Appendix X SCM Guidance for Achieving the Repeatable Level on the Software

INTRODUCTION

Scope

This document provides information and guidance to personnel involved in SCM of computer software. This document assumes that each project performs the tasks listed below.

  1. Implements SCM for the full life cycle of the product
  2. Assigns a manager with specific SCM responsibilities.
  3. Requires contractors who produce software products to implement SCM to at least the same degree as the approved project SCMP and procedures and comply with other instructions of the SCMP

The activities in the SCM process outlined in this document are not sequential. More than one activity may be accomplished at the same time; an activity begins when the entry criteria are met, controls are imposed on the activity, inputs are provided so that action(s) can be taken, and an identified individual(s) or groups clearly understand their roles and responsibilities for accomplishing the process activity and/or generating an output.

Purpose

The purpose of this document is to describe the process activities common to all organizations required to Provide SCM Support. The title of each process appears in boldface throughout this document to aid in identification of the process activity. This document identifies and describes an SCM process to achieve a repeatable level of SCM maturity. Repeatability requires that: "Basic project management processes are established to track cost, schedule, and functionality. The necessary process discipline is in place to repeat earlier successes on projects with similar applications." [1]

To further assist in a repeatable SCM process, two additional documents have been developed based on the information contained within this document: (1) a Generic SCMP used to generate an SCMP that is project specific and (2) a Sample DTP describing a configuration control task. The sample DTP includes information to guide an author through the development of task-specific DTP.

Document Overview

This document is intended to provide an overview of a repeatable process(es) that SCM personnel can use in providing SCM support to a project. It describes the SCM process down to project-specific activities. This document describes the responsibilities of SCM personnel and the tasks associated with each SCM activity.

Figure X1 is a sample control activity diagram. Control to an activity is indicated by an arrow entering the top of the box. Input to an activity is indicated by an arrow entering the left-side of the box. Output from an activity is indicated by an arrow exiting from the right side of the box.


Figure X1: Sample Control Activity Diagram

Figure X2 identifies SCM interfaces. It shows (1) identified external sources that interface with SCM, (2) inputs provided to the process activity that Provide SCM Support , and (3) outputs generated by SCM as a result of Provide SCM Support . The external sources shown in Figure X2 will be updated as other interfaces are identified.

click to expand
Figure X2: Identified SCM Interfaces

Figure X3 is a diagram of the SCM Process Definition. Each box in the diagram represents a process activity and is identified by a title of the activity and a label identifier (the letter A followed by a numeric identifier). The first-level activity is titled Provide SCM Support and labeled A0 (Figure X3a). The second level of Provide SCM Support is comprised of two activities: Manage SCM (labeled A1; Figure X3b) and Perform SCM (labeled A2; Figure X3b). Third-level activities, derived from A1, are Create and Maintain Project SCMP (labeled A11; Figure X3c), Manage Implementation of SCMP (labeled A12; Figure X3c), and Provide SCM Training (labeled A13; Figure X3c). Third-level activities, derived from A2, are Perform Configuration Identification (labeled A21; Figure X3d), Perform Configuration Control (labeled A22; Figure X3d), Perform Configuration Status Accounting (labeled A23; Figure X3d), and Perform Configuration Audits and Reviews (labeled A24; Figure X3d). Fourth-level activities, derived from A12, are Manage SCM Tasks (labeled A121; Figure X3e), Create and Maintain DTP (labeled A122; Figure X3e), and Manage Resources and Personnel to Perform SCM (labeled A123; Figure X3e).

click to expand
Figure X3a: SCM Process Definition Diagram ” Level 0 ” SCM Process

click to expand
Figure X3b: SCM Process Definition Diagram ” Level 1 ” Provide SCM Support

click to expand
Figure X3c: SCM Process Definition Diagram ” Level 2 ” Manage SCM

click to expand
Figure X3d: SCM Process Definition Diagram ” Level 2 ” Perform SCM (Cont'd)

click to expand
Figure X3e: SCM Process Definition Diagram ” Level 3 ” Manage Implementation of SCMP

This document is organized into the sections listed below.

  • Section 1 provides the scope and purpose of this document.
  • Section 2 lists the government standards and other publications referenced in this document and used in its preparation.
  • Section 3 lists the configuration management (CM) terms and definitions as they are used in this document. To effectively use this document, the reader should first become familiar with the definitions.
  • Section 4 describes the process activities. The following provides the format definitions for describing a process activity of the SCM Process Definition and the diagram in Figure X3.

    • Purpose: the objective of the process activity. If a subprocess activity exists, the details are described in that specific paragraph description.
    • Role and responsibility: the responsibilities of individuals or groups for accomplishing a process activity.
    • Entry criteria: the elements and conditions necessary to be in place to begin a process activity. Reading lower-level activities assumes that the entry criteria for all higher-level activities have been satisfied.
    • Control: data that constrains or regulates a process activity. Controls regulate the transformation of inputs into outputs.
    • Input: data or material with which a process activity is performed.
    • Process activity: actions to transform an input, as influenced by controls, into a predetermined output.
    • Output: data or material produced by or resulting from a process activity. It must include the input data in some form. The output title differs from the input title in order to indicate that an activity has been performed.
    • Exit criteria: elements and/or conditions necessary to be in place to complete a process activity.
  • Appendix A contains a list of all acronyms and abbreviations and their definitions used in this document.
  • Appendix B contains a traceability matrix between the process activities defined in this document and the SCM Briefing Evaluation Check Sheet for Level 2, Repeatability.

[1] Key Practices of the Capability Maturity Model, Version 1.1, February 1993.


