Configuration Management
Lead Authors: John Metcalf, Philip Hallenbeck, Sandrine Gonthier Contributing Author: Garry Roedler
Configuration management (CM) helps teams keep track of changes to a system over its life cycle—ensuring that what’s built matches what was planned, and that everyone stays aligned as updates occur. Simply put, CM is about maintaining a clear, accurate picture of a system as it evolves—tracking changes, managing versions, and avoiding confusion.
As stated in ISO/IEC/IEEE 15288 (6.3.5.1): The purpose of the configuration management process is to manage system and system element configurations over their life cycle. The INCOSE SE Handbook describes CM as a key technical management process, supported by defined roles, resources, and controls. In this article, we may refer to a “system” or “product” depending on the application of the CM process.
Fundamental Concepts
CM and main CM concepts are defined slightly differently according to the various standards. The objective of this article is to provide a general understanding of CM based on common and general principles, usually aligned with INCOSE SE Handbook, ISO 10007, and SAE EIA-649C standards. Before entering in the description of the CM process, it is important to define a few concepts (below).
Applicability
CM applies to any kind of system; any product or process can be considered a system. Therefore, CM addresses hardware, software, services, systems, and systems of systems with equal relevance, or any combination of the above. CM is applicable regardless of the complexity of the system in question.
CM applies throughout the entire life cycle of the system. CM applies to all system life-cycle models and development approaches, with adequate tailoring.
In addition, to master the configuration of a system of interest, the configuration of the associated enabling systems should also be taken into account.
Configuration, Configuration Items, and Configuration Information
The configuration refers to the interrelated functional and physical characteristics outlined in configuration information, as defined by ISO 10007. The system and its individual elements, which fall under Configuration Management, are known as Configuration Items. Their functional and physical characteristics constitute their configuration information.
Configuration information encompasses the comprehensive data necessary to describe and document Configuration Items throughout the entire system life cycle. This includes artifacts produced during the execution of the technical processes, such as requirement specifications, architecture descriptions, design descriptions, and user documentation, as referenced in ISO/IEC/IEEE 15289.
Configuration information is understood as structured and contextualized data related to the system and its artifacts. While data serves as the raw input, information represents the processed output that adds context, relevance, and purpose. The collective set of configuration information associated with a system encapsulates all pertinent elements needed to document its characteristics.
CM fundamental objectives
The objectives of Configuration Management (CM) are to provide means to guarantee consistency between the system and its configuration information, ensure the integrity and traceability of this information and its changes over time, and facilitate reproducibility. These three objectives collectively enable the capabilities to define, realize, transition, operate, maintain, and dispose of the system.
How do you distinguish Configuration Management (CM) from Information Management (IM)?
Configuration Management (CM) and Information Management (IM) processes are interconnected; however, CM focuses on the relevance of information related to the system and its evolution over time, while IM concentrates on the management of the information itself. This includes its generation, collection, validation, transformation, dissemination, and disposal, overseeing the entire life cycle of the information.
CM is concerned with the significance and applicability of information in relation to the specific system elements with which it is associated, referred to as configuration information. While all information can be managed, only configuration information is subject to configuration management.
The CM and IM processes are complementary and closely aligned with the objective of ensuring traceability.
Configuration Management System
To ensure the CM process activities, a dedicated Configuration Management system to enable and support CM.
Process Overview
The Configuration Management process relies on appropriate processes, resources, and controls, to establish and maintain an authoritative source of truth on system configuration.
The CM process consists of activities that are widely used in key standards and references, including ISO/IEC/IEEE 15288, SAE EIA 649, and ISO 10007. The names of these activities may differ through various norms and standards, and in this article, the terms used are:
- Configuration Management Planning and Management
- Configuration Identification
- Configuration Change Management
- Configuration Status Accounting
- Configuration Verification and Audit.
The benefits of using the CM process are maximized when all five activities are planned and executed. These activities are not strictly sequential; rather, they are interrelated and may be applied concurrently and iteratively as needed throughout the system life cycle.
CM Planning and Management
This first activity involves defining the scope and organization of CM tasks. It is considered good practice to formalize the results of this activity in a dedicated CM plan that guides implementation throughout the life cycle.
In terms of organization, the roles in charge of leading the Configuration Management activities on the project need to be defined early in the system life cycle. These roles constitute the CM team. This team is organized according to the size and complexity of the product to be managed and to the organizational rules of the organization. It should at least have a Configuration Manager, who oversees the CM plan.
CM Planning and Management defines the CM scope relevant for the system and for being able to maintain the consistency between the system and its configuration information: CM activities need to be adjusted to the type of system (hardware, software, service or combination of the above), the system life cycle, and to the system complexity, as well to the type of configuration information to be managed and to their criticality.
