2.150.2 Configuration Management

Manual Transmittal

September 25, 2013

Purpose

(1) This transmits revised IRM 2.150.2 Configuration and Change Management, Configuration Management.

Background

This IRM defines service-wide Configuration Management policies per the Configuration and Change Management Directive. Configuration Management (CM) processes and procedures are referenced throughout the document.

Material Changes

(1) This IRM revises the Configuration Management Process Descriptions published July 24, 2013.

Effect on Other Documents


IRM 2.150.2 dated July 24, 2013, is superseded.

Audience


All Information Technology (IT) organizations, employees and contractors.

Effective Date

(09-25-2013)

Related Resources

The following IT CM and ChM artifacts are still in effect:

  • Information Technology Configuration Management Plan

  • Plan and Manage Configuration Management Procedure

  • Configuration Management Process Description

  • Configuration Identification Procedure

  • Configuration Status Accounting Procedure

  • Configuration Audit Procedure

  • CM Audit DID

  • Configuration Management Process Compliance Assessment Procedure

  • Manage Master Data Procedure

  • Configuration Management Plan DID

  • Configuration Management Worksheet DID

Terence V. Milholland
Chief Technology Officer

Configuration Management (CM) Process
1.Introduction

  1. Introduction
    2.150.2.1.1Administration
    All proposed changes to this document should be directed to the Information Technology Enterprise Service Management (ITESM), owner of this process description and be pursued via the Integrated Process Management (IPM) process to clarify and define interfaces, roles, responsibilities, and coordinate participation and collaboration between stakeholders.
    2.150.2.1.2Purpose of Process Description
    This Configuration Management (CM) process description (PD) describes what happens within the CM process and provides an operational definition of the major components of the process. This description specifies, in a complete, precise, and verifiable manner, the requirements, design, behavior characteristics of the CM process. The PD is a documented expression of a set of activities performed to achieve a given purpose. Tailoring of this process in order to meet the individual needs of each project is covered in the Tailoring Guidelines section of this document.

    For the purpose of this document, roles such as Configuration Item (CI) Coordinator and Configuration Auditor are provided to describe a set of responsibilities for performing a particular set of related activities.

    2.150.2.1.3Document Overview
    This document describes a set of interrelated activities, which transform inputs into outputs, to achieve a given purpose and states the guidelines that all projects should follow regarding the CM process. The format and definitions used to describe each of the process steps of the CM process are described below:
    • Purpose –
    The objective of the process step
    • Roles and Responsibilities –
    The responsibilities of the individuals or groups for accomplishing a process step
    • Entry Criteria –
    The elements and conditions (state) necessary to trigger the beginning of a process step.
    • Input –
    Data or material needed to perform the process step. Input can be modified to become an output.
    • Process Activity –
    The list of activities that make up the process step.
    • Output –
    Data or material that are created (artifacts) as part of, produced by, or resulting from performing the process step.
    • Exit Criteria –
    The elements or conditions (state) necessary to trigger the completion of a process step.
    Configuration Management Process Steps
    2.150.2.2Process Overview
    2.150.2.2.1Work Products

    This document describes the activities used to implement all the sub categories of the CM function including, Planning, Configuration Identification, Configuration Control, Status Accounting for the Configuration Items, Auditing and Verification and Managing the Master Configuration data in Information Technology (IT). See each individual procedure for how to conduct the activities.
    This section describes the work products needed to execute the process (known as inputs) as well as those produced by the CM process (known as outputs).
    2.150.2.2.1.1Work Products Used by This Process (Inputs)
    The following work products are used to assist in the implementation of the CM process:
    CM Plan Data Item Description (DID)Template
    •Configuration Items (CI)
    •CI-associated Artifacts
    •Organizational Documents
    •Configuration System Structure Chart
    •Configuration Identification Index (CII)
    •IBM Rational products
    •Computer Associate’s Endevor
    •SquA
    •Work Request Management System (WRMS)
    •Knowledge, Incident, Problem, Service, and Asset Management System (KISAM)
    •Systems Acceptability Testing (SAT) Test Results
    •Final Integration Testing (FIT) Test Results
    •Audit Plan Template
    •Initial Audit Checklist
    •Draft Audit Plan
    •Approved Audit Plan
    •Opening Meeting Agenda
    •Requirements Traceability
    •Tracking Changes
    •Test Documentation
    •Test Witnessing, when applicable
    •Transmittals
    •Verifying technical documentation
    •Approved Audit Report
    •Audit Action Items
    •CI Information
    •Configuration Control Board (CCB) Meeting Minutes
    •Signed Disposition Signature Sheets
    2.150.2.2.2.1.2Work Products Produced by This Process (Outputs)
    The following work products (artifacts) are produced by the CM process and may be used as inputs to other processes, such as Change Management (ChM), Incident Management, or Service Desk.
    •Draft CM Plan
    •Completed CM Worksheet
    •Completed Structure Chart
    •A completed report
    •Audit Outcome
    •Audit Report
    •Updated CM Repository
    2.150.2.2.2.2 Roles and Responsibilities
    This section defines the roles and responsibilities used to support the Configuration Management processes. Roles and Responsibilities should be assigned to individuals who have the knowledge and skills to perform the tasks required. Project roles vary from project to project and maybe performed by a variety of skilled individuals in many different position titles at the IRS.


