4.1.4 The project shall establish and implement procedures designating the levels of control each identified configuration item must pass through; the persons or groups with authority to authorize changes and to make changes at each level; and the steps to be followed to request authorization for changes, process change requests, track changes, distribute changes, and maintain past versions. NPR 7150.2, NASA Software Engineering Requirements, does not include any notes for this requirement. Classes G and H are labeled with "P (Center)." This means that an approved Center-defined process which meets a non-empty subset of the full requirement can be used to achieve this requirement. Class A_SC A_NSC B_SC B_NSC C_SC C_NSC D_SC D_NSC E_SC E_NSC F G H Applicable? P(C) P(C) Key: A_SC = Class A Software, Safety-Critical | A_NSC = Class A Software, Not Safety-Critical | ... | - Applicable | - Not Applicable Configuration control helps ensure that changes are managed in a structured way, that the impact of changes is assessed before those changes are implemented, and that changes are authorized before being implemented. Using various levels of control can reduce the time and effort it takes to disposition a change request based on the criticality and range of the affect of the change. Less critical or risky changes can use a lower level of authority to make decisions about those changes while more critical or far-reaching changes can require authorization from a more formal body with a broader view of the system. Configuration control procedures are important because they help ensure that arbitrary changes are avoided and that the team understands how changes are to be managed for the project. The configuration management (CM) plan documents the configuration control and change authorization procedures (see SWE-079 and SWE-103). When developing these procedures, all of the following topics are included: levels of control, change authority, authorization requests, change request process, and version maintenance. The STEP Level 2 Software Configuration Management and Data Management course 343 taught by the Westfall Team includes recommendations and suggestions for change control, some of which is summarized in this guidance. Each identified configuration item (CI) has a defined level of control for making changes to that item. Documentation might have one level of change control, while source code might require a different level of control. For each identified CI or group/class of items, the change control procedures identify the appropriate level of control. Consider the following when defining levels of configuration control: Change control procedures include defining the persons or groups with authority to authorize changes and to make changes at each level. Examples of change authority include CCBs, Change Authorization Board (CAB), Engineering Change Boards (ECBs), peer review teams, project manager, etc. The change approval authority may be determined by the complexity, cost, risk, or effect of the change. When defining the change authority, consider the following: Change control procedures include steps to be followed to request authorization for changes. Consider the following when documenting the steps to request authorization for making a change: The change request process consists of three steps described in the change control procedures: Change request processing, tracking changes, and distributing changes. When developing procedures for processing change requests, consider: A sample process flow might look like this chart adapted from the STEP Level 2 Software Configuration Management and Data Management course: 343 When developing procedures for tracking changes, consider: When developing procedures for distributing changes, consider: When developing procedures for maintaining past versions of the software, consider: Consult Center Process Asset Libraries (PALs) for Center-specific guidance and resources related to configuration control and authorizing changes. Additional guidance related to authorizing changes may be found in the following related requirements in this Handbook: For projects with a small staff size, the change authority or Configuration Control Board (CCB) for baselines and modifications to CIs may be a single person with the proper vision and oversight, such as the software manager, systems manager, product development lead, etc. Small projects with limited budget or limited access to complex or expensive change request tools may choose to use a simpler spreadsheet tools such as the Change Request Log Template 011 or the Problem Report Tool developed at Goddard Space Flight Center (GSFC) (see the Tools Table under the
Resources section of this SWE) to manage change requests, authorizations, and obtain associated metrics. Tools to aid in compliance with this SWE, if any, may be found in the Tools Library in the NASA Engineering Network (NEN). NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN. The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool. The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider. A documented lesson from the NASA Lessons Learned database notes the following related to configuration change control. The lesson discusses hardware configuration control in the details, but the ultimate lesson learned could also apply to software:
See edit history of this section
Post feedback on this section
1. Requirements
1.1 Notes
1.2 Applicability Across Classes
X - Applicable with details, read above for more | P(C) - P(Center), follow center requirements or procedures2. Rationale
3. Guidance
Levels of control
Change authority
Authorization requests
Change request process
Version maintenance
4. Small Projects
5. Resources
5.1 Tools
6. Lessons Learned
SWE-082 - Authorizing Changes
Web Resources
View this section on the websiteUnknown macro: {page-info}