Guideline: Guideline On Technology Configuration Management Audits
This document provides details on types of technology configuration management audits that can be conducted.
Relationships
Related Elements
Main Description

Technology Configuration Management Audits

The technology configuration audits must be conducted to determine that technology configuration items meets their requirements and have been built in accordance with their documentation. When the change is ready for release / delivery, it is necessary to perform a formal review to verify that the changes are made in accordance with the requirements for the approved Change Request.These audits must be conducted before deploying the change into the production environment.

A few benefits in performing configuration audits includes:

  • Provides a mechanism for determining the degree to which the current state of the system is in consistent with the latest baseline and documentation.
  • All required configuration items are produced
  • Maintains the integrity of the configuration baselines
  • Verify whether system meets its functional requirements
  • Verify whether system’s technical documentations are accurate and well maintained
  • Ensures no unauthorized changes have occurred
  • Identify gaps and take immediate corrective actions to overcome the same.

Technology configuration audits must be conducted to ensure that the Configuration Management System is effectively managed as per the Technology Configuration Management process.

Functional Configuration Audit (FCA)

A Functional Configuration Audit must verify that:

  • The development of technology configuration items has been completed satisfactorily
  • The items have achieved the performance & functional characteristics specified
  • Its operational & support documents are complete & satisfactory.

The teams must present the summary of the status of the requirements, the baselines, the CRs along with the verification and validation activities. Any requirement which are not implemented or which could not be tested must be presented to the FCA team.

During the audit process, the FCA team should check the CR register, baselined technical documents, release notes, test reports, pending issues etc. to ensure that the development and testing are performed as per the requirements. At the end of the audit, the FCA team must submit the audit report along with the identified issues. The issues raised from functional configuration audit must be closed with appropriate actions.

Physical Configuration Audit (PCA)

A Physical Configuration Audit must verify that:

  • Each technology configuration item identified as being part of the configuration are present in the product baseline
  • The correct version & revision of each technology document are included in the product baseline
  • Each item corresponds to information contained in the baseline’s configuration status report.

The physical configuration audit typically follows the functional configuration audit and can be performed by the same audit team or a subset of the functional audit team. PCA must ensure that the naming conventions, versioning and physical location of the technology configuration items are in line with the procedure documents and standards.

Some of the PCA findings can be version mismatch of the technology configuration items, improper check-in check-outs, improper naming conventions followed, etc. The issues raised from physical configuration audit must be closed with appropriate actions.