Introduction

ISO:10007 is used to enhance common understanding of the subject, to promote the use of
configuration management and to assist organizations applying configuration management to
improve their performance.
This document outlines the responsibilities and authorities before describing the configuration
management process that includes configuration management planning, configuration
identification, change control, configuration status accounting and configuration audit.
Configuration management is a management activity that applies technical and administrative
direction over the life cycle of a product and service, its configuration identification and status,
and related product and service configuration information.
Configuration management documents the product or service configuration. It provides
identification and traceability, the status of achievement of its physical and functional
requirements, and access to accurate information in all phases of the life cycle.
ISO:10007 is divided in to 5 clauses
• Clause 1 Scope • Clause 4 Configuration management
• Clause 2 Normative references responsibility.
• Clause 3 Terms and definitions • Clause 5 Configuration management process.
Clause 1 - Scope
This document provides guidance on the use of configuration management within
an organization. It is applicable to the support of products and services from
concept to disposal.
Clause 3 - Terms and Definitions
• Configuration: interrelated functional and physical characteristics of a product or
service defined in configuration information.
• Configuration Baseline: approved configuration information that establishes the
characteristics of a product or service at a point in time that serves as reference for
activities throughout the life cycle of the product or service
• Configuration Item: entity within a configuration that satisfies an end use function.
• Configuration Status Accounting: formalized recording and reporting of
configuration information, the status of proposed changes and the status of the
implementation of approved changes.
• Configuration Information: requirements for product or service design, realization,
verification, operation and support.
Clause 4 - Configuration Management Responsibility
Responsibilities and authorities
The organization should identify, describe and assign responsibilities and authorities,
including
accountability, related to the configuration management process. The following should be
considered:
• the complexity and nature of the product or service;
• the needs of the different product or service life cycle stages;
• the interfaces between activities directly involved in the configuration management
process;
• the identification of the responsible authority for verifying implementation activities;
• the identification of the dispositioning authority.
Clause 4 - Configuration Management Responsibility
Responsibilities and authorities
Prior to approval of a change, the dispositioning authority should verify that:
• the proposed change is necessary and the consequences would be acceptable;
• the change has been properly documented and categorized;
• the planned activities for the implementation of the change into documented information,
hardware and/or software are satisfactory.
Clause 4 - Configuration Management Responsibility
Dispositioning authority
Prior to approval of a change, the dispositioning authority should verify that:
• the proposed change is necessary and the consequences would be acceptable;
• the change has been properly documented and categorized;
• the planned activities for the implementation of the change into documented information,
hardware and/or software are satisfactory.
Clause 5 - Configuration Management Process
The organization should establish, implement and maintain a configuration management
process. The organization should coordinate the activities of the configuration management
process in order for it to be effective.
The configuration management process should be focused on product or service
requirements (including those of customers or relevant interested parties) , as well as the
application of statutory and regulatory requirements, while taking into account the context
in which it will be performed. The configuration management process should be detailed in a
configuration management plan. This should describe any project-specific documented
information and the extent of their application during the life cycle of the product or service.
Clause 4 - Configuration Management Process
Configuration management planning
Configuration management planning is the foundation for the configuration management process.
Effective planning coordinates configuration management activities in a specific context over the
product or service life cycle. The output of configuration management planning is the configuration
management plan.
The configuration management plan for a specific product or service should:
• be documented and approved;
• be controlled;
• identify the configuration management documented information to be used;
• make reference to relevant documented information of the organization wherever possible;
• describe the required resources and any responsibilities and authorities (including accountability) ,
for carrying out configuration management throughout the life cycle of the product or service.
Clause 4 - Configuration Management Process
Configuration identification
1. Product structure or service capability and selection of configuration items
The selection of configuration items and their inter-relationships should describe the product
structure or service capability. Configuration items should be selected whose functional and
physical characteristics can be managed separately to achieve the overall end-use
performance of the item.
Selection criteria should consider:
• life-cycle of the configuration; • interfaces with other configuration items;
• the application of statutory and regulatory • procurement conditions;
requirements; • support and service.
