ASD-STAN PREN 9223-103-2016 Programme Management - Configuration Management - Part 103 Configuration Verifications Reviews and Audits (Edition P 1).pdf

1、 ASD-STAN STANDARD NORME ASD-STAN ASD-STAN NORM ASD-STAN prEN 9223-103:2016 Edition P1 2016-10 PUBLISHED BY THE AEROSPACE AND DEFENCE INDUSTRIES ASSOCIATION OF EUROPE - STANDARDIZATION Rue Montoyer 10 - 1000 Brussels - Tel. + 32 2 775 8126 - Fax. + 32 2 775 8131 - www.asd-stan.org ICS: Descriptors:

2、ENGLISH VERSION Programme Management Configuration Management Part 103: Configuration Verifications, Reviews and Audits Programm-Management Konfigurationsmanagement Teil 103: berprfungen, Reviews und Audits der Konfiguration Management de Programme Gestion de la Configuration Partie 103 : Vrificatio

3、ns, revues et audits de la configuration This “Aerospace Series” Prestandard has been drawn up under the responsibility of ASD-STAN (The AeroSpace and Defence Industries Association of Europe - Standardization). It is published for the needs of the European Aerospace Industry. It has been technicall

4、y approved by the experts of the concerned Domain following member comments. Subsequent to the publication of this Prestandard, the technical content shall not be changed to an extent that interchangeability is affected, physically or functionally, without re-identification of the standard. After ex

5、amination and review by users and formal agreement of ASD-STAN, the ASD-STAN prEN will be submitted as a draft European Standard (prEN) to CEN (European Committee for Standardization) for formal vote and transformation to full European Standard (EN). The CEN national members have then to implement t

6、he EN at national level by giving the EN the status of a national standard and by withdrawing any national standards conflicting with the EN. ASD-STAN Technical Committee approves that: “This document is published by ASD-STAN for the needs of the European Aerospace Industry. The use of this standard

7、 is entirely voluntary, and its applicability and suitability for any particular use, including any patent infringement arising therefrom, is the sole responsibility of the user.” ASD-STAN reviews each standard and technical report at least every five years at which time it may be revised, reaffirme

8、d, stabilized or cancelled. ASD-STAN invites you to send your written comments or any suggestions that may arise. All rights reserved. No parts of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, electronic, mechanical, photocopying, recor

9、ding, or otherwise, without prior written permission of ASD-STAN. Order details: E-mail: salesasd-stan.org Web address: http:/www.asd-stan.org/ Edition approved for publication Comments should be sent within six months after the date of publication to ASD-STAN General Domain prEN 9223-103:2016 (E) 2

10、 Contents Page Foreword 3 Introduction 4 1 Scope . 5 2 Normative references . 5 3 Terms and definitions. 5 4 The configuration verification, review and audit processes and their place in the overall programme Configuration Management . 6 4.1 Configuration verification and audit process overview . 6

11、4.2 Nature of the configuration verification and audit process 6 4.3 Configuration audits: ending activity and starting point . 7 4.4 Configuration verification activities preliminary to the audits 8 5 Configuration verification, review and audit activities 8 5.1 Configuration verification, review a

12、nd audit activities overview 8 5.2 Verifications during programme reviews (or equivalent milestones) . 9 5.3 Configuration audits . 11 5.4 Relationship between FCA, PCA, configuration baselines and qualification . 16 6 Specific cases . 17 6.1 Configuration audits resumption during the product life 1

13、7 6.2 COTS, Components Off The Shelf 17 6.3 Configuration item common to several programmes 18 6.4 Coherence between the product and specific means . 18 (informative) Verification methods that can be used to prepare a configuration audit . 19 Annex A(informative) Examples for configuration audit pro

14、cedures 20 Annex BB.1 General 20 B.2 Example of activities to be included in a configuration audit procedure . 20 B.3 List of points to verify for a FCA . 21 B.4 List of points to verify for a PCA . 22 Bibliography . 24 prEN 9223-103:2016 (E) 3 Foreword This standard was reviewed by the Domain Techn

