Table of Contents

Risk-Based Configuration Control - Balancing Flexibility with Stability

by Linda Westfall

There is a dichotomy in software configuration management. On one side, individual developers need the flexibility necessary to do creative work, modify code to try out what-if scenarios and make mistakes, learn from them and evolve better software solutions. On the other side, teams need stability to allow code to be shared with confidence, to create builds and perform testing in a consistent environment, and ship high-quality products with confidence. 

Software Configuration Auditing Part 1 - Introduction to SCM Audits

by Linda Westfall

An audit is a planned and independent evaluation of one or more products, processes, projects, or systems to determine conformance or compliance to a set of agreed to requirements. Auditing is an “objective assurance and consulting activity designed to add value and improve an organization’s operations.” [Hutchins-03] Audits provide assurance by validating that the product, process, project and/or system are implemented in accordance with their requirements and objectives. Audits are management information activities because they provide ongoing analysis of the degree to which those implementations are effective and efficient, and they identify opportunities for continuous improvement. Audits also visibly demonstrate management’s support for the quality program.

Software Configuration Auditing Part 2 - Functional Configuration Audits

by Linda Westfall

In the first part of this article, we introduced the three different types of Software Configuration Management Audit:

• Functional Configuration Audit (FCA)
• Physical Configuration Audit (PCA)
• In-Process SCM Audits

We also talked about when these audits occur in the software development life cycle

This second part of the article talks about Functional Configuration Audits and their purpose. It will also provide examples of checklists that could be used during FCA evaluations and suggests evidence-gathering techniques for each item in those checklists.

Software Configuration Auditing Part 3 - Physical Configuration Audits

by Linda Westfall

In the first part of this article, we introduced the three different types of Software Configuration Management Audit:

• Functional Configuration Audit (FCA)
• Physical Configuration Audit (PCA)
• In-Process SCM Audits

We also talked about when these audits occur in the software development life cycle. The second part of this article focused on Functional Configuration Management Audits.

This third part of the article talks about Physical Configuration Audits (PCA) and their purpose. It will also provide examples of checklists that could be used during PCA evaluations and suggests evidence-gathering techniques for each item in those checklists.

Software Configuration Auditing Part 4 - In-Process SCM Audits

by Linda Westfall

In the first part of this article, we introduced the three different types of Software Configuration Management Audit:

• Functional Configuration Audit (FCA) (discussed in Part 2)
• Physical Configuration Audit (PCA) (discussed in Part 3)
• In-Process SCM Audits (discussed in this part of the article)

In this fourth part of the article, we will discuss In-process Software Configuration Management (SCM) audits are performed throughout the software life cycle to provide management with an ongoing independent evaluation of the:

• Adequacy of the organization’s SCM policies, plans, processes and systems to meet the organization’s objectives
• Ongoing compliance to those documented SCM policies, plans, processes and systems
• Ongoing conformance of the configuration items to their requirements and workmanship standards
• Effectiveness of the SCM plans, processes and systems, and their implementation (e.g., SCM training of personnel and SCM tool capabilities)
• Efficiency of resource utilization
• Identification of areas for continuous improvement to SCM plans, processes, systems and products.