1、BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06Quality management Guidelines for configuration managementBS ISO 10007:2017National forewordThis British Standard is the UK implementation of ISO 10007:2017. It supersedes BS ISO 10007:2003, which is withdrawn.The UK pa
2、rticipation in its preparation was entrusted by Technical Committee QS/1, Quality management and quality assurance procedures, to Subcommittee QS/1/2, Quality Management System Standards.A list of organizations represented on this subcommittee can be obtained on request to its secretary.This publica
3、tion does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application.ISBN 978 0 580 94257 0ICS 03.120.10; 03.100.70Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the
4、 authority of the Standards Policy and Strategy Committee on 30 April 2017.Amendments/corrigenda issued since publicationDate Text affected BRITISH STANDARDBS ISO 10007:2017 ISO 2017Quality management Guidelines for configuration managementManagement de la qualit Lignes directrices pour la gestion d
5、e la configurationINTERNATIONAL STANDARDISO10007Third edition2017-03-15Reference numberISO 10007:2017(E)BS ISO 10007:2017ISO 10007:2017(E)ii ISO 2017 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO 2017, Published in SwitzerlandAll rights reserved. Unless otherwise specified, no part of this pub
6、lication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the cou
7、ntry of the requester.ISO copyright officeCh. de Blandonnet 8 CP 401CH-1214 Vernier, Geneva, SwitzerlandTel. +41 22 749 01 11Fax +41 22 749 09 47copyrightiso.orgwww.iso.orgBS ISO 10007:2017ISO 10007:2017(E)Foreword ivIntroduction v1 Scope . 12 Normative references 13 Terms and definitions . 14 Confi
8、guration management responsibility . 24.1 Responsibilities and authorities 24.2 Dispositioning authority . 25 Configuration management process 25.1 General . 25.2 Configuration management planning 25.3 Configuration identification 35.3.1 Product structure or service capability and selection of confi
9、guration items . 35.3.2 Configuration information. 35.3.3 Configuration baselines . 45.4 Change control 45.4.1 General 45.4.2 Initiation, identification and documentation of the need for change . 45.4.3 Evaluation of change. 55.4.4 Disposition of change . 55.4.5 Implementation and verification of ch
10、ange . 55.5 Configuration status accounting 55.5.1 General 55.5.2 Documented Information . 65.5.3 Reports . 65.6 Configuration audit . 6Annex A (informative) Structure and content of a configuration management plan . 8Bibliography .10 ISO 2017 All rights reserved iiiContents PageBS ISO 10007:2017ISO
11、 10007:2017(E)ForewordISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject
12、for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) o
13、n all matters of electrotechnical standardization.The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted
14、. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying an
15、y or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).Any trade name used in this document is information given for the convenience of us
16、ers and does not constitute an endorsement.For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical Barrie
17、rs to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.This document was prepared by Technical Committee ISO/TC 176, Quality management and quality assurance, Subcommittee SC 2, Quality systems.This third edition cancels and replaces the second edition (ISO 10007:2003), which has bee
18、n technically revised. This edition aligns ISO 10007 with ISO 9000:2015 and ISO 9001:2015.iv ISO 2017 All rights reservedBS ISO 10007:2017ISO 10007:2017(E)IntroductionThe purpose of this document is to enhance common understanding of the subject, to promote the use of configuration management and to
19、 assist organizations applying configuration management to improve their performance.This document outlines the responsibilities and authorities before describing the configuration management process that includes configuration management planning, configuration identification, change control, confi
20、guration status accounting and configuration audit.Configuration management is a management activity that applies technical and administrative direction over the life cycle of a product and service, its configuration identification and status, and related product and service configuration informatio
21、n.Configuration management documents the product or service configuration. It provides identification and traceability, the status of achievement of its physical and functional requirements, and access to accurate information in all phases of the life cycle.Configuration management can be implemente
22、d based on the size of the organization and the complexity and nature of the product or service and reflects the needs of specific lifecycle phases.Configuration management can be used to meet the product and service identification and traceability requirements specified in ISO 9001:2015, 8.5.2. ISO
23、 2017 All rights reserved vBS ISO 10007:2017This page deliberately left blankQuality management Guidelines for configuration management1 ScopeThis document provides guidance on the use of configuration management within an organization. It is applicable to the support of products and services from c
24、oncept to disposal.2 Normative referencesThe following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced d
25、ocument (including any amendments) applies.ISO 9000:2015, Quality management systems Fundamentals and vocabulary3 Terms and definitionsFor the purposes of this document, the terms and definitions given in ISO 9000 and the following apply.ISO and IEC maintain terminological databases for use in stand
26、ardization at the following addresses: ISO Online browsing platform: available at http:/www.iso.org/obp IEC Electropedia: available at http:/www.electropedia.org/3.1configurationinterrelated functional and physical characteristics of a product or service defined in configuration information (3.5)3.2
27、configuration baselineapproved configuration information (3.5) that establishes the characteristics of a product or service at a point in time that serves as reference for activities throughout the life cycle of the product or service3.3configuration itementity within a configuration (3.1) that sati
28、sfies an end use function3.4configuration status accountingformalized recording and reporting of configuration information (3.5), the status of proposed changes and the status of the implementation of approved changes3.5configuration informationrequirements for product or service design, realization