15、ical Coordinator of ASD-STANs General Domain. After inquiries and votes carried out in accordance with the rules of ASD-STAN defined in ASD-STANs General Process Manual, this standard has received approval for Publication. prEN 9223-103:2016 (E) 4 Introduction The finality of Configuration Managemen

16、t is to assure during the whole product lifecycle1): consistency and commonality of the technical information among all actors; traceability of this technical information. For that purpose, Configuration Management organizes and implements the following activities: selection of items and technical i

17、nformation that shall be submitted to Configuration Management, under clearly established responsibility (configuration identification); capture, keeping this information and making it available (configuration status accounting); verification and validation of the coherence of this information at de

18、fined steps of the product lifecycle (configuration verifications, reviews and audits); technical changes and gaps processing in order to keep the consistency of this information (configuration control). 1)See EN ISO 9000:2005. prEN 9223-103:2016 (E) 5 1 Scope The present document: is based on inter

19、nationally-recognized concepts; proposes organisational principles and implementation processes for Configuration Management from both viewpoints: “programme” and “company”, with emphasis on the “programme” viewpoint; deals with verifications, reviews and audits tending towards the validation of the

20、 configuration information consistency. It details the principles described in EN 9223-100. It is up to each programme responsible person to define the necessary details of application and tailoring in the Configuration Management plan. Important remark: Configuration audit doesnt be confused with q

21、uality audit (for detailed information, see 4.1). This document does not deal with configuration system audits (quality audit) deployed within the scope of a programme. These audits stem from quality audits as defined in EN ISO 9001 (process conformity or efficiency audits). 2 Normative references T

22、he following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. EN 9100,

23、 Quality Management Systems. Requirements for Aviation, Space and Defense organizations EN 9223-100, Programme Management Configuration Management Part 100: A guide for the application of the principles of configuration management2)EN 9223-101, Programme Management Configuration Management Part 101:

24、 Configuration identification2)EN 9223-105, Programme Management Configuration Management Part 105: Glossary2)EN ISO 9000, Quality management systems Fundamentals and vocabulary EN ISO 9001, Quality management systems Requirements 3 Terms and definitions For the purposes of this document, the terms

25、and definitions given in EN ISO 9000, ISO 10007:2003 and EN 9200 apply. The specific terms needed to understand and to use the document are the object of definitions appearing in EN 9223-105. 2)Published as ASD-STAN Prestandard at the date of publication of this standard. http:/www.asd-stan.org/ prE

26、N 9223-103:2016 (E) 6 4 The configuration verification, review and audit processes and their place in the overall programme Configuration Management 4.1 Configuration verification and audit process overview Figure 1 Place of the configuration verification, review and audit process in Configuration M

27、anagement processes Important remarks: Configuration audits shall in no case be performed by third party auditors (organisms accredited to deliver audits certificates on quality systems) because of the risk of losing restricted know-how. They are normally performed by a first party auditor (belongin

28、g to the company) and up to a point by a second-party auditor (customer). 4.2 Nature of the configuration verification and audit process Configuration verification occurs at determined milestones during the system or product lifecycle, essentially linked to establishing and approval of configuration

29、 baselines and to verification of the conformity of a specific unit of the product or achieved configuration item to these configuration baselines. The configuration verification shall: assure that the design of the product guarantees the fulfilment of the specified requirements; validate the comple

30、teness and the accuracy of the product configuration information; prEN 9223-103:2016 (E) 7 assure the consistency between a product and its product configuration information; guarantee that the configuration control process shall be able to maintain the fulfilment of the requirements and the consist

31、ency between the product and its configuration information during the remaining of the lifecycle; guarantee that controlled configuration information is the basis for operational use, support, training, spare parts and repairs. Configuration verification uses the configuration audit technique, which