    2.150.2.150.2.2.3Configuration Management Flow Diagram



    2.150.2.2.3 Configuration Management Process Steps
    2.150.2.2.3.1 Step 1: Plan and Manage CM
    2.150.2.2.3.3.1.1 Purpose
    The purpose of the Plan and Manage CM function is to assure that CM activities are planned, funded, managed, implemented and controlled in accordance with the approved policies and processes; that each program, project or operational system develops and maintains a plan that supports the implementation of CM process and the IT CM Plan; and that responsibilities for organizational level CM activities are explicitly assigned and outlined in their CM Plans
    .2.150.2.2.3.3.1.2 Roles and Responsibilities
    The CM Rep is responsible for identifying and implementing the criteria for automating and maintaining the CM program.
    The Program/Project Manager is responsible for planning and managing CM for a project CI.P
    The CA is responsible for reviewing and approving the CM Plan.
    2.150.2.2.3.3.1.3 Entry Criteria
    Generally, Plan and Manage CM occurs when the CM plan is being developed.
    2.150.2.2.3.3.1.4 Input
    The following are inputs to this process step:
    •CM Plan Data Item Description (DID)Template
    Process Activity
    2.150.2.2.3.3.1.5.1Train Staff in CM Activities
    The manager of the program or project shall ensure that CM practitioners are trained in the objectives, process, procedures, and methods for performing these activities. Managers shall review staff activities periodically and assure process compliance.
    2.150.2.2.3.3.1.5.2Identify CI Level from Standard
    Identify the appropriate level of Configurable Items (CI) and change control for each aspect of the program or project and ensure that CM information is recorded and maintained. An aggregation of software, hardware, and documentation that delivers an end use function.
    2.150.2.2.3.3.1.5.3Develop a CM Plan
    Develop a program or project CM plan utilizing the CM plan DID on the IT PAL. The CM Rep will use the information in the Project Plan, Concept of Operations to author the project CM plan.
    2.150.2.2.3.3.1.5.4Identify Change Authority
    The manager of the program or project shall identify the level of change authority for each of the configurable items.
    2.150.2.2.3.3.1.5.5Identify Configuration Baseline
    CM Rep shall ensure that Configuration Baselines are established for the configurable items
    2.150.2.2.3.3.1.5.6Identify CM Repositories (Definitive Media Libraries [DMLs]).
    CM Rep shall ensure that Configuration Baselines are established for the configurable items in the Definitive Media Libraries.
    The CM Representative shall identify the repositories in use by the program or project and ensure that CM information is recorded and maintained there.
    2.150.2.2.3.3.1.5.7Establish a Project Level Configuration Control Board (CCB)
    Develop a program or project CM plan utilizing the CM plan DID on the IT PAL
    2.150.2.2.3.3.1.6 Output
    The following are outputs to this process step:
    •Draft CM Plan
    2.150.2.2.3.3.1.7 Exit Criteria
    This process step is complete when:
    •The program or project CM Plan has been reviewed and approved by the applicable authority.
    2.150.2.3.2Step 2: Identify Configuration Items
    2.150.2.3.2.1Purpose
    The purpose of the Identify CIs function is to enable an organization to identify what products are owned by the organization and how they fit together.
    2.150.2.3.2.2 Roles and Responsibilities
    CM Rep: Creates and maintains the CM Worksheet.
    SME: Provides knowledge about the CIs to the CM Rep. Creates and maintains the Structure Chart.
    Program/Project Manager: Identifies planned artifacts.
    2.150.2.3.2.3Entry Criteria
    Generally, Identify CIs occurs with the population of a CM Worksheet.
    2.150.2.3.2.4Input
    The following are inputs to this process:
    •CIs
    •CI-associated Artifacts
    •Organizational Documents
    •Structure Chart
    •CII
    2.150.2.3.2.5Process Activity
    1.Determine CI Classification
    The information required to identify uniquely a CI is obtained by requesting a CII from the ITSD branch. A form is also available on the CM website.
    2. Identify and Document CIs, CI associated artifacts and/or organizational products. Enter the information on the CM worksheet.
    3.Document the structure of the CI Create a Structure Chart.
    4.Identify and Document the Baseline Identify the associated baseline type for each of the items on the CM worksheet: Functional, Allocated or Product.
    2.150.2.3.2.6 Output
    The following are outputs to this process step:
    •Completed CM Worksheet
    •Completed Structure Chart
    2.150.2.3.2.7Exit Criteria
    This process step is completed when:
    •Completed CM Worksheet with baselines identified.
    2.150.2.3.3Step 3: Control Configuration
    2.150.2.3.3.1Purpose

