Enterprise Software

A five-step model for configuration management

There are two meanings for the project management process of configuration management.

1.      It can be used for the process of identifying, tracking, and managing of all the physical assets of a project. The items that you track under configuration management are called "configuration items" in the Capability Maturity Model (CMMI).

2.      It can also refer to the process of identifying, tracking and managing of all the characteristics of the assets of a project. These characteristics can also be referred to as product "metadata." This is closer to the definition of configuration management in the Project Management Body of Knowledge (PMBOK®) from the Project Management Institute.

The following model describes the five major aspects of configuration management.

Planning. You need to plan ahead to create the processes, procedures, tools, files, and databases for managing the project assets or the metadata. You also may need to gain an agreement on exactly what assets are important, how you will define them, how they will be categorized, classified, numbered, reported, etc. The results of this up-front planning are documented in a Configuration Management Plan.

Part of your planning process should be to assign configuration tracking numbers to each type of configuration item.

Tracking. It's important to understand the baseline for all configuration items. In other words, for each configuration item, you need to understand what you have at the beginning of the project. In many cases, you may have nothing to start with. In other cases, like physical assets, you may have some assets to begin with. The purpose of your tracking processes is to ensure that you can track all changes to a configuration item throughout the project.

You need processes and systems designed to identify when assets are assigned to your project, where they go, what becomes of them, who is responsible for them and how they're disposed of. Since a project has a beginning and end, ultimately all the assets need to go somewhere. This could be in a final deliverable, into the operations/support area, scrapped, etc. You should be able to dissect each major deliverable of the project and show where all the pieces and parts came from, and where they reside after the project ends.

Managing. Managing assets means ensuring that they're secure, protected, and used for the right purposes. For example, it doesn't do any good to track purchased assets that your project doesn't need in the first place. Also, your tracking system may show expensive components sitting in an unsecured storage room, but is that really the proper place for them? Managing assets has to do with acquiring what you need and only what you need. You also have to make sure you have the right assets at the right place at the right time. Reporting. You need to be able to report on the project assets, usually in terms of what you have and where they are, as well as financial reporting that can show cost, budget, depreciation, etc. Auditing. Auditing involves validating that the actual configuration elements (whatever they are) at any given time are the same as what you expect. Many projects get in trouble when they start to lose track of physical assets (for instance, material, supplies, code or other configuration items) or if the physical characteristics (metadata) of your deliverables is different that what you expect.

The auditing process is used to validate that the configuration elements match up with your expectations. These expectations are based on the original baseline, plus any change requests that you have processed up to the current time.


If an organization can support full-blown project management, then should also have in a place a Configuration Management Database (CMDB), whether it's one vast data store or several federated ones. Nearly all CMDBs I've come across provide capability for linking (aka 'relating') a project to a CI. What I think adds to folk's confusion around configuration management concepts is the way in which the same terms are used by different disciplines. A case in point would be this 'configuration management plan'. ITIL uses this term to mean a (living) document that details the scope, depth and structure of your CMDB, along with the activities, their schedule and the roles/responsibilities who perform them in support of configuration management. That's quite different from Tom's use of the term in this PM-focused article.


This does not relate to the DoD view of Configuration Management that has been around for half a century - without the current buzzwords.


While maintaining the documentaion baseline is implied in the article I wanted explicitly state that configuration management ensures the required, appropriate, and delivered documentation that characterize the software, system, application , etc. is developed, accessible, maintained, and useable. All too often documentation is an afterthought when the project is nearly depleted of funds. All too often this ultimately leads to project failure because no one other than the developers have an understanding of what was developed which leaves the product user totally dependent upon support staff to obtain assistance. Proper documentation should begin with any feasibility study/initial capabilities document and in the case of systems engineering should minimally include a concept of operations, requirements/specifications, systems engineering plan, data management plan, security plan, user guide, test plan/results and V&V/quality documentation. Much of this should be written before any unit testing is done so the documentation can be part of the testing. Enough said: document, document, document. Allen Hess Systems Engineer/Consultant

Editor's Picks