TERMS AND DEFINITIONS

The terms and definitions listed below are provided as an aid to understanding and applying the SCM principles and processes used to manage software development and testing efforts.

Audit

An independent examination of a work product or set of work products to assess compliance with specifications, standards, contractual agreements, or criteria.

Audit reports

Independent group findings that are the results of reviewing compliance with specifications, standards, contractual agreements, or other specified criteria.

Baseline

A configuration identification document or set of such documents formally designated and fixed at a specific time during the configuration item's (CI's) life cycle. Baselines, plus approved changes from those baselines, constitute the current configuration identification.

Capability Maturity Model (CMM)

A Software Engineering Institute document that describes the stages that software organizations evolve as they define, implement, measure, control, and improve their software processes. The model is a guide for selecting the process improvement strategies by facilitating the determination of current process capabilities and identification of the issues most critical to software quality and process improvement.

Change Request (CR)

Reports of deficiencies or enhancements generated against product Computer Software Configuration Items (CSCIs) or technical data; a document that requests a correction or change to the baselined documentation or software. Examples are Software Change Proposals, Software Trouble Reports, Software Problem Reports, Engineering Change Proposals, and other local forms that communicate problems in a product. A CR becomes "controlled" when the master copy of the CR is received, processed , and maintained by the SCM organization (e.g., SCM assigns a tracking number or identifier, enters the information into the configuration status accounting [CSA] system, distributes copies, files, ensures updates to master copy by authorized personnel, etc.).

Configuration Audit

A formal examination of a CSCI. Two types of configuration audits exist: the Functional Configuration Audit (FCA) and the Physical Configuration Audit (PCA). (See Appendices V and W.)

Configuration Control

The systematic proposal, justification, evaluation, coordination, and approval or disapproval of proposed changes, and the implementation of all approved changes in the configuration of a CI after establishment of the baseline(s) for the CI.

Configuration Identification

The selection of CIs; the determination of the types of configuration documentation required for each CI; the issuance of numbers and other identifiers affixed to the CIs and to the technical documentation that defines the CI's configuration, including internal and external interfaces; the release of CIs and associated configuration documentation; and the establishment of configuration baselines for CIs.

Controlled CR

Maintenance of the master copy of the CR.

Computer Software Configuration Item (CSCI)

A CI that is software.

Configuration Status Accounting (CSA)

The recording and reporting of information needed to manage CIs effectively, including:

  • A record of the approved configuration documentation and identification numbers
  • The status of proposed changes, deviations, and waivers to the configuration
  • The implementation status of approved changes
  • The configuration of all units of the CI in the operational inventory

CSA Reports

Formatted output of the CSA system database.

Desktop Procedure (DTP)

Step-by-step instructions describing a course of action to be taken to perform a given process.

End Product

The authorized and approved complete set, or any of the authorized and approved individual items of the set, of computer programs, procedures, and associated documentation and data designated for delivery to a customer or end user .

Field Activity

A designated government agency that performs a task in accordance with a contractual agreement with a sponsoring government organization.

Identified CR

A CR to which a tracking number has been assigned.

Life Cycle

A generic term covering all phases of acquisition, operation, and logistics support of an item beginning with concept definition and continuing through disposal of an item.

Nondevelopmental Software (NDS)

Deliverable software that is not delivered under the contract but is provided by the contractor, the government, or a third party. NDS may be referred to as reusable software, government-furnished software, or commercially available software, depending on its source.

Personnel

A pool of potential workers available to perform SCM tasks. "Defined personnel" are individuals who have been selected to staff or support SCM tasks . "Trained personnel" are individuals having the knowledge, skills, and abilities required to perform SCM tasks.

Program Management

The government organization sponsoring the field activity project office.

Project Management

The designated government organization from the field activity project office responsible for the overall management of specific projects.

Repeatable

Basic project management processes are established to track cost, schedule, and functionality. The necessary process discipline is in place to repeat earlier successes on projects with similar applications.

Requirements

Direction provided by standards, specifications, instructions, etc.; by data item descriptions; and by program management or field activity.

Resources

Funding, facilities, tools, and nondevelopmental software as determined on a project-by-project basis. Personnel have been separated from resources to highlight the training aspects related to personnel. "Defined resources" are identified resources such as funding, facilities, tools, and nondevelopmental software allocated to perform any given SCM task.

Review Reports

Findings of an internal SCM or independent group that result from informal checks of SCM procedures or of formal reviews by Software Quality Assurance (SQA).

Retired

The removal of support from an operational system or component.

Software Configuration Control Board (SCCB)

A group of individuals responsible for and empowered by project management to evaluate and make decisions that affect software baselines.

Software Configuration Management (SCM)

A discipline that applies technical and administrative direction and surveillance to perform the functions listed below:

  • Identify and document the functional and physical characteristics of CSCIs.
  • Control the changes to CSCIs and their related documentation.
  • Record and report information needed to manage CSCIs effectively, including the status of proposed changes and the implementation status of approved changes.
  • Audit the CSCIs to verify conformance to specifications, interface control documents, and other contract requirements.

SCM Deficiency Reports

Problems or enhancements that are written against SCM tools, processes, procedures, and CSA reports. The SCM manager remains cognizant of these reports until resolution.

SCM Plan (SCMP)

The document defining how SCM will be implemented (including policies and procedures) for a particular acquisition or program.

Software Product

The complete set, or any of the individual items of the set, of computer programs, procedures, and associated documentation and data designated for delivery to a customer or end user.

Software-Related Group

Project members responsible for generating requirements, design, development, validation, verification, documentation, maintenance, and logistics of software.

Software Release

An end product delivered to a customer, including end-user documentation.