29、, verification, operation and supportINTERNATIONAL STANDARD ISO 10007:2017(E) ISO 2017 All rights reserved 1BS ISO 10007:2017ISO 10007:2017(E)4 Configuration management responsibility4.1 Responsibilities and authoritiesThe organization should identify, describe and assign responsibilities and author
30、ities, including accountability, related to the configuration management process. The following should be considered:a) the complexity and nature of the product or service;b) the needs of the different product or service life cycle stages;c) the interfaces between activities directly involved in the
31、 configuration management process;d) the other relevant interested parties that are (or need to be) involved, both within and outside the organization;e) the identification of the responsible authority for verifying implementation activities;f) the identification of the dispositioning authority.4.2
32、Dispositioning authorityPrior to approval of a change, the dispositioning authority should verify that:a) the proposed change is necessary and the consequences would be acceptable;b) the change has been properly documented and categorized;c) the planned activities for the implementation of the chang
33、e into documented information, hardware and/or software are satisfactory.5 Configuration management process5.1 GeneralThe organization should establish, implement and maintain a configuration management process. The organization should coordinate the activities of the configuration management proces
34、s in order for it to be effective.The configuration management process should be focused on product or service requirements (including those of customers or relevant interested parties), as well as the application of statutory and regulatory requirements, while taking into account the context in whi
35、ch it will be performed. The configuration management process should be detailed in a configuration management plan. This should describe any project-specific documented information and the extent of their application during the life cycle of the product or service.5.2 Configuration management plann
36、ingConfiguration management planning is the foundation for the configuration management process. Effective planning coordinates configuration management activities in a specific context over the product or service life cycle. The output of configuration management planning is the configuration manag
37、ement plan.The configuration management plan for a specific product or service should:a) be documented and approved;b) be controlled;c) identify the configuration management documented information to be used;2 ISO 2017 All rights reservedBS ISO 10007:2017ISO 10007:2017(E)d) make reference to relevan
38、t documented information of the organization wherever possible;e) describe the required resources and any responsibilities and authorities (including accountability), for carrying out configuration management throughout the life cycle of the product or service.The configuration management plan may b
39、e a stand-alone document, or a part of another document, or composed of several documents.In some situations, the configuration management plan will be provided by an external provider. The organization may retain such plans either as stand-alone documents or incorporate them into its own configurat
40、ion management plan.Annex A describes a potential structure and content for a configuration management plan.5.3 Configuration identification5.3.1 Product structure or service capability and selection of configuration itemsThe selection of configuration items and their inter-relationships should desc
41、ribe the product structure or service capability.Configuration items should be identified using established selection criteria. Configuration items should be selected whose functional and physical characteristics can be managed separately to achieve the overall end-use performance of the item.Select
42、ion criteria should consider:a) life-cycle of the configuration;b) the application of statutory and regulatory requirements;c) criticality in terms of risks and safety;d) new or modified technology, design or development;e) interfaces with other configuration items;f) procurement conditions;g) suppo
43、rt and service.The number of configuration items selected should optimize the ability to control the product or service. The selection of configuration items should be initiated as early as possible in the product or service life cycle. The configuration items should be reviewed as the product or se
44、rvice evolves.5.3.2 Configuration informationConfiguration information comprises both definition and operational information. This typically includes requirements, specifications, design drawings, parts lists, data models, test specifications, handbooks (for commissioning, maintenance and operation)
45、, plus any specific requirements concerning decommissioning and disposal.Configuration information should be relevant and traceable. Naming and numbering conventions should be established that are unique and ensure proper control of both configuration items and data and items associated with them. T
46、hese should take into consideration the existing naming and numbering conventions of the organization and the change control information, such as revision status. ISO 2017 All rights reserved 3BS ISO 10007:2017ISO 10007:2017(E)5.3.3 Configuration baselinesA configuration baseline consists of the app
47、roved configuration information that represents the definition of the product or service. Configuration baselines, plus approved changes to those baselines, represent the current approved configuration.Configuration baselines should be established whenever it is necessary in the product or service l
48、ife cycle to define a reference for further activities or to satisfy a specific requirement for review.The level of detail to which the product or service is defined in a configuration baseline depends on the degree of control required.5.4 Change control5.4.1 GeneralAfter the initial release of conf
49、iguration information, all changes should be controlled. The potential consequence of a change, customer requirements and the configuration baseline will affect the degree of control needed to process a proposed change or concession.The process for controlling the change should be documented and should include the following:a) a description of, justification for and documented information of the change;b) a categorization of the change, in terms of complexity, resources and scheduling;c) an evaluation of the consequences of the change;d) details