ISO/IEC TR 18018:2010

TECHNICAL ISO/IEC
REPORT TR
18018
First edition
2010-02-15


Information technology — Systems and
software engineering — Guide for
configuration management tool
capabilities
Technologies de l'information — Ingénierie des systèmes et du
logiciel — Guide pour les capacités d'outil de gestion de configuration




Reference number
ISO/IEC TR 18018:2010(E)
©
ISO/IEC 2010

---------------------- Page: 1 ----------------------
ISO/IEC TR 18018:2010(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO/IEC 2010
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2010 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC TR 18018:2010(E)
Contents Page
Foreword .iv
Introduction.v
1 Scope.1
2 Normative references.1
3 Terms and definitions .1
4 Application of this Technical Report.3
4.1 Overview.3
4.2 CM personnel.3
4.3 Tool suppliers .3
4.4 Acquirers.3
5 Capabilities of configuration management tools.4
5.1 Overview of configuration management tool capabilities .4
5.2 Configuration management tool capabilities .4
5.3 Configuration identification.6
5.4 Configuration baselining .7
5.5 Configuration control.8
5.6 Configuration status accounting .12
5.7 Configuration auditing.13
5.8 Release management and delivery.15
5.9 Other configuration management tool capabilities .16
Annex A (informative) Focus areas of each reference.17
Annex B (informative) Configuration management services .20
Bibliography.27

© ISO/IEC 2010 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC TR 18018:2010(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
In exceptional circumstances, the joint technical committee may propose the publication of a Technical Report
of one of the following types:
— type 1, when the required support cannot be obtained for the publication of an International Standard,
despite repeated efforts;
— type 2, when the subject is still under technical development or where for any other reason there is the
future but not immediate possibility of an agreement on an International Standard;
— type 3, when the joint technical committee has collected data of a different kind from that which is
normally published as an International Standard (“state of the art”, for example).
Technical Reports of types 1 and 2 are subject to review within three years of publication, to decide whether
they can be transformed into International Standards. Technical Reports of type 3 do not necessarily have to
be reviewed until the data they provide are considered to be no longer valid or useful.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC TR 18018, which is a Technical Report of type 2, was prepared by Joint Technical Committee
ISO/IEC JTC 1, Information technology, Subcommittee SC 7, Software and systems engineering.
iv © ISO/IEC 2010 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC TR 18018:2010(E)
Introduction
Configuration management (CM) is a process central to the software engineering life cycle. CM has been
established as an ISO/IEC standard life cycle process in ISO/IEC 12207:2008, Systems and software
engineering — Software life cycle processes and ISO/IEC 15288:2008, Systems and software engineering —
System life cycle processes.
ISO/IEC 12207 and ISO/IEC 15288 describe a comprehensive set of processes, activities and tasks to be
performed when acquiring or developing software. However, these documents do not address the capabilities
that a CM tool user can expect from a tool in order to support the CM process and other software engineering
life cycle activities. There is a gap between CM process descriptions and corresponding CM process
automation which affects both tool users and tool suppliers.
This Technical Report provides guidance in the evaluation and selection for CM tools during acquisition. CM
tool evaluation by prospective users can be complex, time consuming, and expensive. This Technical Report
helps to characterize what a CM tool can and cannot do in the CM process.
This Technical Report provides guidance for tool manufacturers in implementing a minimum set of capabilities.
The capabilities defined in this Technical Report are linked to ISO/IEC 12207 and ISO/IEC 15288, and will
provide tool manufacturers with guidance on the characteristics their tools should support to meet these
International Standards.

© ISO/IEC 2010 – All rights reserved v

---------------------- Page: 5 ----------------------
TECHNICAL REPORT ISO/IEC TR 18018:2010(E)