Software Unit

An element in the design of a software item; for example, a major subdivision of a software item, a component of that subdivision, a class, object, module, function, routine, or database. Software units may occur at different levels of a hierarchy and may consist of other software units. Software units in the design may or may not have a one-to-one relationship with the code and data entities (routines, procedures, databases, data files, etc.) that implement them or with the computer files containing those entities.

Tasks

Well-defined units of work that provides configuration management guidelines to accomplish given requirements.

Technical Data

Recorded information (regardless of the form or method of recording) of a scientific or technical nature (including computer software documentation) relating to supplies procured by an agency. Technical data does not include computer software, financial data, administrative data, cost data, pricing data, management data, or other information incidental to contract administration.


PROVIDE SCM SUPPORT

a Purpose

The purpose of this process activity (A0) is to establish and maintain a product's integrity throughout its life cycle. SCM support will be provided through implementation of the process included in the tasks listed below.

  1. Manage SCM.
  2. Perform SCM.

b Roles and Responsibilities

The following are responsible for Provide SCM Support :

Role

Responsibility

Program Management

Provide technical data and requirements to SCM.

Provide resources for SCM.

Project Management

Provide technical data and requirements to SCM.

Provide resources for SCM.

Establish (project level) SCCB, appoint chairperson.

Review SCM activity status and aid in problem resolution for audit findings.

Assign SCM manager with specific SCM responsibilities.

SCM Manager

Manage SCM

Establish SCM organization to perform SCM.

SCM Organization

Implement and perform SCM throughout the life cycle of the software product.

c Entry Criteria

SCM support is initiated upon project authorization.

d Control

Controls for this activity are listed below.

  1. Requirements determine the scope and depth of SCM responsibilities.
  2. The Generic SCMP provides a basis for a project SCMP.
  3. The Sample DTP provides the basis for developing detailed instructions required to complete SCM tasks.

e Input

Inputs to this activity are listed below.

  1. CSCI
  2. Technical Data
  3. CSCI Requests
  4. Technical Data Requests
  5. CRs
  6. Resources
  7. Personnel
  8. SCCB Decisions
  9. CSA Requests

f Process Activities

The process activities for Provide SCM Support are as follows :

  1. Technical data, resources, personnel, and SCCB decisions are used to create and implement the project SCMP and DTP.
  2. Technical data, resources, personnel, SCCB decisions, and CRs that affect SCM requirements may require changes to maintain a current SCMP and DTP.
  3. SCCB decisions and CRs are used to identify and track the creation and modification of products.
  4. CSCI and technical data requests are processed by SCM to supply the requested CSCI and technical data.
  5. CSA requests are processed to produce reports .
  6. Technical data, SCMP, tasks, and DTP are audited and reviewed with results documented in audit and review reports.

g Output

Outputs of this activity are listed below.

  1. Project SCMP
  2. Controlled CSCI
  3. Controlled CRs
  4. Controlled Technical Data
  5. CSA Reports
  6. Audit Reports
  7. Review Reports
  8. SCM Deficiency Reports
  9. Software Release
  10. DTP

h Exit Criteria

Retiring a software product satisfies the exit criteria.

3.1 Manage SCM (A1)

3.1a Purpose

The purpose of this process activity (A1) is to manage SCM support. SCM is managed through the functions listed below.

  1. Create and Maintain the Project SCMP.
  2. Manage Implementation of the SCMP.
  3. Provide SCM Training.

3.1b Role and Responsibility

The following is responsible for Manage SCM :

Role

Responsibility

SCM Manager

Create and maintain the project SCMP.

Identify tasks to be accomplished.

Oversee generation, implementation, and maintenance of DTP in accordance with the project SCMP.

Provide SCM training.

Evaluate and use measurements gathered against the SCM procedures to improve the processes.

Periodically review and provide status on SCM activities with field activity management.

Respond to audit and review findings on SCM activities.

Interface with appropriate internal and external agencies.

3.1c Entry Criteria

An individual is assigned the responsibilities of SCM Manager to provide SCM support to the project.

3.1d Control

Controls for this activity are listed below.

  1. Requirements determine the SCM responsibilities.
  2. The Generic SCMP provides a basis for a project-specific SCMP.
  3. The Sample DTP provides the basis for developing detailed instructions required to complete SCM tasks.

3.1e Input

Inputs to this activity are listed below.

  1. Technical data.
  2. Resources
  3. Audit Reports
  4. Review Reports
  5. Trained Personnel
  6. Defined Personnel
  7. SCM Deficiency Reports
  8. Identified Tasks
  9. Defined Resources
  10. Personnel

3.1f Process Activities

The process activities for Manage SCM are as follows:

  1. Oversee the creation, implementation, and maintenance of the project SCMP and DTP. Identify the tasks to be accomplished.
  2. Provide for the training of personnel as required for the project to perform the SCM activities.

3.1g Output

Outputs from this activity are listed below.

  1. Project SCMP
  2. Identified Tasks
  3. DTP
  4. Defined Resources
  5. Defined Personnel
  6. Trained Personnel

3.1h Exit Criteria

Retiring a software product satisfies the exit criteria.

3.1.1 Create and Maintain Project SCMP (A11)

3.1.1a Purpose

The purpose of this process activity (A11) is to document the plan that defines how configuration management will be implemented for a project, submit the plan for program management and SCCB approval, and update the plan to reflect current project requirements, processes, and practices.

3.1.1b Roles and Responsibilities

The following are responsible for Create and Maintain Project SCMP :

Role

Responsibility

Program Management

Provide overall approval to the project SCMP as approved by the SCCB.