The activities depend also on the stages of the life cycle that need to be addressed as defined per contract: if all the stages of the life cycle must be managed from conception until retirement, the CM plan covers all these stages.
The CM plan should address the definition of the CM tasks, their organization, their schedule, the responsibilities of the various stakeholders of the system, and the tools to support the CM. CM activities involve most of the stakeholders of the system.
The CM plan should also be developed in consideration of the organizational context and culture. It must adhere to or incorporate applicable policies, procedures, and standards and it must accommodate acquisition, subcontracting and partnership situations, as well as any specific requirements agreements.
Except very specific use cases, CM planning and management should address the remaining activities as described hereafter.
Additional considerations about the Planning and Management of CM activities are provided in “CM implementation.
Configuration Identification
This activity overarches the following task:
- Identify which elements of the system and which information should be under configuration management
- Identify where configuration management is needed among the elements of the system: these elements are called “Configuration Items”, the information related to these elements are their configuration information
- Define the identification rules for Configuration items and configuration information to apply to ensure the unicity, the rules to make these identifiers evolve, and the associated labelling constraints
- Structure the items and their information: this structure reflects the relationships between system items
- Define the rules for validating and releasing the items and the information under configuration management
- Define the baselines to be established at dedicated milestones of the system life cycle.
Note 1: a baseline specifies how a system is viewed for the purposes of management, control, and evaluation; each baseline is fixed at a specific point in time in the system life cycle and represents the current approved configuration; it serves as a basis for defining changes, and generally can only be changed through formal change procedures. See CM baselines for more details about typical CM baselines.
Note 2: depending on the practices and methods, the term “configuration item” may be used to designate anything that should be managed in the configuration management system, which leads to include the system elements and its information in the generic term “configuration items”.
Configuration Change Management
A disciplined Configuration Change Management process is critical for engineering systems.
It encompasses the analysis, justification, evaluation, coordination and disposition of changes to the system and variances to the system (non-compliance to its requirements).
This activity aims to control the evolution of the system, of its elements and of its configuration information throughout the life cycle.
To ensure the missions of the activity, boards are defined to monitor and make key decisions regarding changes and variances process.
These boards are commonly called "Configuration Control Boards (CCBs)" but may also be referred to as "Configuration Steering Boards" or "Change Control Boards (CCBs)". They can also be split into Change Review boards and Change Implementation boards, when separately addressing the decisions about agreeing to the changes and variances and the stage where changes are implemented.
A Configuration Control Board (CCB) typically includes:
- a CCB Chair,
- a Configuration Manager,
- the product or organization systems engineer,
- domain-specific subject-matter experts (SMEs) such as for software or mechanical engineering, product support, and cyber resiliency,
- procurement and contracting specialists.
The CCB dealing with the CM of a dedicated system or product (product CCB) may invite periodic participation from specialized or outside SMEs, including representation from vendors and subcontractors; this however must be carefully managed to ensure that information-access restrictions (especially for competition-sensitive information) is not compromised.
Organizational CCBs may be organized at a wider level and address several systems, products, or product lines and they typically include information technology (IT) and cyber resiliency SMEs who may not be needed on product-focused CCBs.
More advanced considerations about the change management and the related boards are provided in CM implementation.
Configuration Status Accounting
This activity covers all the reporting tasks that aim to provide dedicated reporting about the configuration information and the CM activities. The reports can address a wide range of content, for various purposes: internal reports for the organization and for the internal stakeholders, external reports as part of the deliveries planned in the contract, certificates and conformity reports, etc.
Elaboration
Configuration Management is involved in the management and control of artifacts produced and modified throughout the system life cycle. It is therefore linked to system analysis, system detailed design definition, system realization, system deployment and use, system operation and product and service life management.
CM must also work in conjunction with other technical management processes. These include project planning, project assessment and control, decision management, risk management, information management, and measurement.
This includes CM application to the artifacts of all the other management processes (plans, analyses, reports, statuses, etc.).
Practical Considerations
Refer to CM implementation for detailed considerations about the practical implementation of CM according to context.
Key pitfalls and good practices related to systems engineering CM are described in the next two sections.