32、 consists in: comparing defined characteristics in a configuration baseline to those presented by a realized and representative of to-be-delivered system, product or configuration item; identifying and highlighting gaps; obtaining an approved decision for each of them (concession or setting in confo

33、rmity). As the programme flows however, a certain amount of data belonging to configuration information and some Configuration Management activities linked to the phase of programme flow down can be subject to verifications. These verifications are achieved during configuration audits and reviews th

34、at sequence the lifecycle. 4.3 Configuration audits: ending activity and starting point the configuration audit is carried on a configuration item. That means it can exist at three levels: at system level, at product level and at configuration item lower level. It is a bottom-up approach: configurat

35、ion audits for a system rely on the consolidation of the configuration audits for the products that make it up and themselves rely on configuration audits of the configuration items that make up these products; in the scope of a product design, configuration audits will end the implemented Configura

36、tion Management activities and thus will contribute to the qualification process. Indeed, if configuration information is described in documentation, it must also be achieved in the physical product. At the end of the development of an item, the audit aims at assuring that there is no gap (or at lea

37、st they are under control) between the actual product and its representation in documentation. So this audit guarantees that the performances and the physical characteristics can be reproduced all along the operational life of this product; configuration audits are heavy-duty activities that should

38、not be repeated. This does not mean that Configuration Management activities will end at this level. Particularly, control and status accounting activities will go on during the remaining of the lifecycle. These audits are meant to finalize the achievement of consistency between all the configuratio

39、n baselines (FBL, ABL and PBL) at the end of the development phase and to show that the control process implemented allows maintaining this consistency without necessity for systematically redo complete configuration audits; the configuration audit finalizes the identification activity through appro

40、val of configuration baselines. It becomes the starting point for configuration control activities; in case of important changes in specifications and/or product design, there may be additional or new audit, specially for the following cases: o long life products; o obsolescence processing; o requir

41、ement for modernizing. prEN 9223-103:2016 (E) 8 4.4 Configuration verification activities preliminary to the audits Before performing verifications, a procedure shall be established. It describes: o conditions; o methods; o means; o additional resources; o the associated organization; o the scheduli

42、ng of verifications and of the audit. Configuration verification activities have to be planned making clear at which moment they occur, according to which process, and who will participate. Particularly for configuration audits, it is worth to make clear how they are embedded in the qualification pr

43、ocess, at which level and up to which degree of sharpness they have to be performed; Before audits, it has to be checked that: o the configuration information used as baseline for configuration audits exists beforehand: configuration baselines; as-designed configurations; status of technical changes

44、 that have to be implemented in the product before verification; accepted deviations. o the systems, products or configuration items achieved are: in a stable status; representative of the end product (case of mass-produced product) including realization (methods and tools); identified in compliance

45、 with specified arrangements. o the whole documentation supporting the audit: is identified in compliance with specified arrangements; has been approved and recorded as required. 5 Configuration verification, review and audit activities 5.1 Configuration verification, review and audit activities ove

46、rview Configuration verifications are mainly associated with configuration reviews and audits. These verifications focus on completeness and consistency of documents that have to be used for reviews and audits. Some more specific verification is described in the following paragraphs. prEN 9223-103:2

47、016 (E) 9 5.2 Verifications during programme reviews (or equivalent milestones) The reviews SSR/SR, PDR, CDR, TRR, QR, PRR, FAI have to be carried on at programme level and also at configuration items level. They are milestones on which Configuration Management can rely to perform a certain number o

48、f verifications that will facilitate the implementation of configuration audits. The verifications proposals below concern the product configuration (physical and functional characteristics). Beyond these verifications, additional verifications about the process are needed that are outside the scope

49、 of this recommendation. Besides, some verifications about product configuration are also process verification (e. g. breakdown into configuration items). SSR: System Specification Review (at system level): o verify that all the approved documents that define the technical requirements applicable to the system have been set in baseline (FBL); o verify that the traceability of the documented and approved requirements with the stated needs has been demonstrated at the time of approval of