SCCB

Approve the project SCMP and changes to the baselined project SCMP.

SCM Manager

Oversee creation, implementation, and maintenance of the project SCMP throughout the product's life cycle.

Place the approved project SCMP under configuration control.

Software- Related Groups

Review project SCMP and updates.

3.1.1c Entry Criteria

The SCM Manager has the following sources available:

  1. Identified SCM interfaces within the project organization and within external organizations.
  2. The Generic SCMP is used as a template in the development of a project SCMP.
  3. Technical data outlining project requirements.

3.1.1d Control

Controls of this activity are listed below.

  1. Requirements determine the scope and depth of SCM responsibilities.
  2. The Generic SCMP provides a basis for the creation and maintenance of a project SCMP.

3.1.1e Input

Inputs to this activity are listed below.

  1. Technical Data
  2. Resources
  3. Audit Reports
  4. Review Reports
  5. Trained Personnel

3.1.1f Process Activities

The process activities for Create and Maintain Project SCMP are as follows:

  1. Use the inputs of technical data, resources, and personnel as stated by the requirements and the Generic SCMP to manage the creation of a project SCMP.
  2. Review and respond to audit and review reports to maintain the project SCMP. Technical data, resources, and personnel as stated in the requirements and the Generic SCMP are also used to maintain the project SCMP.
  3. Submit the project SCMP to program management and SCCB for approval. Place the approved project SCMP under configuration control.

3.1.1g Output

  1. A project SCMP
  2. Identified Tasks

3.1.1h Exit Criteria

Approval of the SCMP and subsequent updates throughout the product's life cycle satisfy the exit criteria.

3.1.2 Manage Implementation of SCMP (A12)

3.1.2a Purpose

The purpose of this process activity (A12) is to ensure implementation of SCM tasks and DTP in accordance with the project SCMP and to use resources and personnel in accomplishing SCM activities.

3.1.2b Role and Responsibility

The following is responsible for Manage Implementation of SCMP :

Role

Responsibility

SCM Manager

Identify, delegate, and monitor the SCM tasks.

Create, implement, and maintain DTP.

Manage SCM resources and personnel.

3.1.2c Entry Criteria

An approved SCMP exists.

3.1.2d Control

The controls for Manage Implementation of SCMP are listed below.

  1. The project SCMP states the required tasks to be performed by the SCM organization.
  2. The DTP identifies the areas that require documented step-by-step procedures.

3.1.2e Input

Inputs to this activity are listed below.

  1. Resources
  2. Defined Personnel
  3. Audit Reports
  4. Review Reports
  5. SCM Deficiency Reports
  6. Identified Tasks
  7. Defined Resources
  8. Personnel
  9. Trained Personnel

3.1.2f Process Activities

The process activities for Manage Implementation of Project SCMP are as follows:

  1. Identify the tasks stated in the project SCMP.
  2. Determine the DTP required to follow the processes stated in the project SCMP.
  3. Define the resources and positions required to implement the project SCMP.
  4. Provide resolution of SCM deficiency reports.

3.1.2g Output

Outputs from this activity are listed below.

  1. Identified Tasks
  2. DTP
  3. Defined Resources
  4. Defined Personnel

3.1.2h Exit Criteria

Retiring a software product satisfies the exit criteria.

3.1.2.1Manage SCM Tasks (A121)

3.1.2.1a Purpose The purpose of this process activity (A121) is to ensure that the tasks stated in the project SCMP are implemented in a consistent, correct, complete, and compliant manner.

3.1.2.1b Role and Responsibility The following is responsible for Manage SCM Tasks:

Role

Responsibility

SCM Manager

Decompose the tasks stated in the project SCMP into manageable components (e.g., work breakdown structure).

Monitor the accomplishment of the identified task.

Review the identified tasks for compliance with the approved project SCMP.

3.1.2.1c Entry Criteria An approved project SCMP exists.

3.1.2.1d Control The approved project SCMP provides control.

3.1.2.1e Input Inputs to this activity are listed below.

  1. Resources
  2. Defined Personnel
  3. Audit Reports
  4. Review Reports
  5. SCM Deficiency Reports

3.1.2.1f Process Activities The process activities for Manage SCM Tasks are as follows:

  1. Clarify the tasks stated in the project SCMP using resources and defined personnel.
  2. Maintain the tasks so that all tasks are current and applicable to the product. Updates to the project SCMP, resources, SCM deficiency reports, and audit and review reports may require tasks to be added, modified, or deleted.
  3. Ensure that the tasks are accomplished and fulfill the requirements stated in the project SCMP.

3.1.2.1g Output Output from this activity is composed of identified tasks.

3.1.2.1h Exit Criteria Identified tasks that reflect the current project SCMP satisfy the exit criteria.

3.1.2.2 Create and Maintain DTP (A122)

3.1.2.2a Purpose The purpose of this process activity (A122) is to document the procedures that describe how SCM is performed for a project and update the DTP to reflect the current project SCMP.

3.1.2.2b Role and Responsibility The following are responsible for Create and Maintain DTP:

Role

Responsibility

SCM Manager

Direct the development of DTP, and oversee the implementation and maintenance of DTP.

Identify the functions within the software-related groups, e.g., system engineering, software development, system testing, etc., that the SCM organization must interface with to accomplish a task.

Software-Related Groups

Review DTP.

SCM Organization

Create, implement, and maintain DTP.

3.1.2.2c Entry Criteria This project SCMP and the Sample DTP satisfy the entry criteria.

3.1.2.2d Control The controls for Create and Maintain DTP are listed below.

  1. The project SCMP identifies all the tasks and the high-level processes that require DTP.
  2. The Sample DTP is used as a guideline in generating specific DTP.