    The purpose of this procedure is to outline the steps required to perform Configuration Control within CM. Configuration Control enables an organization to identify what products are owned by the organization and how they fit together. In the Configuration Control process, the CM representative will use Configuration Control to maintain the integrity of Configuration Items (CIs), CI associated artifacts, and other products throughout the product life cycle. Configuration Control is performed by recording the approved CIs and identifying unauthorized changes and discrepancies with the “managed state” (or baseline).


    Please refer to the Change Management (ChM) PD on the IT PAL for Configuration Control.
    2.150.2.3.3.2 Roles and Responsibilities
    The CM Rep is responsible for identifying and implementing the criteria for Change Requests, Request for Change (RFC), and updating the managed baseline. Release Managers or Project Managers/Program Managers are responsible for initiating changes that are transmitted into production.

    2.150.2.3.3.3Entry Criteria
    Generally, Change Configuration occurs in test prior to transmittal into production.
    2.150.2.3.3.4Input
    The following are inputs to this process:
    • CIs
    • CI-associated Artifacts
    • Organizational Documents
    • Structure Chart
    • CII
    • Approval to Transmit a Release from Test to Production based upon the Milestone in the ELC Lifecycle and after successful Configuration Audits
    2.150.2.3.3.5Process Activity
    1.Determine CI Classification
    The information required to identify uniquely a CI is obtained by requesting a CII from the ITSD branch. A form is also available on the CM website.
    2. Identify and Document CIs, CI associated artifacts and/or organizational products. Enter the information on the CM worksheet.
    3.Document the structure of the CI Create a Structure Chart.
    4.Identify and Document the Baseline Identify the associated baseline type for each of the items on the CM worksheet: Functional, Allocated or Product.
    5. Identification and control of the Managed baseline state
    2.150.2.3.3.6 Output
    The following are outputs to this process step:
    •Completed CM Worksheet
    •Completed Structure Chart
    •Approved Change Request or RfC's
    •Approved Transmittals
    2.150.2.3.3.7Exit Criteria
    This process step is completed when:
    •Change Requests and/or RfC's and Transmittals are approved.
    2.150.2.3.4Step 4: Perform Configuration Status Accounting
    2.150.2.3.4.1 Purpose

    The purpose of the Perform CSA function is to execute the recording and reporting of information needed to manage CIs effectively, for example, the status of proposed and approved changes or the status of CIs in the operational inventory.
    The reports from this activity provide visibility into current state, activity status, and configuration information of a product and its documentation.
    Standard reports for ChM are identified in the ChM PD, available on the PAL
    2.150.2.3.4.2Roles and Responsibilities

    CSAR Requestor: Requests an ad hoc or standard CSA
    ITSD: Develops and maintains CM reporting standards.
    Program/Project Managers: Ensure that reports comply with standard formats and are accurate.
    CM Rep: Develops and maintains report requirements, generates and distributes reports.
    Development/Maintenance (D/M) organization: Distributes action items.
    RM received the audit report and action items.
    2.150.2.3.4.3Entry Criteria

    Generally, Perform CSA occurs after the following events have occurred:
    •Request for an ad hoc or standard report. CM reports are a CM worksheet; project baseline deliverables CSAR; audit action items list.