• criticality in terms of risks and safety;
• new or modified technology, design or
development;
Clause 4 - Configuration Management Process
Configuration identification
2. Configuration Information
Configuration information comprises both definition and operational information. This
typically includes requirements, specifications, design drawings, parts lists, data models, test
specifications, handbooks (for commissioning, maintenance and operation) , plus any specific
requirements concerning decommissioning and disposal.
Configuration information should be relevant and traceable. Naming and numbering
conventions should be established that are unique and ensure proper control of both
configuration items and data and items associated with them. These should take into
consideration the existing naming and numbering conventions of the organization and the
change control information, such as revision status
Clause 4 - Configuration Management Process
Configuration identification
3. Configuration Baselines
A configuration baseline consists of the approved configuration information that represents
the definition of the product or service. Configuration baselines, plus approved changes to
those baselines, represent the current approved configuration.
Configuration baselines should be established whenever it is necessary in the product or
service life cycle to define a reference for further activities or to satisfy a specific
requirement for review.
The level of detail to which the product or service is defined in a configuration baseline
depends on the degree of control required.
Clause 4 - Configuration Management Process
Change control
After the initial release of configuration information, all changes should be controlled. The
potential consequence of a change, customer requirements and the configuration baseline
will affect the degree of control needed to process a proposed change or concession.
The process for controlling the change should be documented and should include the
following:
• a description of, justification for and documented information of the change;
• a categorization of the change, in terms of complexity, resources and scheduling;
• an evaluation of the consequences of the change;
• details of how the change should be dispositioned;
• details of how the change should be implemented and verified.
Clause 4 - Configuration Management Process
Change control
Initiation, identification and documentation of the need for change
A change can be initiated by the organization, by a customer, or by an external provider. Prior to
submission for evaluation to the dispositioning authority, all change proposals should be identified
and retained as documented information.
Change proposals should typically include the following information:
• configuration item(s) and related information to be changed, including details of their title(s) and
current revision status;
• a description of the proposed change;
• details of other configuration items or information that can be affected by the change;
• the interested party preparing the proposal and the date it was prepared;
• the justification of the change;
• the category of the change.
Clause 4 - Configuration Management Process
Change control
Evaluation of change
Evaluations concerning the proposed change should be performed and retained as
documented information. The extent of any evaluation should be based on the complexity of
the product or service and the category of the change, and it should include the following:
• the technical benefits of the proposed change;
• the risks associated with the proposed change;
• the potential consequences on contract, schedule and costs;
• the potential impact of not approving the proposed change.
Clause 4 - Configuration Management Process
Change control
Disposition of change
A process should be established, implemented and maintained for the disposition of change
that identifies the dispositioning authority for each proposed change. This should take into
account the category of the proposed change.
After a proposed change has been evaluated, the dispositioning authority should review the
evaluation and should decide upon the disposition of the change.
The disposition should be retained as documented information. Notice of the disposition
should be distributed to relevant internal and external interested parties.
Clause 4 - Configuration Management Process
Change control
Implementation and verification of change
The implementation of an approved change normally includes:
• changes to the configuration information being released to relevant interested parties;
• actions being taken by relevant internal and external interested parties that are affected by
the change.
After implementation, compliance with the approved change should be verified. This
verification should be retained as documented information to allow traceability.
Clause 4 - Configuration Management Process
Configuration Status Accounting
The configuration status accounting activity results in documented information and reports
that relate to a product or service and its configuration information.
The organization should perform configuration status accounting activities throughout the
life cycle of the product or service in order to support and enable an efficient configuration
management process.
Clause 4 - Configuration Management Process
Configuration Status Accounting
Documented Information
During the configuration identification and change control activities, configuration status
accounting documented information will be created. This documented information allows for
visibility and traceability and for the efficient management of the evolving configuration.
They typically include details of:
• the configuration information (such as identification number, title, effective dates, revision
status, change history and its inclusion in any baseline);
• the product or service configuration (such as part numbers, product design or build status);
• the status of release of new configuration information;
• the processing of changes.