3.1.2.2e Input Inputs to this activity are listed below.

  1. Identified Tasks
  2. Defined Personnel.
  3. Defined Resources
  4. Audit Reports
  5. Review Reports
  6. SCM Deficiency Reports

3.1.2.2f Process Activities The process activities for Create and Maintain DTP are as follows:

  1. Create DTP for processes identified in the project SCMP using resources, personnel, and guidelines found in the sample DTP.
  2. Maintain the procedures so that the process is repeatable. Written procedures provide the instructions for performing SCM (configuration identification, configuration control, CSA, and configuration audits and reviews). A change in a process may require the written procedures to change. Inputs to this activity include defined resources, SCM deficiency reports, and audit and review reports. Defined resources are resources that are necessary to perform the procedures. SCM deficiency reports and audit and review reports may cause the procedures to be modified or deleted. The process of managing procedures includes monitoring these procedures to ensure that the process as described in the DTP is being followed. Monitoring of the processes is accomplished through audits of SCM processes and internal SCM reviews.

3.1.2.2g Output Output of this activity is the accomplishment of written DTP.

3.1.2.2h Exit Criteria Written DTP and subsequent updates throughout the product's life cycle satisfy the exit criteria.

3.1.2.3 Manage Resources and Personnel to Perform SCM (A123)

3.1.2.3a Purpose The purpose of this process activity (A123) is to use appropriate resources and personnel to accomplish the SCM task(s) in accordance with the project SCMP and DTP.

3.1.2.3b Role and Responsibility The following is responsible for Manage Resources and Personnel to Perform SCM.

Role

Responsibility

SCM Manager

Identify and manage the resources and personnel needed to accomplish tasks identified in the project SCMP.

3.1.2.3c Entry Criteria DTP satisfy the entry criteria.

3.1.2.3d Control The controls for Manage Resources and Personnel to Perform SCM are listed below.

  1. The project SCMP states the required tasks to be performed by the SCM organization.
  2. The DTP provide step-by-step guidance for personnel required to complete tasks using given resources.
  3. Resources define the budget and schedule constraints placed upon SCM.

3.1.2.3e Input Inputs to this activity are listed below.

  1. Resources
  2. Personnel
  3. Audit Reports
  4. Review Reports
  5. Trained Personnel
  6. SCM Deficiency Reports

3.1.2.3f Process Activities The process activities for Manage Resources and Personnel to Perform SCM are as follows:

  1. Identify, define, and direct the resources (i.e., SCM tools, allocated funds, tasking priorities to meet schedules) and personnel (both prior to and after training) needed to follow processes described in the project SCMP. SCM deficiency reports and audit and review reports are inputs that may require the SCM Manager to re-identify resources, personnel, and training needed to support the processes and/or DTP.

3.1.2.3g Output Outputs of this activity are listed below.

  1. Defined Resources
  2. Defined Personnel

3.1.2.3h Exit Criteria The exit criteria for this process activity are defined resources and defined personnel necessary to support the SCMP and DTP.

3.1.3 Provide SCM Training (A13)

3.1.3a Purpose

The purpose of this process activity (A13) is to train the SCM organization and software-related groups on processes as described in the project SCMP, DTP, and SCM tools to accomplish tasks stated in the project SCMP.

3.1.3b Role and Responsibility

The following is responsible for Provide SCM Training :

Role

Responsibility

SCM Manager

Identify, establish, coordinate, and maintain training as required to ensure effective performance of SCM activity by the SCM organization and software-related groups.

3.1.3c Entry Criteria

DTP satisfy the entry criteria.

3.1.3d Control

The control for Provide SCM Training is listed below.

  1. DTP provide detailed information on the activities, personnel, SCM tools, skills, and knowledge required to complete a given task. This information can be used to determine training requirements.

3.1.3e Input

Inputs to this activity are listed below.

  1. Defined Resources
  2. Defined Personnel

3.1.3f Process Activities

The process activity for Provide SCM Training is to use defined personnel and resources to produce personnel trained in SCM processes as described in the project SCMP, DTP, and SCM tools. Defined personnel include both those providing training and those receiving the training.

3.1.3g Output

The output of this activity is trained personnel.

3.1.3h Exit Criteria

Trained personnel satisfy the exit criteria.

3.2 Perform SCM (A2)

3.2a Purpose

The purpose of this process activity (A2) is to apply configuration identification, control, status accounting, and audits and reviews throughout the life cycle of a product in order to ensure the integrity of the software release and associated documentation.

3.2b Role and Responsibility

The following is responsible for Perform SCM :

Role

Responsibility

SCM Organization

Perform configuration identification, control, status accounting, and internal SCM reviews.

Assist in performing the configuration audit(s).

Assist in the independent audit of SCM activities.

3.2c Entry Criteria

The SCM Manager has identified and trained personnel and current DTP exist.

3.2d Control

The current DTP provide control of this activity.

3.2e Input

Inputs to this activity are listed below.

  1. CSCI
  2. Technical Data
  3. CRs
  4. Defined Resources
  5. Trained Personnel
  6. Audit Reports
  7. Review Reports
  8. CSCI Requests
  9. Technical Data Requests
  10. Identified Technical Data
  11. SCCB Decisions
  12. Identified CR
  13. Identified CSCI
  14. CSA Request
  15. Controlled CR
  16. Controlled Technical Data
  17. Controlled CSCI
  18. CSA Reports
  19. Project SCMP
  20. DTP

3.2f Process Activities

The process activities for Perform SCM are as follows:

  1. Take receipt of and assign tracking identifiers to the CSCI and its related technical data.
  2. Control changes to the CSCI and its technical data through the use of CRs and board decisions (e.g., CCB, SCCB, Software Configuration Review Board [SCRB], and Operational Advisory Group [OAG]).
  3. Provide status information and technical data to management and related organizations.
  4. Participate in the auditing of software products to ensure correct, complete, consistent, and compliant products.
  5. Perform internal review of SCM activities.