    2.150.2.3.4.4 Input

    The following are inputs to this process:
    •Generally, data from an authoritative source
    •IBM® Rational® products
    •Computer Associate’s Endevor
    •SquA
    •WRMS
    •KISAM System

    2.150.2.3.4.5 Process Activity

    1.Identify the sources of information:
    In the CM Worksheet, identify the size (i.e., number of CIs and components) of the project, the artifacts/products as they relate to each other, and the location of the artifacts
    2.Develop a CSA Report (CSAR):
    In the [Project] Baseline Deliverables CSAR, capture all the baseline deliverables a project has developed, or expects to develop during the life cycle. This CSAR contains only those deliverables that will be placed into a Configuration Baseline.
    3.Identify Baseline
    During Audit Closure, the D/M CM Rep will distribute the audit action items, configuration control the action items, track the status of action items, and provide to the RM CSARs on action item status.
    4.Request Configuration Status Audit Reports
    In the [Project] baseline CSAR, capture all the baseline deliverables a project has developed, or expects to develop during the life cycle. The baseline CSAR contains only those deliverables that will be placed into a Configuration Baseline.
    2.150.2.3.4.6 Output

    The following is an output to this process:
    •A completed report

    2.150.2.3.4.7 Exit Criteria

    This process step is complete when:
    •A completed report

    2.150.2.3.5Step 5: Perform Configuration Audits
    2.150.2.3.5.1 Purpose

    The purpose of the Perform Configuration Audits function is to provide objective data to support the decision to accept, or not to accept, a new or changed product.
    The objective of verification and auditing for Configuration Management is to detect and manage all exceptions to configuration policies, processes, and procedures including security and license use rights. The verification process ensures that configuration records are accurate and complete, and that any recorded changes are approved. Configuration audits help to maintain the integrity of the Enterprise Configuration Management System (ECMS).
    A Functional Configuration Audit (FCA) evaluates a developed product to establish how well the requirements have been met.
    A Physical Configuration Audit (PCA) appraises the technical documentation, against the as-built product, to confirm the documentation’s effectiveness for maintenance, support and operation of the product.
    FCAs and PCAs are performed as needed by the respective projects or programs. Guidance for performing the FCA and PCA is available on the PAL using the CM Audit DID.
    FCAs and PCAs are required for Enterprise Life Cycle (ELC) Milestone 4B exit. Operational systems following planned Maintenance path of ELC are required to perform both a FCA and PCA. These audits shall be involved in the project ELC tailoring plan. The FCA checklist with recommended tailoring is provided for the ELC Planned Maintenance Path. All other paths use the complete FCA checklist.

    2.150.2.3.5.2 Roles and Responsibilities
    Configuration audits are performed by personnel who are not responsible for, or are not performing, the actual Development or Maintenance (D/M) activities, i.e., the auditors must be independent from the D/M organization. Principal roles in the Audits are:
    RM: Serves as the Audit Chair.
    Acquiring Organization (AO) or Independent CM Rep.: Prepares and develops audit function artifacts
    AO or independent (i.e., not from the D/M organization) SME: Verifies product or test result.
    Project Manager: Assists the RM with the conduct of the audit.
    CM Representative: Assists and facilitates with audit tools.
    SME: Assists with technical issues

    2.150.2.3.5.3 Entry Criteria
    Generally, Perform Configuration Audits occurs before the following event has occurred:
    •Milestone Exit 4B

    2.150.2.3.5.4Input

    The following are inputs to this process step:
    • Systems Acceptability Testing (SAT) Test Results
    • Final Integration Testing (FIT) Test Results
    •Audit Plan Template •Initial Audit Checklist
    •Draft Audit Plan •Approved Audit Plan
    •Opening Meeting Agenda
    •Requirements Traceability
    •Tracking Changes
    •Test Documentation
    •Test Witnessing, when applicable
    •Transmittals
    •Verifying technical documentation
    •Approved Audit Report
    •Audit Action Items

    2.150.2.3.5.5Process Activity

    1.Plan the Audit The RM resolves audit issues; the AO CM Rep writes the audit plan and checklist and distributes the audit plan to the team to review.
    2.Prepare for the Audit The AO CM Rep organizes an opening meeting, the RM approves the audit plan, and the D/M CM Rep schedules support resources.
    3.Conduct the Audit The AO CM Rep allocates work assignments, and with the SME, gathers artifacts, documents the objective evidence, and records the results. The AO CM Rep and the RM conduct a checklist walkthrough. The AO CM Rep then drafts the audit report.
    4.Close the Audit The AO CM Rep prepares for and facilitates the out briefing. The RM approves the report and states the audit outcome. If there are outstanding audit action items, the outcome is “Conditionally Approved” and the D/M Manager, D/M CM Rep and the RM track the action items to closure then reevaluate the outcome. If the audit outcome is “Not Approved”, the RM schedules a follow-up audit. If the audit outcome is “Approved”, the audit is concluded.

