Quality Management. Guidelines For Configuration Management
This European standard is a guidance document only. It provides a set of guidelines which may be used to improve performance in the field concerned.
Whether and to what extent, the individual clauses are applicable to an organization depends on a set of characteristics which are specific to that organization. These characteristics could typically include the complexity of the organization, the nature of its products, operational methods andthe skill and equipment available.
It also depends on the current performance level of, and objectives set by, the organization.
It follows, that the appropriate application of this guidance document can only be determined by the organization itself.
This guidance document is not to be used to interpret the requirements of EN ISO 9001, EN ISO 9002, EN ISO 9003 or other standards. Neither this document nor its individual clauses are intented for contractual or regulatory use.
This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by February 1997, and conflicting national standards shall be withdrawn at the latest by February 1997.
According to CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and the United Kingdom.
Endorsement noticeThe text of the international standard ISO 10007:1995 has been approved by CEN as a European Standard without any modification.
1 ScopeThis International Standard gives guidance on the use of configuration management in industry and its interface with other management systems and procedures. It first provides a management overview (clause 4), then describes the process, organization and detailed procedures.
It is applicable to the support of projects from concept through to design, development, procurement, production, installation, operation and maintenance and to the disposal of products. It amplifies the configuration management elements found in ISO 9004-1, while annex B provides a correlation between the guidance found in this International Standard and the quality system standards ISO 9001, ISO 9002, ISO 9003 and ISO 9004-1.
The application of configuration management may be tailored to suit individual projects, taking into account the size, complexity and nature of the work.
2 Normative referencesThe following standards contain provisions which, through reference in this text, constitute provisions of this International Standard. At the time of publication, the editions indicated were valid. All standards are subject to revision, and parties to agreements based on this International Standard are encouraged to investigate the possibility of applying the most recent editions of the standards indicated below. Members of IEC and ISO maintain registers of currently valid International Standards.
ISO 8402:1994, Quality management and quality assurance - Vocabulary.
ISO 10011-1:1990, Guidelines for auditing quality systems - Part 1: Auditing.
ISO 10011-2:1991, Guidelines for auditing quality systems - Part 2: Qualification criteria for quality systems auditors.
3 DefinitionsFor the purposes of this International Standard, the definitions given in ISO 8402 and the following definitions apply.
3.1 configuration: Functional and physical characteristics of a product as defined in technical documents and achieved in the product.
3.2 configuration audit (CA): Examination to determine whether a configuration item conforms to its configuration documents.
3.3 configuration baseline: Configuration of a product, formally established at a specific point in time, which serves as reference for further activities.
3.4 configuration board: Group of technical and administrative experts with the assigned authority and responsible to make decisions on the configuration and its management,
3.8 configuration item (CI): Aggregation of hardware, software, processed materials, services, or any of its discrete portions, that is designated for configuration management and treated as a single entity in the configuration management process.
3.9 configuration management (CM): Technical and organizational activities comprising:
3.11 configuration status accounting (CSA): Formalized recording and reporting of the established configuration documents, the status of proposed changes and the status of the implementation of approved changes.
4 Configuration management system, description and objectives
4.1 GeneralConfiguration management (CM) is a management discipline that applkies technical and administrative direction to the development, production and support life cycle of a configuration item. This discipline is applicable to hardware, software, processed materials, services, and related technical documentation. CM is an integral pasn of life-cycle management. (A typical example thereof is illustrated in annex C.)
Other disciplines involved in the product life cycle (i.e. documentation management, logistic systems, maintenance) may contribute to the CM objectives.
The main objective of CM is to document and provide full visibility of the product's present configuration and on the status of achievement of its physical and functional requirements. Another objective is that everyone working on the project at any time in its life cycle uses correct and accurate documentation.
4.2.1 Configuration management processThe CM process comprises the following integrated activities:
4.2.2 Organization of configuration managementCM should be organized with defined responsibilities and sufficient independence and authority to achieve the required CM objectives.
4.2.3 Configuration management procedures and plansWritten procedures should be used to describe company policies, activities and conventions related to the CM process.
