|
|
Abstract
This document contains a set of templates that enable
engineers and managers to implement effective, standards-compliant
software configuration management (CM). The templates found in this
document conform to the software CM requirements specified in standards
ISO/IEC 12207:2008, Software life cycle processes, ISO/IEC 15288:2008, System
life cycle processes, and IEC 62304, Medical
Device Software – Software Life Cycle Processes. These templates
provide generic descriptions and instructions that are compliant with
the above standards and provide a structure within which you can include
project-specific information. Once tailored, the templates become a
complete set of documents that allow implementation of software
configuration management compliant with both international and
project-specific requirements.
Thirteen
templates are provided. They are:
|
Template #
|
Template
Name
|
|
1
|
Software
Configuration Management Policy
|
|
2
|
Software
Configuration Management Strategy
|
|
3
|
Software
Configuration Management Organization Charts
|
|
4
|
Software
Configuration Management Plan
|
|
5
|
Software
Configuration Management Process
|
|
6
|
Software
Configuration Identification Procedure
|
|
7
|
Software
Configuration Change Control Procedure
|
|
8
|
Software
Configuration Status Accounting Procedure
|
|
9
|
Software
Configuration Item Check-in and Check-out Procedure
|
|
10
|
Software
Configuration Audits and Reviews Procedure
|
|
11A
|
Subcontractor
Software Configuration Control Procedure
|
|
11B
|
External
Interface Configuration Control Procedure
|
|
12
|
Software
Product Release and Delivery Procedure
|
In addition to the templates
shown above, this document provides five different aids to help tailor
the templates.
|
|
What's
New in Version 5
Version 5.0 CM templates have
been reviewed and updated to insure compliance with the Software CM
requirements of IEC 62304, Medical
device software – Software life cycle processes. This includes
updates to the Change Control and Software Release templates so that
they can be used for the 62304 Problem Resolution and Software Release
processes as well. In addition, as part of this update, the traceability
section has been updated to show clearly and succinctly how 12207,
15288, and 62304 relate to one another.
Version 5.0 still contains the
many illustrative diagrams introduced in Version 3.0. SEPT believes
these diagrams will continue to provide added value in the
implementation and communication of CM processes.
Version 5.0 Enhancement
|
Description
|
|
Internal
audit of this product
|
SEPT
reviewed and updated this document to meet the software CM
requirements of IEC 62304 while still satisfying the software CM
requirements of the 2008 releases of ISO/IEC 12207 and ISO/IEC
15288.
|
|
62304
traceability matrix updated in
section 1.4
|
This
diagram illustrates the traceability of our templates to the CM
requirements of IEC 62304 as well as two other sections of 62304.
|
|
Updated Template 7 (Change Control)
|
The
Change Control template has been updated to align it more closely
to the diagram appearing in that section. Text has been added to
enable it to serve also as a template for IEC 62304, Problem
Resolution.
|
|
Updated
Template 12 (Software Release)
|
Text
has been added to ensure that this template meets the requirements
for IEC 62304, Software Release.
|
|
| Table
of Contents
|
|
|
|
|
|
| 1 |
Introduction
|
6 |
1.1
|
|
About
Software Configuration Management
|
6
|
| 1.2 |
|
How to Use This Document
|
7 |
| 1.3 |
|
The Software Domain. |
9 |
| 1.4 |
|
Traceability to 12207, 15288, and 62304
- Overview
- 12207
and 15288 Traceability.
9
- 62304
Traceability
|
9
9
9
12 |
| 1.5 |
|
Product Support
13
|
13 |
| 1.6 |
|
Warranties and Liability.
|
13 |
|
|
|
|
| 2 |
Software Configuration Management Templates
|
14 |
| 2.1 |
|
Software Configuration Management Policy.
|
16 |
| 2.2 |
|
Software Configuration Management Strategy |
21 |
| 2.3
|
|
Software Configuration Management Organization Charts.
|
29 |
| 2.4
|
|
Software Configuration Management Plan.
|
33 |
| 2.5
|
|
Software Configuration Management Process.
|
44 |
| 2.6
|
|
Software Configuration Identification Procedure.
|
54 |
| 2.7
|
|
Software Configuration Change Control Procedure.
|
60 |
| 2.8
|
|
Software Configuration Status Accounting Procedure.
|
67 |
| 2.9
|
|
Software Configuration Item Check-in and Check-out Procedure.
|
71
|
| 2.10 |
|
Software Configuration Audits and Reviews Procedure.
|
76 |
| 2.11
|
|
External Interfaces Procedures.
|
88 |
| 2.12
|
|
Software Product Release and Delivery Procedure.
|
88 |
|
|
|
|
| 3 |
|
Software Configuration Management Aids |
94 |
| 3.1 |
|
Aid 1: Acronyms
|
95 |
| 3.2 |
|
Aid 2: Standards
|
100 |
| 3.3 |
|
Aid 3: Software Change Request Data Elements
|
100 |
| 3.4 |
|
Aid 4: Software Status Accounting Data Elements
|
101 |
| 3.5 |
|
Aid 5: Software Documentation Approval Matrix
|
102 |
|
|
|
|
| 4 |
|
About the Author
|
106 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
List
of Figures
Figure 1: Software CM
templates, and aids, and how they relate.
