2.150.1 Configuration Management Policy

Manual Transmittal

January 08, 2021

Purpose

(1) This transmits revised IRM 2.150.1 Configuration Management, Configuration Management Policy.

Material Changes

(1) Removed the moratorium on establishing new Configuration Control Boards (CCBs) and leveraging on existing CCBs.

(2) Added sections required on IRM Program Controls.

Effect on Other Documents

IRM 2.150.1 dated July, 2, 2020 is superseded.

Audience

The Configuration Management Policy is applicable to all Information Technology (IT) organizations, contractors, and other stakeholders having responsibility for configuration, management, oversight, and successful day-to-day operations of the IRS IT enterprise hardware, software, and applicable documentation.

Effective Date

(01-08-2021)

Nancy Sieger
Acting Chief Information Officer

Program Scope and Objectives

  1. Purpose. This IRM describes the formal Information Technology (IT) policy for establishing the IT Configuration Management process. It provides the scope, authority, and mandates for institutionalizing the IT Configuration Management process.

  2. Audience. This policy is applicable to all IT organizations, contractors, and other stakeholders having responsibility for configuration, management, oversight, and successful day-to-day operations of IRS IT enterprise hardware, software, and applicable documentation.

  3. Policy Owner. Demand Management & Project Governance, under Enterprise Operations, Information Technology.

  4. Program Owner. Demand Management & Project Governance establishes the IT Configuration Management Program that will be responsible for management and oversight of the IT Configuration Management process and providing guidance. Based on this Policy, each IT organization may establish an internal or local Configuration Management process to support their specific operating environment based upon the standards defined in the IT Configuration Management process.

  5. Primary Stakeholders. IT organizations having responsibility for establishing an internal or local Configuration Management process that issue instructions to employees are practitioners in the IT Configuration Management Program.

  6. Contact Information. To recommend changes or to make any suggestions to this IRM section, email the IT Configuration Management Program: it.cm.process@irs.gov

Background

  1. This Policy establishes the IT Configuration Management process tailored from industry best practices and standards to support the operational requirements of the IRS.

  2. This Policy enables the IT Configuration Management process to meet certain industry, federal, and regulatory requirements.

Authority

  1. This Policy sanctions the IT Configuration Management process as an enterprise-wide process for the IT organization.

  2. This Policy establishes the IT Configuration Management process standards and best practices for the IT organization.

  3. This Policy is applicable to all IRS IT enterprise hardware, software, and applicable documentation that might impact the IRS IT systems and service performance, operations, and security.

Responsibilities

  1. The Director, Demand Management & Project Governance, is the Process Owner responsible for the IT Configuration Management Program.

  2. The Chief, Process & Document Management, is the Process Manager for the IT Configuration Management Program.

  3. The IT Configuration Management Program is responsible for:

    1. Developing and maintaining the IT Configuration Management policy and process.

    2. Training and coaching Process Practitioners assigned to perform the roles defined in the IT Configuration Management process.

    3. Communicating and socializing Configuration Management throughout the process community and other key stakeholders.

    4. Improving the IT Configuration Management process through process and operational metrics, process reviews and evaluations, and customer interactions.

    5. Conducting and supporting process assessments and audits, where applicable.

  4. Process Practitioners who are responsible for carrying out their roles and responsibilities in the IT Configuration Management process.

Mandates

  1. Establish a Configuration Management Plan that defines the resources (staff and tools), change authority, and appropriate process that will be used to support the configuration item throughout its lifecycle.

  2. Identify, record, control, report, and verify and audit the configuration item, including its attributes and relationships.

  3. Work with Change Management to account for, manage, and protect the integrity of the configuration item throughout its product and service lifecycle.

  4. Ensure the integrity of the configuration item by maintaining an accurate and complete Configuration Management System.

  5. Support efficient and effective service management by providing accurate configuration information.