- 1. Minimum Recommended Content
- 2. Rationale
- 3. Guidance
- 4. Small Projects
- 5. Resources
- 6. Lessons Learned
Return to 7.18 - Documentation Guidance
1. Minimum Recommended Content
- The project organization(s).
- Responsibilities of the software configuration management organization.
- References to the software configuration management policies and directives that apply to the project.
- All functions and tasks required to manage the configuration of the software, including configuration identification, configuration control, status accounting, and configuration audits and reviews.
- Schedule information, which establishes the sequence and coordination for the identified activities and for all events affecting the plan's implementation.
- Resource information, which identifies the software tools, techniques, and equipment necessary for the implementation of the activities.
- Plan maintenance information, which identifies the activities and responsibilities necessary to ensure continued planning during the life cycle of the project.
- Release management and delivery.
Configuration management is the "process of identifying and defining the configuration items in a system, controlling the release and change of these items throughout the system life cycle, recording and reporting the status of configuration items and change requests, and verifying the completeness and correctness of configuration items." 276 This work can only be properly accomplished if there exists a plan addressing all of these activities, which has been reviewed by an appropriate set of stakeholders and tailored for a specific project's needs.
The Software Configuration Management (SCM) Plan may be tailored by software classification. Goddard Space Flight Center's (GSFC's) 580-STD-077-01, Requirements for Minimum Contents of Software Documents, provides one suggestion for tailoring an SCM Plan based on the recommended contents and the classification of the software being developed.
When creating an SCM Plan, using a template ensures consistent plans for all projects at a Center. Consider the following guidance, listed by the recommended elements, to ensure that all content is properly addressed and tailored for the project:
Consider the following when writing the project organization section of the SCM Plan:
- Describe where SCM fits into the technical and managerial reporting chain of the project.
- Identify by role project personnel responsible for managing the SCM activities for the project.
- Identify by role those persons on the project who will carry out SCM activities for the project.
The responsibilities of the SCM organization include:
- Responsibilities for each role participating in SCM activities, including team personnel, leads, Change Control Board (CCB), quality assurance, managers, and any other roles relevant for the project.
- Responsibilities for carrying out each of the SCM functions defined in the SCM Plan.
- Responsibilities of each CCB established for the project, including references to their charters or other governing documents (purpose, objectives, scope of authority, duration of existence) and the hierarchy among the CCBs; charts or diagrams may be helpful here.
- CCB participants, either by project name and role or by individual names.
- CCB meeting schedules, if not captured elsewhere.
- Responsibilities for releasing software, if not captured elsewhere.
- Provider roles and integration of provider SCM into overall project SCM.
- Responsibilities for maintaining SCM tools.
References to SCM policies and directives
This section of the SCM Plan needs to list any specific SCM policies and directives that apply to or impact SCM for the project. Those policies and directives may be named in a reference section of the plan, so referring to that section may be appropriate. However, the impact of those policies and directives on SCM for the project is described here.
- Existing CCB procedures.
- Existing status accounting procedures.
- Existing configuration identification procedures.
- Existing audit procedures.
All functions and tasks required to manage the configuration of the software
This section of the plan describes configuration identification, configuration control, status accounting, and configuration audits and reviews. Guidance for each of these topics is found in the related requirements (see table below) in this Handbook.
This section of the SCM Plan describes how each of these SCM functions will be performed. Consider using a separate subsection for each of the four functions. As appropriate for the project, the following highlights are to be included but are not to be considered the only items to document:
- List of configuration items (or reference to where this list can be found or how it can be obtained).
- Naming convention for configuration items.
- Activities to define, track, store, and retrieve configuration items.
- Process for capturing a configuration item in the SCM system.
- How to request a change (how to enter a change request and transition it into the review and approval process).
- Levels of control for changes (CCBs).
- Activities for verifying and implementing an approved change.
- Schedule, purpose, responsible party for status accounting forms and reports, including metrics.
- Access to status accounting data.
- List, description, and purpose of planned SCM audits and reviews.
If the project uses data management in addition to SCM, those activities are described in this section of the SCM Plan, including:
- Receiving data.
- Cataloging data.
- Maintaining status records.
- Establishing and maintaining secure data access and control.
- Providing change control monitoring and review.
- Archiving data.
- Plans for backups and disaster recovery.
This section of the plan includes information necessary to describe the sequence and coordination for the identified activities and for all events affecting the plan's implementation (NPR 7150.2). The SCM schedule needs to coordinate with the project schedule, and this part of the SCM Plan shows that coordination. Graphics (timelines) may be useful.
Typically, configuration items are uncontrolled until some gate or milestone is reached, at which time they are required to be placed under configuration control. Each configuration item or group of items may have its own gate. Because those gates can be points in the project timeline, consider describing those gates in this section.
Also consider for the SCM schedule:
- Timeline or phase for creation of planned baselines.
- SCM audit schedule.
The resources section of the SCM Plan describes the software tools, techniques, and equipment that will be used to carry out SCM for the project. References to the relevant documentation for installing and using these tools is included, as well as the configuration controls for each tool.
Typical resources include:
- Personnel (note level of effort and any required training and/or qualifications).
- Tools for managing source code, documents, requirements, design, and any other configuration items.
- Tools for managing change requests if not integrated with the main configuration management tool.
- Tools for managing data not subject to configuration control and CCB change authority, such as meeting minutes, reports, action items, corrective actions.
- Manual procedures.
- Equipment to support or host SCM tools.
- Training for SCM personnel.
The maintenance section provides information such as:
- History of changes.
- Role responsible for monitoring the SCM Plan.
- Frequency of scheduled updates.
- Process for evaluating and approving changes to the SCM Pan.
- Process for implementing and communicating approved changes to the SCM Plan.
Release management and delivery
NASA-GB-8719.13, NASA Software Safety Guidebook, 276 states: "Configuration Management should act as the sole distributor of media and documentation for all system tests and for delivery to [sub]system integration and testing. Pulling the latest program off the developer's machine is not a good idea. One aspect of system testing is repeatability, which can only be assured if the software under test comes from a known, and fixed, source." 276
The release management and delivery activity is described in this portion of the SCM Plan (see SWE-085 for release management guidance), including formal control of the build, release, and delivery of software products and documentation.
Additional guidance related to the content of the configuration management plan may be found in the following requirements in this Handbook:
4. Small Projects
Configuration management activities are based on risk, so projects designated small by size of the team or budget need to ensure that their Software Configuration Management (SCM)Plans include all the recommended content, while including only those processes and the associated structure necessary to manage project risk. This might mean planning to use simpler tools or fewer personnel (filling multiple roles) to carry out the SCM processes. It could also mean planning to use a single tool for multiple purposes to reduce tool management and overhead.
Small projects may not require the formality of a separate SCM Plan; instead, SCM planning may be documented as a section of the project's Software Management Plan. Alternatively, one master SCM Plan may document configuration management for multiple small projects.
NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN.
The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool. The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider.
6. Lessons Learned
6.1 NASA Lessons Learned
- Place Flight Scripts Under Configuration Management Prior to ORT (Project attention to configuration control). Lesson Number 2476 574: "Project attention to the configuration control of flight scripts is likely to prevent the generation of unnecessary software iterations, improve the rigor of mission system engineering processes, and ensure consistency in the test and operations environments."
6.2 Other Lessons Learned
No other Lessons Learned have currently been identified for this requirement.