CM to improve safety and security

Configuration Management (CM) needs to be a core process in software development and IT service management. In engineering disciplines, the product or service is only as good as the process used to create it or run it. CM focuses on:

  • Establishing and maintaining consistency
  • Provides the control and tracking throughout the lifecycle
  • Provides the visibility to demonstrate adherence to processes

Without this level of control and oversight, and lack of systematic change, problems are introduced during software, product or service development lifecycle such as:

  • Acceptance of incorrect requirements
  • Implementation of incorrect designs
  • Incorrect software tools and languages used for development
  • Testing of the wrong software or software versions
  • Performing the wrong tests of software and services
  • Release of incorrect versions of the software
  • Release of upgrades which undo previously fixed issues
  • Wrong staff recruited
  • Wrong training provided
  • Incorrect policies and product or service reviews undertaken
  • Incorrect documentation supplied

These issues can result in:

  • Wasted effort and money
  • Late delivery of software, solutions and upgrades
  • Failure to meet service level agreements
  • Security flaws introduced which leave data and customers exposed
  • Safety issues introduced or not prevented which lead to personal injury or death

Although this might initially sound over-dramatic, a look through history at some of the disasters reported in the media, show this is not the case.  CM originated in the US Department of Defence and is one of the controls to help mitigate against the introduction of safety and security issues. CM includes:

  • Configuration Items – identification of artefacts along with details of what information to store and how to control it
  • Change Management – control of how, when, what and where changes take place along with review and oversight.
  • Version Control – controlling access to artefacts and maintaining a history of changes to each artefact.
  • Release Management – focus on the delivery of software, products and services outside of the departments and teams responsible for the development
  • Baseline – identified set of files and directories used for one specific complete configuration of the system
  • Branch – identifies the point in time where two independent configurations diverge. From this point, systems evolve independently, such as catering for bespoke customer requirements. Where historical problems are identified and fixed, the developers need to apply the fix to multiple branches.