Clause 4 - Configuration Management Process
Configuration Status Accounting
Documented Information
To protect the integrity of the configuration information and to provide a basis for the
control of change, it is recommended that configuration items and related information be
held in an environment:
• that is commensurate with the conditions required (e.g. for computer hardware, software,
data, documented information, drawings);
• that provides protection from loss of integrity or unauthorized change;
• that provides means for disaster recovery;
• that it is available and suitable for use, where and when it is needed;
• that permits retrieval.
Clause 4 - Configuration Management Process
Configuration Status Accounting
Reports
Reports of varying types will be needed for configuration management purposes. Such
reports may cover individual configuration items or the complete product or service.
Typical reports include:
• a list of configuration information included in a specific configuration baseline;
• a list of configuration items and their configuration baselines;
• details of the current revision status and change history;
• status reports on changes and concessions;
• details of the status of a delivered and maintained configuration (e.g. part and traceability
numbers and their revision status) .
Clause 4 - Configuration Management Process
Configuration audit
Configuration audits should be performed in accordance with documented information to
determine whether a product or service conforms to its requirements and configuration
information.
Normally there are two types of configuration audits:
• a functional configuration audit; this is a formal examination to verify that a configuration
item has achieved the functional and performance characteristics specified in its
configuration information;
• a physical configuration audit; this is a formal examination to verify that a configuration
item has achieved the physical characteristics specified in its configuration information.
A configuration audit can be required before the formal acceptance of a configuration item.
It is not intended to replace other forms of verification, review, test or inspection, but will be
affected by the results of these activities.
Structure and Content of a Configuration
Management Plan
General
A configuration management plan should be structured to allow for specific sections addressing the
topics given in the below mentioned heads, which also give guidance on content.
Introductory section
A configuration management plan will need to include an introductory section giving general
information. The following topics are typically addressed in such a section:
• The purpose and scope of the configuration management plan;
• Description of the product or service and configuration item(s) to which the plan applies;
• Schedule to provide guidance on the time-scale of important configuration management activities;
• Description of configuration management tools;
• Related documented information (e.g. configuration management plans from providers);
• Listing of relevant documented information and their interrelationships.
Structure and Content of a Configuration
Management Plan
Policies
The configuration management plan should detail the configuration management policies
that have been agreed with the customer and providers. This should provide the basis for
configuration management activities within the contract, such as:
• policies on the practice of configuration management and related management activities;
• the organization, responsibilities and authorities of relevant interested parties;
• qualification and training;
• the criteria for the selection of configuration items;
• the frequency, distribution and control of reports;
• terminology.
Structure and Content of a Configuration
Management Plan
Configuration identification
The configuration management plan should detail:
• a breakdown structure of configuration items, specifications and other documented
information;
• naming and numbering conventions to be adopted for specifications, drawings,
concessions and changes;
• the method for identification of the revision status;
• the configuration baselines to be established, schedules and the type of configuration
information to be included;
• the use and allocation of serial numbers or other traceability identification;
• documented information defining release processes (including any associated procedures)
for configuration information.
Structure and Content of a Configuration
Management Plan
Change control
The configuration management plan should detail:
• the relationship of the dispositioning authority (see 4.2) of the organization with that of
other relevant interested parties;
• the documented information for the control of changes prior to the establishment of a
contractual configuration baseline;
• the methods for processing changes (including those for customer, or provider initiated
changes) and concessions.
Structure and Content of a Configuration
Management Plan
Configuration status accounting
The configuration management plan should detail
• the methods for collecting, documenting, processing, maintaining, and archiving the data
that are necessary for producing configuration status accounting documented information;
• the definition of the content and format for all configuration status accounting reports.
Structure and Content of a Configuration
Management Plan
Configuration Audit
The configuration management plan should detail:
• a list of configuration audits to be conducted and their occurrence within project
schedules;
• the configuration audit documented information to be used;
• the responsibilities and authorities of relevant internal and external interested parties;
• a definition of the format for configuration audit reports.