    2.150.2.3.5.6Output
    The following are outputs to this process step
    •Audit Outcome
    •Audit Report

    2.150.2.3.5.7Exit Criteria
    This process step is complete when:
    •One of the following audit outcomes: Not Approved, Approved, Conditionally Approved

    2.150.2.3.6Step 6: Manage Master Data
    2.150.2.3.6.1 Purpose

    The purpose of Manage Master Data is to place into repositories for Configuration Control, the artifacts identified and the products developed during Configuration Identification.
    2.150.2.3.6.2 Roles and Responsibilities

    D/M organization places products under configuration control in a CM Repository.
    CM Rep: Places artifacts about the CM Process under management in a CM Repository.

    2.150.2.3.6.3 Entry Criteria
    Generally, the Manage Master Data occurs after the following event has occurred:
    •An element of the CM process requiring retention in a repository is created.

    2.150.2.3.6.4Input

    The following are inputs to this process step:
    •CIs
    •CI Information
    •CCB Meeting Minutes
    •Signed Disposition Signature Sheets
    •CSAR Requirement Form
    •CSAR Distribution List
    •CSAR Instructions
    •CSAR Format Template

    2.150.2.3.6.5Process Activity

    1. Validate Data Sets
    For each Input, the CM Rep or the creator of the artifact or product places it in the repository identified for it in the CM Plan.
    Enter the artifact or product’s repository on the CM Worksheet.
    2.Add/Update/Delete Master Data Records
    Each type of master data update needs to be checked for validity and related configurations.
    3.Check Related Configurations
    After the master data record changes have been implemented, the data base must be searched for CIs that are related to the master data record to ensure that the updates do not conflict with the configuration administration.

    2.150.2.3.6.6Output

    The following is an output to this process step:
    •Updated CM Repository

    2.150.2.3.6.7Exit Criteria

    This process step is complete when:
    •CM retention activities are completed.
    2.150.2.4Tailoring Guidelines

    This process may not be tailored to meet specific program or project requirements
    2.150.2.5Process Measurement

    Management will regularly review quantifiable data related to different aspects of the CM process in order to
    make informed decisions and take appropriate corrective action, if necessary.
    2.150.2.6Training

    •CM Overview, ELMS course #23279
    •CM training in Configuration Identification, Configuration Control, Configuration Status Accounting, and Configuration Audits.
    2.150.2.7CMMI, ITIL, PMI Compliance
    The Capability Maturity Model Integrated (CMMI) can be used to judge the maturity of an organization’s processes and related process assets and can be used to plan further improvements. CMMI sets the standard for the essential elements of effective and mature processes, improved with quality and efficiency.
    The Information Technology Infrastructure Library (ITIL) contains a collection of best practices, enabling organizations to build an efficient framework for delivering IT Service Management (ITSM) and ensuring that they are meeting business goals and delivering benefits that facilitate business change, transformation, and growth.
    The Project Management Institute (PMI) organization advances the project management profession through globally recognized standards and certifications.
    This process asset is used to indicate that all artifacts are developed or acquired, incorporating CMMI, ITIL, and PMI requirements, to meet the business objectives of the organization and that they represent investments by the organization that are expected to provide current and future business value to the IRS.
    2.150.2.8.1IT Definitions
    , References 8.1
    IT Definitions A Glossary is available on the IT PAL.
    2.150.2.8.2References

    The following resources are either referenced in this document or were used to create it.
    •IRM 2.150.1, Configuration and Change Management
    •ChM PD
    •CM Plan DID Template
    •CM Worksheet DID
    •CM Audit DID
    •CM Process Compliance Assessment DID
    •Information Technology Infrastructure Library, Service Transition, V3 (2011)
    •Capability Maturity Model Integrated (CMMI) v1.3 for Development
    •ITIL V3 4.3.5.3, Configuration Identification: Identification of Configuration Baselines
    •ITIL V3 4.3.5.5, Status Accounting and Reporting
    •ITILV3 4.3.5.5, Status Accounting and Reporting, Service Asset and Configuration Reports
    •ITILV3 4.3.5.6, Verification and Audit
    •ITILV3 4.3.8, Key Performance Indicators and Metrics