CM policies, activities and conventions that are specific to a particular programme or project should be defined in a configuration management plan (CMP). The plan may make reference to the company's standard CM procedures.
4.2.4 Configuration management system auditCM systems audits should be performed to assess conformance to the CM procedures and plans.
5 Configuration management process
5.1 GeneralThe activities which are performed within the CM process are described below. It is essential that these activities are fully integrated for this process to be effective.
5.2 Configuration identificationThe configuration identification includes the following.
5.2.1 Product structure and selection of configuration itemsThe product structure should describe the relationship and the position of configuration items in the breakdown of the product.
5.2.2 Documentation of configuration itemsAll necessary functional and physical characteristics of a configuration item including interfaces, changes, deviations and waivers should be contained in clearly identified documents. These are normally categorized as configuration documents.
5.2.3 NumberingNumbering conventions should be established and applied to the identification of configuration items, their parts and assemblies, documents, interfaces, changes, deviations and waivers.
5.2.4 Establishment of configuration baselinesConfiguration baselines should be established by formal agreement at specific points in time and used as starting points for the formal control of a configuration.
5.3 Configuration controlAfter the release of configuration documents, all changes should be controlled. The impact of the change, customer requirements and the configuration baseline affected will decide the degree of formality in processing the change and may be the basis for any classification system used for classifying/categorizing the change.
Configuration control involves the following activities, which should be documented in detail in a change-control procedure:
5.4 Configuration status accounting (CSA)Configuration status accounting should commence as and when configuration data are first generated.
CSA should provide information of all configuration identifications and all departures from the specified configuration baselines. It thus enables changes to configuration baselines to be traceable.
5.5 Configuration audit (CA)Configuration audits should be performed before the acceptance of a configuration baseline to assure the product complies with its contracted or specified requirements and to assure the product is accurately reflected by its configuration documents (see annex C):
Normally there are two types of configuration audits as follows.
6 Organization of configuration management
6.1 GeneralConfiguration management should be organized to the extent appropriate to maintain impartiality, independence and integrity to achieve the required CM objectives.
6.2 Structure of configuration managementTo enable effective CM, the organizational structure should be defined.
This structure is normally project-related and adapted as necessary to meet the needs of the different lifecycle stages. It should define the relationships between activities directly involved in the CM process. It should include the CM function, interfacing organizations, design, procurement and contracting offices, data management, manufacturing, quality assurance, and other disciplines that may be involved, including as necessary subcontractors and vendors.
The CM organizational structure should ensure the coordination of CM activities with these other disciplines and the assignment of the appropriate authorities and responsibilities for all CM activities.
Within a project organization, the authority to approve configuration baselines and any changes therein (normally a "configuration board") should be identified.
7 Configuration management procedures
7.1 GeneralThis clause describes the procedures which comprise an effective CM system. The CM system should be documented in procedures of the organization and referenced in a configuration management plan (CMP). Project-specific procedures and the depth of their application during the life cycle of the product should be defined in a CMP.
7.2 Configuration identification procedures
7.2.1 Selection of configuration items (CIs)Configuration items are selected by a process of decomposition. This top-down process divides the total product structure into logically related and subordinated aggregates of hardware, software, processed materials, services, or a combination thereof which are selected for CM. Selection of the higher level CIs should start at the early stage of the project (e.g. feasibility and definition phases). Selection of lower level CIs should be completed early in the development phase.
Guidance criteria should be used in the selection of CIs.
The selection of too many CIs affects product visibilty, hampers management and increases cost. The selection of too few CIs, or insufficient decomposition, creates logistic and maintenance difficulties and limits management possibilities.
The main criterion is to select those items whose performance parameters and physical characteristics can be separately managed to achieve the overall end-use performance of the item.
Other selection criteria which should be applied are:
7.2.2 Documentation of configuration itemsAll physical and functional characteristics necessary to define a CI throughout its life cycle should be documented.
Document types typically include specifications, design documents, lists, software data and manuals for operation and maintenance.
7.2.3 Numbering conventionsNumbering conventions should be established and applied to the identification of configuration items, configuration documents and changes, as well as to parts and assemblies.
