ASQ-Q10007-2003.pdf

AMERICAN NATIONAL STANDARD Quality management systems Guidelines for configuration management AMERICAN SOCIETY FOR QUALITY P.O. BOX 3005 MILWAUKEE, WI 53201-3005 ANSI/ISO/ASQ Q10007-2003 -,-,- AMERICAN NATIONAL STANDARD Quality management systems Guidelines for configuration management Approved as an American National Standard by: American Society for Quality April 26, 2006 American National Standards: An American National Standard implies a consensus of those substantially concerned with is scope and provisions. An American National Standard is intended as a guide to aid the manufacturer, the consumer, and the general public. The existence of an American National Standard does not in any respect preclude anyone, whether he or she has approved the standard or not, from manufacturing, purchasing, or using products, processes, or procedures not conforming to the standard. American National Standards are subject to periodic review and users are cautioned to obtain the latest edition. Caution Notice: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that action be taken to reaffirm, revise, or withdraw this standard no later than five years from the date of publication. Purchasers of American National Standards may receive current information on all standards by calling of writing the American National Standards Institute. ANSI/ISO/ASQ Q10007-2003 -,-,- © 2006 by ASQ Copyright Protection Notice for the ANSI/ISO/ASQ Q10007-2003 Standard. This standard is subject to copyright claims of ISO, ANSI, and ASQ. Not for resale. No part of this publication may be reproduced in any form, including an electronic retrieval system, without the prior written permission of ASQ. All requests pertaining to the ANSI/ISO/ASQ Q10007-2003 Standard should be submitted to ASQ. Note: As used in this document, the term “International Standard” refers to the American National Standard adoption of this and other International Standards. ASQ will consider requests for change and information on the submittal of such requests regarding this Standard. All requests should be in writing to the attention of the Standards administrator at the address below. ASQ Mission: The American Society for Quality advances individual and organizational performance excellence worldwide by providing opportunities for learning, quality improvement, and knowledge exchange. Published by: ANSI/ISO/ASQ Q10007-2003 -,-,- Also available from ASQ Quality Press: The Certified Manager of Quality/Organizational Excellence Handbook, Third Edition Russell T. Westcott, editor The Quality Toolbox, Second Edition Nancy R. Tague The Quality Improvement Handbook, Second Edition ASQ Quality Management Division and John E. Bauer, Grace L. Duffy, Russell T. Westcott, editors Making Change Work: Practical Tools for Overcoming Human Resistance to Change Brien Palmer Business Performance through Lean Six Sigma: Linking the Knowledge Worker, the Twelve Pillars, and Baldrige James T. Schutta How to Audit the Process-Based QMS Dennis R. Arter, Charles A. Cianfrani, and John E. (Jack) West Unlocking the Power of Your QMS: Keys to Business Performance Improvement John E. (Jack) West and Charles A. Cianfrani Root Cause Analysis: Simplified Tools and Techniques, Second Edition Bjørn Andersen and Tom Fagerhaug The Practical Guide to People-Friendly Documentation Adrienne Escoe, Ph.D. Avoiding the Corporate Death Spiral: Recognizing and Eliminating the Signs of Decline Gregg Stocker To request a complimentary catalog of ASQ Quality Press publications, call 800-248-1946, or visit our Web site at http:/qualitypress.asq.org. ANSI/ISO/ASQ Q10007-2003 -,-,- (This page is intentionally left blank.) -,-,- iii Contents Page Forewordiv Introduction v 1 Scope1 2 Normative references .1 3 Terms and definitions.1 4 Configuration management responsibility.2 4.1 Responsibilities and authorities2 4.2 Dispositioning authority.2 5 Configuration management process 3 5.1 General.3 5.2 Configuration management planning.3 5.3 Configuration identification.3 5.4 Change control4 5.5 Configuration status accounting.6 5.6 Configuration audit.7 Annex A (informative) Structure and content of a configuration management plan.8 Bibliography .10 ANSI/ISO/ASQ Q10007-2003 -,-,- iv Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 10007 was prepared by Technical Committee ISO/TC 176, Quality management and quality assurance, Subcommittee SC 2, Quality systems. This second edition cancels and replaces the first edition (ISO 10007:1995), which has been technically revised. This edition has sought to improve the alignment of ISO 10007 with the ISO 9000 family of International Standards and to simplify the structure of the document. ANSI/ISO/ASQ Q10007-2003 -,-,- v Introduction The purpose of this International Standard is to enhance common understanding of the subject, to promote the use of configuration management, and to assist organizations applying configuration management to improve their performance. Configuration management is a management activity that applies technical and administrative direction over the life cycle of a product, its configuration items, and related product configuration information. Configuration management documents the product s configuration. It provides identification and traceability, the status of achievement of its physical and functional requirements, and access to accurate information in all phases of the life cycle. Configuration management can be implemented based on the size of the organization and the complexity and nature of the product. Configuration management can be used to meet the product identification and traceability requirements specified in ISO 9001. ANSI/ISO/ASQ Q10007-2003 -,-,- INTERNATIONAL STANDARD ANSI/ISO/ASQ Q10007-2003 1 Quality management systems Guidelines for configuration management 1 Scope This International Standard gives guidance on the use of configuration management within an organization. It is applicable to the support of products from concept to disposal. It first outlines the responsibilities and authorities before describing the configuration management process that includes configuration management planning, configuration identification, change control, configuration status accounting and configuration audit. Since this International Standard is a guidance document, it is not intended to be used for certification/registration purposes. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 9000:2000, Quality management systems Fundamentals and vocabulary 3 Terms and definitions For the purposes of this document, the definitions given in ISO 9000 and the following apply. 3.1 change control activities for control of the product after formal approval of its product configuration information (3.9) 3.2 concession permission to use or release a product that does not conform to specified requirements NOTE 1 A concession is generally limited to the delivery of the product that has nonconforming characteristics within specified limits for an agreed time or quantity of that product. ISO 9000:2000, definition 3.6.11 NOTE 2 Concessions do not affect the configuration baseline (3.4) and include permission to produce a product that does not conform to specified requirements. NOTE 3 Some organizations use terms such as “ waivers” or “ deviations” instead of “ concession” . 3.3 configuration interrelated functional and physical characteristics of a product defined in product configuration information (3.9) -,-,- 2 3.4 configuration baseline approved product configuration information (3.9) that establishes the characteristics of a product at a point in time that serves as reference for activities throughout the life cycle of the product 3.5 configuration item entity within a configuration (3.3) that satisfies an end use function 3.6 configuration management coordinated activities to direct and control configuration NOTE Configuration management generally concentrates on technical and organizational activities that establish and maintain control of a product and its product configuration information (3.9) throughout the life cycle of the product. 3.7 configuration status accounting formalized recording and reporting of product configuration information (3.9), the status of proposed changes and the status of the implementation of approved changes 3.8 dispositioning authority person or a group of persons assigned responsibility and authority to make decisions on the configuration (3.3) NOTE 1 Dispositioning authority can also be called a “ configuration control board” . NOTE 2 Relevant interested parties within and outside the organization should be represented on the dispositioning authority. 3.9 product configuration information requirements for product design, realization, verification, operation and support 4 Configuration management responsibility 4.1 Responsibilities and authorities The organization should identify and describe responsibilities and authorities related to the implementation and verification of the configuration management process. The following should be considered: ? the complexity and nature of the product; ? the needs of the different product life cycle stages; ? the interfaces between activities directly involved in the configuration management process; ? the other relevant interested parties that may be involved, within and outside the organization; ? the identification of the responsible authority for verifying implementation activities; ? the identification of the dispositioning authority. 4.2 Dispositioning authority Prior to approval of a change, the dispositioning authority should verify that ? the proposed change is necessary, and the consequences would be acceptable, ANSI/ISO/ASQ Q10007-2003 -,-,- 3 ? the change has been properly documented and categorized, and ? the planned activities for the implementation of the change into documents, hardware and/or software are satisfactory. 5 Configuration management process 5.1 General The activities that are performed within the configuration management process are described below. It is essential that these activities be coordinated for this process to be effective. The configuration management process should focus on customer requirements for the product and should take into account the context in which it will be performed. The configuration management process should be detailed in a configuration management plan. This should describe any project-specific procedures and the extent of their application during the life cycle of the product. 5.2 Configuration management planning Configuration management planning is the foundation for the configuration management process. Effective planning coordinates configuration management activities in a specific context over the product life cycle. The output of configuration management planning is the configuration management plan. The configuration management plan for a specific product should ? be documented and approved, ? be controlled, ? identify the configuration management procedures to be used, ? make reference to relevant procedures of the organization wherever possible, and ? describe the responsibilities and authorities for carrying out configuration management throughout the life cycle of the product. The configuration management plan may be a stand-alone document, or a part of another document, or composed of several documents. In some situations, the organization will need to require a supplier to provide a configuration management plan. The organization may wish to retain such plans either as stand-alone documents or to incorporate them into its own configuration management plan. Annex A describes a potential structure and content for a configuration management plan. 5.3 Configuration identification 5.3.1 Product structure and selection of configuration items The selection of configuration items and their inter-relationships should describe the product structure. Configuration items should be identified using established selection criteria. Configuration items should be selected whose functional and physical characteristics can be managed separately to achieve the overall end- use performance of the item. Selection criteria should consider ? statutory and regulatory requirements, ANSI/ISO/ASQ Q10007-2003 -,-,- 4 ? criticality in terms of risks and safety, ? new or modified technology, design or development, ? interfaces with other configuration items, ? procurement conditions, and ? support and service. The number of configuration items selected should optimize the ability to control the product. The selection of configuration items should be initiated as early as possible in the product life cycle. The configuration items should be reviewed as the product evolves. 5.3.2 Product configuration information Product configuration information comprises both product definition and product operational information. This typi