Pitfalls
Some of the key pitfalls encountered in planning and performing CM are in Table 1.
| Name | Description |
|---|---|
| Shallow Visibility |
|
| Poor Tailoring |
|
| Limited CM Perspective |
|
| Insufficient CM Awareness |
|
| Lack of CM Plan |
|
| Insufficient CM Checks |
|
Good Practices
Some good practices gathered from the references are provided in Table 2 below.
| Name | Description |
|---|---|
| Cross-Functional CM |
|
| Full Lifecycle Perspective |
|
| CM Planning |
|
| Requirements Traceability |
|
| CCB Hierarchy |
|
| Consistent Identification |
|
| CM Automation |
|
References
Works Cited
ISO/IEC/IEEE 15288:2023, Second Edition. Systems and software engineering — System life cycle processes - International Organization for Standardisation / International Electrotechnical Commissions / Institute of Electrical and Electronics Engineers. ISO/IEC/IEEE 15288:2023
INCOSE. 2023. Systems Engineering Handbook: A Guide for System Life Cycle Processes and Activities, version 5.0. Hoboken, NJ, USA: John Wiley and Sons, Inc, ISBN: 978-1-119-81429-0.
ISO 10007, Third Edition. Quality Management Systems – Guidelines for Configuration Management. International Organization for Standardization (ISO), ISO 10007:2017
Blanchard, B.S. and W J. Fabrycky. 2005. Systems Engineering and Analysis, 4th ed. Prentice-hall international series in industrial and systems engineering. Englewood Cliffs, NJ, USA: Prentice-Hall.
IEEE SWEBOK Version 4 2024. Guide to the Software Engineering Body of Knowledge (SWEBOK). Los Alamitos, CA, USA: IEEE Computer Society. Available at: https://www.computer.org/education/bodies-of-knowledge/software-engineering
SEI. 2010. Capability Maturity Model Integrated (CMMI) for Development, version 1.3. Pittsburgh, PA, USA: Software Engineering Institute (SEI)/Carnegie Mellon University (CMU).
Primary References
ISO/IEC/IEEE 15288:2023, Second Edition. Systems and software engineering — System life cycle processes - International Organization for Standardisation / International Electrotechnical Commissions / Institute of Electrical and Electronics Engineers. ISO/IEC/IEEE 15288:2023
INCOSE. 2023. Systems Engineering Handbook: A Guide for System Life Cycle Processes and Activities, version 5.0. Hoboken, NJ, USA: John Wiley and Sons, Inc, ISBN: 978-1-119-81429-0.
ISO 10007, Third Edition. Quality Management Systems – Guidelines for Configuration Management. International Organization for Standardization (ISO), ISO 10007:2017
ANSI/GEIA. 2019. Configuration Management Standard Implementation Guide. Arlington, VA, USA: American National Standards Institute/Government Electronics & Information Technology Association, EIA649C.
GEIA. 2022. Data Management. Arlington, VA, USA: Government Electronics & Information Technology Association. GEIA-859B.
Additional References
ISO/IEC/IEEE 16236:2019. Systems and Software Engineering - Life Cycle Processes - Project Management. International Organization for Standardisation / International Electrotechnical Commissions / Institute of Electrical and Electronics Engineers - ISO/IEC/IEEE 16326:2019 (Edition 2)
ISO/IEC/IEEE 15289:2019. Systems and software engineering — Content of life-cycle information items. International Organization for Standardisation / International Electrotechnical Commissions / Institute of Electrical and Electronics Engineers - ISO/IEC/IEEE 15289:2019 (Edition 4)
ISO/IEC/IEEE 24748-1:2024. Systems and software engineering — Life cycle management - Part 1: Guidelines for life cycle management. International Organization for Standardisation / International Electrotechnical Commissions / Institute of Electrical and Electronics Engineers - ISO/IEC/IEEE 24748-1:2024 (Edition 2)
ISO/IEC/IEEE 24748-2 Systems and software engineering — Life Cycle Management – Part 2: Guidelines for the Application of ISO/IEC/IEEE 15288
ISO/IEC/IEEE 24748-2:2024. Systems and software engineering — Life cycle management - Part 2: Guidelines for the application of ISO/IEC/IEEE 15288 (system life cycle processes) - International Organization for Standardisation / International Electrotechnical Commissions / Institute of Electrical and Electronics Engineers - ISO/IEC/IEEE 24748-2:2024 (Edition 2)
ECSS-M-ST-40C Rev.1. 2009. Space project management - Configuration and information management. Noordwijk, The Netherlands: European Cooperation for Space Standardization (ECSS)
ANSI/EEIA. 2020. Configuration Management Requirements for Defense Contracts EIA649_1A. Arlington, VA, USA: Government Electronics & Information Technology Association - EIA649_1A
ISO/IEC/IEEE 24748-8:2019 - Systems and software engineering — Life cycle management Part 8: Technical reviews and audits on defense programs - International Organization for Standardisation / International Electrotechnical Commissions / Institute of Electrical and Electronics Engineers - ISO/IEC/IEEE 24748-8:2019 (Edition 1)