Main Steps and Tools of Configuration Management

Configuration management (CM) is not a single activity but a cyclic process integrated into the entire software lifecycle. The ISO/IEC/IEEE 828:2012 standard identifies four principal activities:

• Configuration Identification
• Configuration Control
• Configuration Status Accounting
• Configuration Audit

In modern practice, a fifth step — Configuration Verification and Review — is also added for continuous improvement and compliance.

Configuration Identification The first step in CM defines what needs to be managed. It involves:

• Listing all Configuration Items (CIs) (e.g., code, documents, libraries, binaries).
• Assigning each CI a unique identifier (e.g., version tag, build ID).
• Structuring these items into a configuration hierarchy.

Example hierarchy:

Tools & Techniques:

• Version Control Systems: Git, SVN, Mercurial.
• Artefact Repositories: JFrog Artifactory, Nexus.
• Configuration Databases (CMDBs): ServiceNow CMDB, BMC Helix.

Goal: Create a clear inventory of every managed artefact and its dependencies.

Tools and Techniques:

• Issue & Change Tracking: Jira, Redmine, Azure DevOps, Bugzilla.
• Code Review Systems: GitHub Pull Requests, Gerrit, GitLab Merge Requests.
• Workflow Automation: Jenkins, GitHub Actions, Bamboo.

Goal: Ensure that every change is reviewed, justified, and properly recorded before being implemented.

Configuration Status Accounting (CSA) CSA provides visibility into the current state of configurations across the project. It records which versions of CIs exist, where they are stored, and what changes have occurred. Typical outputs include:

• Version histories and change logs.
• Baseline status reports.
• Release documentation and distribution tracking.

Tools & Techniques:

• Version Reporting Tools: Git log, Git tag, or custom CI/CD reports.
• Automated Dashboards: Grafana, Kibana, Jenkins build monitor.
• ALM Suites: IBM Rational Team Concert, Siemens Polarion.

Goal: Provide transparency and traceability, so project managers and auditors can reconstruct the exact configuration of any product version at any point in time.

Configuration Audit A Configuration Audit ensures the product conforms to its baseline and that all changes were properly implemented and documented. It verifies:

• Each configuration item matches its specification.
• All documentation is updated.
• No unauthorised modifications exist.

There are two types:

1. Functional Configuration Audit (FCA): Confirms the system performs as intended.
2. Physical Configuration Audit (PCA): Confirms that the physical implementation matches the design documentation.

Tools & Techniques:

• Automated Compliance Tools: Chef InSpec, OpenSCAP, AWS Config.
• Manual Audits: Checklists and review boards.
• Digital Twin Validation: Comparing digital models with deployed assets ^[3].

Goal: Ensure integrity, consistency, and compliance across the entire configuration baseline.

Configuration Review and Verification This optional step closes the CM loop. It assesses whether CM processes are effective and aligned with project objectives. Activities include:

• Reviewing CM documentation and records.
• Evaluating tool performance and automation coverage.
• Identifying gaps or inefficiencies for improvement.

Tools:

• CM maturity models (CMMI, ISO/IEC 15504).
• Quality management platforms (e.g., Atlassian Confluence for audit documentation).

Goal: Support continuous improvement and process optimisation.

Modern CM relies heavily on automation and integration tools to manage complexity and enforce discipline across teams. These tools can be categorized by function.

Version Control Systems (VCS)