8
Figure 2: Standard’s
document sections and relationships.
10
Figure 3: 12207 Software CM
Requirements Clauses.
11
Figure 4: CM Policy provides
high-level guidance and control.
16
Figure 5: CM Strategy is
guided by policy and focuses plans and procedures.
21
Figure 6: Software CM
organization within a typical large company.
30
Figure 7: CM organization
within a small company.
31
Figure 8: Organization of a
typical software CM group.
31
Figure 9: The configuration
management process showing all its inputs and outputs.
45
Figure 10: Controlled objects
and their relationships and attributes.
46
Figure 11: Conceptual
hierarchy of CM policies, plans, processes, and procedures.
47
Figure 12: Change control
process flow.
62
Figure 13: Check-in/Check-out
used by CM processes.
71
Figure 14: The
check-in/check-out process.
73
Figure 15: Product release and
delivery – the final step.
88
|
|
1.
Introduction
In
the past decade, the need for establishing effective software
configuration management policies and procedures has grown in
conjunction with the need for systems that are complex, fast, accurate,
secure, and safety-critical. From
simple everyday systems that track bank accounts to the complex systems
in airplanes, cars, medical devices, and industrial, or military
products; there is a demand for highly reliable, error-free software
that either supports the development and maintenance of these systems or
is an integral part of them.
This
document provides a set of templates for implementing a software
configuration management process the meets the requirements of ISO/IEC
standards 12207:2008, Software
life cycle processes, 15288:2008, System
life cycle processes, and IEC 62304, Medical
Device Software – Software Life Cycle Processes. These templates
are easy to use, self-explanatory, and do not require expensive training
or extensive experience.
Section
1.4
of this document provides a brief discussion of the ISO/IEC
12207:2008, ISO/IEC 15288:2008, and IEC 62304 standards and provides a
mapping between their requirements and the templates that address them. Note
that in most cases, this document simply refers to “12207” or
“15288” without a version reference. Unless otherwise noted, all
references to these standards refer to the 2008 versions of 12207 and
15288. Likewise, this document simply refers to “62304” and does not
include a reference to its release date (2006).
1.1 About Software Configuration Management
The inclusion of software configuration management as a
top-level process in the software life cycle has proven to be a
necessary and cost effective step in producing and delivering quality
products on time and within specified time and dollar limitations.
Effective configuration management of a system’s software elements is
accomplished by:
- Establishing
a policy that requires the implementation of software configuration
management.
- Defining
a software configuration management strategy that drives subsequent
plans and procedures.
- Establishing
a scheme for software item identification.
- Identifying
the controlled items and item types that are designed, developed, and
delivered.
- Agreeing
to a baseline configuration.
- Enabling
the development of and changes to that agreed upon baseline.
- Recording the events of an
item’s evolution through status accounting records.
It is imperative for companies that build software to
have a clear and concise policy on software configuration management as
well as the procedures to implement it.
A CM policy should be established by executive level management
to provide top-level guidance and constraints to lower level plans and
procedures. This guidance and constraint helps insure consistency across
lower level procedures including compliance with key corporate
objectives.
|
|
Because
software CM procedures may affect the utilization of resources across
company organizations, these procedures should be reviewed and approved
by an appropriate level of management in those organizations. These
organizations can include Quality Management, Engineering, Testing,
Project Management, and the customer (when applicable). The
responsibility for defining and executing CM procedures must be clearly
assigned down an organization as well as across it.
In
large companies or organizations, different groups or projects may have
their own unique CM requirements and resultant policies and procedures.
In such cases, each organization must insure that their unique software
CM plan, strategy, and procedures are aligned with higher-level CM
documents.
How to Use This Document
This document is designed to aid a person, with some
knowledge of software configuration management, implement a sound
software CM system. Expertise in software configuration management is
not required. This document provides templates and aids for software CM
that can be applied to manual or automated methods and can be
implemented by one or more persons depending on the scope and complexity
of the project or organization. These
materials are applicable to projects of all sizes, and are applicable
for all types of products during their life span.
Figure
1
shows the thirteen software CM templates and five CM aids
contained in this document and how they relate to one another. Note, for
example, how higher level documents (organization, strategy, policy,
plan) provide the overall guidance and direction for the establishment
of lower level procedures.
|
 |
|
Figure
1:
Software CM templates, and aids,
and how they relate.
Software CM Templates
Each
subsection of Section 2 (2.1
, 2.3
, etc) is devoted to one of the thirteen templates shown in Figure
1
. Preceding each template, which begins with a title page, is a
brief overview of the area being addressed by that template. Guidance
notations in the templates appear underlined and should be stripped from
the implemented template. Template pages can be distinguished from other
types of pages in this document by the occurrence of the word
“Template” in their page header.
Pages that are not part of a template do not have that word in
their header.
The template serves as a framework for meeting the
unique CM requirements of your organization. Thus, you will have to add
text that provides the necessary detail to carry out the activities
described in each template. Specific tools, data, and geographic
distribution of work products and people will all affect the definition
of an activity and will necessitate the tailoring of each template. The
size and experience of your software staff will also affect the level of
detail
required. You may also have
to modify text for specific domains and end-item types (embedded
software, government software, classified software, etc).
|
|
|
