A previous article noted an upcoming revision of ISO 10017: 2017 “Quality management — Guidelines for configuration management.” Configuration management refers to maintaining consistency in a product’s functionality, performance, and physical characteristics by managing its design, operational data, and requirements throughout its lifecycle. A configuration management system typically includes five steps: 

1. Plan 
2. Configuration Identification 
3. Change Control 
4. Documented Information 
5. Audit 

An overview of each step follows: 

Plan 

The plan is documented within the project to outline the requirements and timeline for all involved stakeholders. This plan generally specifies the approval process, which may involve multiple individuals depending on the project’s complexity and related internal or external requirements. 

Configuration Identification 

This phase involves selecting configuration items and documenting their associated information. It begins with identifying configuration items, describing their inter-relationships, and outlining the product structure or service capabilities. Selection criteria may include: 

1. Lifecycle of the configuration 
2. Applicable compliance obligations 
3. Risk and safety criticality 
4. Technological innovation in systems design and development 
5. Interfaces and interdependence between additional configuration items 
6. Procurement restrictions and requirements 

As products or services develop, configuration items should be reviewed. Configuration information must remain traceable and unique, and should be effectively controlled, including names, numbering conventions, and change control data such as revision status. 

Change Control 

After releasing and implementing initial configuration information, it is important to control all subsequent changes. The required level of control is influenced by the potential consequences of changes, customer requirements, and configuration complexity. Changes may be initiated internally, by customers or suppliers. Typical steps in the change control process include: 

1. Identifying configuration items and related information for change 
2. Describing proposed changes 
3. Providing contact details of the requester and submission date 
4. Justifying the change(s) 
5. Determine the level of change 

Following evaluation and approval, decisions are communicated to relevant parties. Effectiveness may be assessed through trials before final approval, and results are documented. Ongoing assessment of effectiveness is part of configuration management’s accounting function, producing records and reports about the product or service and its configuration. 

Documented Information 

Records are generated during identification, change control, and configuration accounting activities. These documents provide visibility and traceability for the project. Project managers often use traceability matrices to track configuration management information. Strict control over records ensures the audit trail from original requirements to final changes. Revision control encompasses not only documentation but also the physical security of project assets. 

Audit 

Final audits of configuration items occur at the end of the process, regardless of how many trials took place. Independent auditors not involved with the project conduct configuration audits according to organizational procedures, verifying that products or services meet their requirements and documented configuration information. There are two main types of audits: 

1. Functional configuration audit: Verifies functional and performance characteristics as specified. 
2. Physical configuration audit: Confirms achievement of the specified physical characteristics. 

While the process can appear complex, establishing and executing a configuration management plan provides a standard approach for future projects.