Configuration Management – CMMI Level 2

For the next couple of months we’re going to look at the key process areas in Level to of the Capability Maturity Model.

To be successful and repeatable, an organization needs a solid foundation from which to work.  With configuration management, that means a standard environment for development, build and deployment.

Carnegie Mellon defines this KPA as:

The purpose of Configuration Management (CM) is to establish and maintain the integrity of work products using configuration identification, configuration control, configuration status accounting, and configuration audits.

CMMI has a few requirements and we’ll look at them:

  • SG 1 Establish Baselines
    • SP 1.1 Identify Configuration Items
    • SP 1.2 Establish a Configuration Management System
    • SP 1.3 Create or Release Baselines
  • SG 2 Track and Control Changes
    • SP 2.1 Track Change Requests
    • SP 2.2 Control Configuration Items
  • SG 3 Establish Integrity
    • SP 3.1 Establish Configuration Management Records
    • SP 3.2 Perform Configuration Audits

Since an organization has typically already started development, the first step is to see what is already in place and that starts with SP 1.1, Identify Configuration Items.  Namely, what hardware, software and possibly processes are already in use.

Then, SP 1.2 has you set up a process for documenting, and later track/control changes.  The system you put in place is up to you, but needs to include each baseline appropriate to a project.

SP 1.3, involves the documentation and its distribution of configurations.

With SG 2, we move forward into the implementation of the configurations and the tracking of any changes that become indicated through the work of development and deployment.

The checklist items SP 2.1 and 2.2 systematizes the change control process by formalizing changes to configurations by instituting change requests, their approval, documentation, distribution and implementation.

SG 3, is simply the records and audits of individual implementations.

By keeping records (SP 3.1), you have a ready record of what has been done and can be matched against the requirements established previously.

Audits (SP 3.2) ensure compliance to standards.  By verifying the environments involved, you guarantee compliance and repeatability.  This applies to the ongoing development of the product as well as, in the future, the maintenance of the product when “point” releases become necessary.

So Configuration Management is designed to keep all players on the same page throughout the product lifecycle.