3.2g Output

Outputs from this activity are listed below.

  1. Identified CR
  2. Identified CSCI
  3. Identified Technical Data
  4. SCM Deficiency Report
  5. Controlled CR
  6. Controlled Technical Data
  7. Controlled CSCI
  8. CSA Reports
  9. Audit Reports
  10. Review Reports
  11. Software Release

3.2h Exit Criteria

Retiring a software product satisfies the exit criteria.

3.2.1 Perform Configuration Identification (A21)

3.2.1a Purpose

The purpose of this process activity (A21) is to issue unique identifiers to each CSCI and related technical data and assign tracking numbers to CRs so that they may be tracked through each baseline release. Throughout the following sections, any reference to CSCI includes Software Units.

3.2.1b Role and Responsibility

The following are responsible for Perform Configuration Identification :

Role

Responsibility

SCM Manager

Oversee the establishment of the configuration management libraries.

SCM Organization

Issue the configuration identifier to the CSCI and related technical data. Verify that the correct project identifier has been used. Identify and assign a tracking number to the CR.

Establish the CM libraries.

SCCB

Support the project manager recommending approval or disapproval of proposed engineering changes to a CSCI's current approved configuration and its documentation.

3.2.1c Entry Criteria

CSCI, technical data, or CRs have been submitted to the SCM organization.

3.2.1d Control

Control is provided by the DTP for configuration identification.

3.2.1e Input

Inputs to this activity are listed below.

  1. CSCI
  2. Technical Data
  3. CRs
  4. Defined Resources
  5. Trained Personnel
  6. Audit Reports
  7. Review Reports

3.2.1f Process Activities

The process activities for Perform Configuration Identification are as follows:

  1. Assign a unique identifier to project CSCIs and technical data that includes identification of the associated baseline.
  2. Verify project identification for CSCIs and technical data.
  3. Establish and oversee the establishment of CM libraries.
  4. Assign tracking numbers to CRs.
  5. Report any deficiency against this activity using the SCM deficiency report.

3.2.1g Output

Outputs from this activity are listed below.

  1. Identified CR(s)
  2. Identified CSCI
  3. Identified Technical Data
  4. SCM Deficiency Reports

3.2.1h Exit Criteria

Each CSCI and associated documentation have been formally identified. All required data has been collected, recorded, processed, and maintained for producing CSA reports. The CM libraries have been established.

3.2.2 Perform Configuration Control (A22)

3.2.2a Purpose

The purpose of this process activity (A22) is to maintain the integrity of the product's technical data and CSCI throughout its life cycle.

3.2.2b Role and Responsibility

The following are responsible for providing Perform Configuration Control :

Role

Responsibility

SCM Manager

Manage expeditious processing of proposed changes against approved baselines.

Manage processing of authorized changes into approved baselines.

SCM Organization

Prevent incorporation of unauthorized changes into the baselines.

Ensure integrity of baseline releases (e.g., of executable software, source code).

Perform library functions of CSCI and technical data.

Perform the administrative functions to support the software boards (e.g., SCCB, SCRB, OAG).

SCCB

Represent the interests of the project management and all project groups who may be affected by changes to the software baselines.

Authorize the establishment of software baselines, review and approve the changes, and authorize the creation of software baseline products.

3.2.2c Entry Criteria

One of the following criteria must be met to initiate this activity.

  1. Receive the approved functional baseline and any further configuration baselines for the CSCIs.
  2. Receive the CSCI and technical data to be placed under library control.
  3. Receive the CRs.

3.2.2d Control

The DTP provide control of this activity.

3.2.2e Input

Inputs to this activity are listed below.

  1. CSCI Requests
  2. Technical Data Requests
  3. Identified Technical Data
  4. SCCB Decisions
  5. Identified CR
  6. Defined Resources
  7. Identified CSCI
  8. Trained Personnel

3.2.2f Process Activities

The process activities for Perform Configuration Control are as follows:

  1. Receive CSCI and technical data.
  2. Place CSCI and technical data in the libraries.
  3. Process CSCI and technical data requests.
  4. Provide CRs to board members .
  5. Provide administrative support to the boards.
  6. Deliver software releases from controlled CSCIs and technical data, including associated changes to authorized baselines.
  7. Report any deficiencies against this activity using the SCM deficiency report.

3.2.2g Output

Outputs from this activity are listed below.

  1. Controlled CR
  2. Controlled Technical Data
  3. Controlled CSCI
  4. SCM Deficiency Report
  5. Software Release

3.2.2h Exit Criteria

Retiring a software product satisfies the exit criteria.

3.2.3 Perform Configuration Status Accounting (A23)

3.2.3a Purpose

The purpose of this process activity (A23) is to ensure reporting of accurate identification of each CSCI and associated technical data so that the necessary logistics support elements can be correctly programmed and made available in time to support the CSCI and its technical data. A well-designed and proven CSA will enhance management's capability to identify, produce, inspect, deliver, operate , and maintain CSCIs and associated technical data in a timely , efficient, economical manner.

3.2.3b Role and Responsibility

The following is responsible for Perform CSA :

Role

Responsibility

SCM Organization

Maintain and verify the data entered into the CSA system.

