbers or other traceability identification;
  • release procedures.

A.4 Configuration control

This chapter should include:
  • the organization, composition and terms of reference of the configuration board and their relationships with the equivalent boards organized by the customer and the subcontractors;
  • procedures for the control of changes prior to the establishment of a contractual configuration baseline;
  • procedures for the processing of changes from the request up to the validation of the change after implementation in the configuration item (this includes customer-initiated changes as well as inhouse or subcontractor changes).

A.5 Configuration status accounting

This chapter should include:
  • procedures for the collectiong, recording, processing and maintaining of data necessary for producing configuration status accounting reports;
  • definition of the content and format for all CM reports.

A.6 Configuration audit

This chapter should include:
  • a list of audits to be conducted and their relationships with project schedules;
  • the audit procedure to be used;
  • the authorities and disciplines involved;
  • a definition of the format for audit reports.

Annex B Cross-references to configuration management requirements and quality system elements

(not available)

Annex C Project phases - Configuration management activities

(not available)

Annex D Bibliography

(not available)