The numbering conventions should take into account the wxisting corporate or supplier numbering procedures. However, identification numbers must be unique.
The numbering conventions or other information management systems should permit the management of:
7.2.4 Confuguration baselinesA configuration basline consists of all approved documents that represent the definition of the product at a specific point.
Configuration baselines should be established whenever it is necessary to define a reference configuration during the product life cycle which serves as a starting point for further activities.
The level of detail to which the product is defined in a configuration baseline is dependent on the degree of control required. Functional configuration baselines, for example, may consist of only one document, whereas production configuration baselines may include a full document set, including those for tools and processes.
7.3 Configuration board (CB)The project manager may establish a configuration board with the authority to review and approve/disapprove the CM plan, CM procedures, the selection of configuration items, configuration baselines and changes to those baselines including deviations and waivers.
The members of the CB are typically appointed by the project manager. All required disciplines should be represented on the CB. The CB should be chaired by the project manager or a delegate.
The CB may exist on several levels of authority, for example where contractual requirements need customer involvement in the process, the customer may also establish a CB.
The function of the CB is to verify that:
7.4 Configuration control procedure
7.4.1 Identification and documentation of the need for changeA change may be initiated internally or by the customer, a subcontractor or a supplier. All change proposals should be documented and should typically include the following information prior to their submission to the CB:
It is also recommended that the change proposal give a unique identification number at this early stage for ease of traceability and identification.
The status of change processing and the related decisions and the dispositions should be recorded.
7.4.2 Evaluation of changeThe following typical evaluations concerning the proposed change should be performed and documented:
7.4.3 Approval of changeAfter the change has been evaluated, an authorized person or group of persons should review the documented evaluations and decide upon approval or disapproval of the change.
The change procedure should identify the authority, responsibility and mode of operation for such people.
The authority for approval/disapproval may vary depending on the significance of the change.
7.4.4 Implementation and verification of changeThe implementation and verification of an approved change normally includes the following steps:
7.5 Procedures for configuration status accounting (CSA)
7.5.1 GeneralA prerequisite for correct configuration status accounting is a proper identification and change control.
CSA records and reports information for the management and administration of the CM process and its related activities. It commences with the availability of the first configuration document and continues through the product's life cycle.
7.5.2 RecordingCSA records selected data during the configuration identification and control processes. This allows visibility and traceability for the efficient management of the evolving configuration.
The following types of data are normally reported:
7.5.3 ReportingReports of varying types should be issued at internals necessary for management purposes.
Typical reports are:
7.6 Configuration audit proceduresConfiguration audits should be performed to documented, agreed procedures which include required methods of recording and reporting.
The functional configuration audit (FCA) is conducted by identifying the individual functional and performance requirements of a configuration item as expressed in its functional configuration baseline, then confirming by examination of the review, inspection and test records that the requirements have been achieved.
The physical configuration audit (PCA) is conducted by examining the "as-build/produced" and tested product to its configuration documents to ensure compliance. This audit (in conjunction with the functional configuration audit) confirms that the product (as defined by tis configuration documents) conforms to the physical and functional requirements.
these audits are usually conducted once for each configuration and may be carried out on a progressive basis (see annex D).
7.7 Configuration management plan (CMP)A configuration management plan exists for application within the organization, for projects or for contractual reasons.
A CMP provides for each project the CM procedures that are to be used, and states who will undertake these and when. In a multilevel contract situation, the CMP of the lead contractor will usually be the main plan. Any subcontractors should prepare their own plan, which may be published as a stand-alone document or be included with that of the lead contractor. The customer should also prepare a CMP that describes the customer involvement in the lead contractor's CM activities. It is essential that all such plans be compatible and that they describe a CM system, that will provide a basis for the practice of CM during later project phases.
The CMP may be one of the management documents that is identified in the contract. The CMP should itself be subject to document control procedures.
It is recommended that the plan make reference to existing procedures of the organization wherever possible to maintain simplicity and avoid duplication. Annex A describes a recommended structure and content for a CMP.
8 Configuration management system auditCM system audits should be performed to documented procedures of the organization. CM system audits are performed to:
Annex A (normative)