3.2.3c Entry Criteria

Entry criteria for this activity is the receipt of information on CSCIs, technical data, board decisions (e.g., CCB, SCCB, SCRB, or OAG), and CRs.

3.2.3d Control

Control of this activity is provided by the DTP.

3.2.3e Input

Inputs to this activity are listed below.

  1. CSA Request
  2. SCCB Decisions
  3. Controlled CR
  4. Controlled Technical Data
  5. Defined Resources
  6. Trained Personnel

3.2.3f Process Activities

The process activities for Perform CSA are as follows:

  1. Receive CSCI and technical data for entry into the CSA system.
  2. Generate CSA reports.
  3. Report any deficiencies against this activity using the SCM deficiency report.

3.2.3g Output

Outputs from this activity are listed below.

  1. CSA Reports
  2. SCM Deficiency Report

3.2.3h Exit Criteria

Retiring a software product satisfies the exit criteria.

3.2.4 Perform Configuration Audits and Reviews (A24)

3.2.4a Purpose

The purposes of this process activity (A24) are to:

  1. Report deficiencies in the CSCI and associated technical data found in a configuration audit.
  2. Track resolution of those reported deficiencies found in a configuration audit.
  3. Report deficiencies in SCM activities or products.
  4. Track and provide resolution to deficiencies against SCM activities and products as a part of process improvement efforts.

3.2.4b Role and Responsibility

The following are responsible for Perform Configuration Audits and Reviews :

Role

Responsibility

SCM Manager

Provide resolution to reported deficiencies against SCM activities or products as part of process improvement efforts.

SCM Organization

Support the configuration audits (FCA and PCA) of CSCIs and their technical data, including tracking resolution of reported deficiencies.

Provide the auditing activity or independent auditor (e.g., SQA) with the requested data to perform an audit of SCM activities.

Perform informal review of SCM tasks and products to ensure conformance of SCM procedures.

SQA or Independent Auditor

Perform configuration audits (FCA and PCA) of CSCI and associated technical data.

Perform audit of SCM activities.

Report audit findings.

3.2.4c Entry Criteria

Configuration audits and independent audits of CSCI and associated technical data and SCM activities are scheduled. Informal reviews of SCM activities and products are planned.

3.2.4d Control

The DTP provides control for this activity.

3.2.4e Input

Inputs to this activity are listed below.

  1. Controlled CSCI
  2. Controlled Technical Data
  3. Defined Resources
  4. Trained Personnel
  5. CSA Reports
  6. Project SCMP
  7. DTP

3.2.4f Process Activities

The process activities for Perform Configuration Audits and Reviews are as follows:

  1. Support SQA or independent auditor requests for technical data and for CSCI and associated data.
  2. Perform informal reviews of SCM tasks, DTP, and CSA reports.
  3. Use DTP to generate or assist in the preparation of audit and review reports.
  4. Report deficiencies against this activity using the SCM deficiency report.

3.2.4g Output

Outputs from this activity are listed below.

  1. Audit Reports
  2. Review Reports
  3. SCM Deficiency Report

3.2.4h Exit Criteria

The configuration audit and review is completed, results are documented, and deficiencies have been resolved.

The audit and review of SCM activities and products is completed, results are documented, and deficiencies have been resolved.


NOTES

1. Key Practices of the Capability Maturity Model, Version 1.1, February 1993.


REFERENCE

This document is adapted from the Navy's Software Process Definition, http://sepo.spawar.navy.mil/sepo/SCMProc.doc. April 1998 .


APPENDIX X1 ACRONYMS AND ABBREVIATIONS

CCB

Configuration Control Board

CM

Configuration Management

CMM

Capability Maturity Model

CRG

Computer Resources Group

CSA

Configuration Status Accounting

CSC

Computer Software Component

CSCI

Computer Software Configuration Item

CSU

Computer Software Unit

DCR

Document Change Request

DoD

Department of Defense

DTP

Desktop Procedure

FCA

Functional Configuration Audit

FCD

Functional Configuration Documentation

NAVAIRSYSCOM

Naval Air Systems Command

NDS

Nondevelopmental Software

OAG

Operational Advisory Group

PCA

Physical Configuration Audit

SCCB

Software Configuration Control Board

SCM

Software Configuration Management

SCMP

Software Configuration Management Plan

SCRB

Software Change Review Board

SEI

Software Engineering Institute

SQA

Software Quality Assurance

SRR

Software Requirements Review

STD

Standard


APPENDIX X2 SOFTWARE CONFIGURATION MANAGEMENT

Briefing Evaluation Check Sheet

Key Practice and Sub-practices

Yes

No

Ex

  1. Commitment to Perform
  1. The project follows a written organizational policy for implementing software configuration management (SCM).
     
    1. Responsibility for SCM for each project is explicitly assigned.
     
    1. SCM is implemented throughout the project's life cycle.
     
    1. SCM is implemented for externally deliverable software products, designated internal software work products, and designated support tools used inside the project (e.g., compilers).
     
    1. The projects establish or have access to a repository for storing configuration items/units and the associated SCM records.
     
    1. The software baselines and SCM activities are audited on a periodic basis.
     
  1. Ability to Perform
  1. A board having the authority for managing the project's software baselines (i.e., a software configuration control board ” SCCB) exists or is established. The SCCB:
     
    1. Authorizes the establishment of software baselines and the identification of configuration items/units.
     
    1. Represents the interests of the project manager and all groups who may be affected by changes to the software baselines.
     
    1. Reviews and authorizes changes to the software baselines.
     
    1. Authorizes creation of products from the software baseline library.
     
  1. A group that is responsible for coordinating and implementing SCM for the project (i.e., the SCM group) exists. The SCM Group coordinates or implements:
     
    1. Creation and management of the project's software baseline library.
     
    1. Development, maintenance, and distribution of the SCM plans, standards, and procedures.
     
    1. The identification of the set of work products to be placed under SCM.
     
    1. Management of the access to the software baseline library.
     
    1. Updates of the software baselines.
     
    1. Creation of products from the software baseline library.
     
    1. Recording of SCM actions.
     
    1. Production and distribution of SCM reports .
     
  1. Adequate resources and funding are provided for performing the SCM activities.
     
    1. A manager is assigned specific responsibilities for SCM.
     
    1. Tools to support the SCM activities are made available.
     
  1. Members of the SCM group are trained in the objectives, procedures, and methods for performing their SCM activities.
     
  1. Members of the software engineering group and other software- related groups are trained to perform their SCM activities.
     
  1. Activities Performed
  1. A SCM plan is prepared for each software project according to a documented procedure.
     
    1. The SCM plan is developed in the early stages of, and in parallel with, the overall project planning.
     
    1. The SCM plan is reviewed by the affected groups.
     
    1. The SCM plan is managed and controlled.
     
  1. A documented and approved SCM plan is used as the basis for performing the SCM activities. The plan covers:
     
    1. The SCM activities to be performed, the schedule of activities, the assigned responsibilities, and the resources required (including staff, tools, and computer facilities).
     
    1. The SCM requirements and activities to be performed by the software engineering group and other software software-related groups.
     
  1. A configuration management library system is established as a repository for the software baselines. The library system:
     
    1. Supports multiple control levels of SCM.
     
    1. Provides for the storage and retrieval of configuration items/units.
     
    1. Provides for the sharing and transfer of configuration items/units between the affected groups and between control levels within the library.
     
    1. Helps in the use of product standards for configuration items/units.
     
    1. Provides for the storage and retrieval of archive versions of configuration items/units.
     
    1. Helps to ensure correct creation of products from the baseline library.
     
    1. Provides for the storage, update, and retrieval of SCM records.
     
    1. Supports production of SCM reports.
     
    1. Provides for the maintenance of the library structure and contents.
     
  1. The software work products to be placed under configuration management are identified.
     
    1. The configuration items/units are selected based on documented criteria.
     
    1. The configuration items/units are assigned unique identifiers.
     
    1. The characteristics of each configuration item/unit are specified.
     
    1. The software baselines to which each configuration item/unit belongs are specified.
     
    1. The point in its development that each configuration item/unit is placed under configuration management is specified.
     
    1. The person responsible for each configuration item/unit (i.e., the owner, from a configuration management point of view) is identified.
     
  1. Change requests and problem reports for all configuration items/units are initiated, recorded, reviewed, approved, and tracked according to a documented procedure.
     
  1. Changes to baselines are controlled according to a documented procedure. This procedure typically specifies that:
     
    1. Reviews and/or regression tests are performed to ensure that changes have not caused unintended effects on the baseline.
     
    1. Only configuration items/units that are approved by the SCCB are entered into the software baseline library.
     
    1. Configuration items/units are checked in and out in a manner that maintains the correctness and integrity of the software baseline library.
     
  1. Products from the software baseline library are created and their release is controlled according to a documented procedure. This procedure typically specifies that:
     
    1. The SCCB authorizes the creation of products from the software baseline library.
     
    1. Products from the software baseline library, for both internal and external use, are built only from configuration items/units in the software baseline library.
     
  1. The status of configuration items/units is recorded according to a documented procedure. This procedure typically specifies that:
     
    1. The configuration management actions are recorded in sufficient detail so that the content and status of each configuration item/unit are known and previous versions can be recovered.
     
    1. The current status and history (i.e., changes and other actions) of each configuration item/unit are maintained .
     
  1. Standard reports documenting the SCM activities and the contents of the software baseline are developed and made available to affected groups and individuals.
     
  1. Software baseline audits are conducted according to a documented procedure. This procedure typically specifies that:
     
    1. There is adequate preparation for the audit.
     
    1. The integrity of software baselines is assessed.
     
    1. The structure and facilities of the configuration management library.
     
    1. The completeness and correctness of the software baseline library contents are reviewed.
     
    1. Compliance with applicable SCM standards and procedures is verified .
     
    1. The results of the audit are reported to the project software manager.
     
    1. Action items from the audit are tracked to closure.
     
  1. Measurement and Analysis
  1. Measurements are made and used to determine the status of the SCM activities.
     
  1. Verifying Implementation
  1. The SCM activities are reviewed with senior management on a periodic basis.
     
  1. The SCM activities are reviewed with the project manager on both a periodic and event-driven basis.
     
  1. The SCM group periodically audits software baselines to verify that they conform to the documentation that defines them.
     
  1. The software quality assurance group reviews and/or audits the activities and work products for SCM and reports the results. At a minimum, the reviews and/or audits verify:
     
    1. Compliance with the SCM standards and procedures by: h the SCM group, h the SCCB, h the software engineering group, and h other software-related groups.
     
    1. Occurrence of periodic software baseline audits.
     

Notes:

 
 
 
 
 
 
 
 
 
 
 
 
 

Yes Evidence exists that this sub-practice is in place and followed in a formal manner.

No There was weak or no evidence that this sub-practice is documented, in place or followed in any manner.

Ex Indications of exceptionally strong implementation of this sub-practice which could serve as a template for other SSA.

Source: CMU/SEI-93-TR-25 (L2-72-L2-83)




Software Configuration Management
Software Configuration Management
ISBN: 0849319765
EAN: 2147483647
Year: 2006
Pages: 235
Authors: Jessica Keyes

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net