Information technology — Systems and software engineering —
Guide for configuration management tool capabilities
1 Scope
This Technical Report provides guidance for configuration management tool capabilities from which systems
and software development life cycle activities can be supported.
ISO/IEC 14102:2008, Information technology — Guideline for the evaluation and selection of CASE tools,
details a set of evaluation criteria for CASE tools without referencing a specific activity or task which the tool
supports. This lack of consideration on a specific activity or task causes users confusion and difficulty in
evaluating and selecting the right tools.
This Technical Report supplements ISO/IEC 14102:2008 by providing a set of minimum tool capabilities for
configuration management. It can be used as the set of criteria by a potential user during an acquisition
process, or by a configuration management tool supplier to help identify desirable tool capabilities.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO/IEC 12207:2008, Systems and software engineering — Software life cycle processes
ISO/IEC 15288:2008, Systems and software engineering — System life cycle processes
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
attribute
property associated with a set of real or abstract things that is some characteristic of interest
3.2
baseline
version of a configuration, specification, or product that has been formally reviewed and agreed upon, that
thereafter serves as the basis for further development, and that can be changed only through formal change
control procedures
[ISO/IEC 12207:2008 and ISO/IEC 15288:2008]
3.3
branch
deviation from the main development line for a configuration item, which allows different persons to work on
the same item at the same time
© ISO/IEC 2010 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO/IEC TR 18018:2010(E)
3.4
build
process of generating (archiving) an executable and testable system from source versions or baselines
NOTE The build needs to compile and link the various versions in the correct order. The build tools can be integrated
into a configuration management tool.
3.5
change request
CR
formal procedure for submitting a request for an adjustment of a configuration item
3.6
configuration item
entity within a configuration that satisfies an end use function and that can be uniquely identified at a given
reference point
[ISO/IEC 12207:2008 and ISO/IEC 15288:2008]
3.7
configuration management
CM
coordinated activities to direct and control configuration
3.8
CM services
abstract description of work done by CM tools
NOTE A service is self contained, coherent, discrete, and can be composed of other services.
3.9
CM tool
software product that can assist software engineers by providing automated support for configuration
management activities
3.10
configuration status accounting
CSA
element of configuration management that consists of the recording and reporting of information needed to
manage a configuration effectively
[ISO/IEC 24765]
3.11
delta
difference between two versions
3.12
software/system element
element that defines and prescribes what a software or system is composed of (for example, requirements,
design, code, test cases, and version number)
NOTE An element can contain sub elements or other software/system elements that are dependent on the top level
element.
3.13
release
particular version of a configuration item that is made available for a specific purpose (for example, test
release)
2 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC TR 18018:2010(E)
3.14
traceability
degree to which each element in a software development product establishes its reason for existing
3.15
version
identified instance of a configuration item
NOTE Modification to a version of a software product, resulting in a new version, requires configuration management
action.
3.16
version identifier
supplementary information used to distinguish a version of a configuration item from other versions
NOTE Version numbers are used to compare the version of the software product against another version.
4 Application of this Technical Report
4.1 Overview
This clause presents the benefits to groups of people that acquire, supply, develop, operate, and maintain a
CM tool. The objective is to provide a road map for the users of this Technical Report so that they can orient
themselves in it and apply it judiciously.
4.2 CM personnel
Personnel involved in the performance of one or more CM activities will benefit from this Technical Report as
follows:
⎯ obtain a better understanding of the relationship between the activities in which they are involved and CM
tool capabilities
⎯ identify processes or activities that can be improved through better support by a CM tool
⎯ have an objective basis for a better comparison, evaluation, and assessment of CM tools
4.3 Tool suppliers
Suppliers of software engineering tools will benefit from this Technical Report as follows:
⎯ develop CM tools consistent with the International Standards ISO/IEC 12207:2008, ISO/IEC 15288:2008,
and ISO/IEC 14102:2008
⎯ provide CM tools that can be shown to support an internationally accepted set of capabilities
4.4 Acquirers
People involved in the purchase of CM tools will benefit from this Technical Report as follows:
⎯ review CM services that can contribute to CM process improvement
⎯ identify criteria for selecting CM tools
⎯ compare competing CM tools based upon this Technical Report
© ISO/IEC 2010 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO/IEC TR 18018:2010(E)
5 Capabilities of configuration management tools
5.1 Overview of configuration management tool capabilities
Throughout the systems and software life cycle, different artifacts (e.g., hardware, software, documents) exist
in different versions at different times and changes arise constantly. Configuration Management (CM) verifies
and assures that a product performs as intended by providing visibility and control of product’s functional and
physical characteristics. A CM tool can provide automated assistance for CM activities: configuration
identification, change management, reports, status accounting, and auditing. This Technical Report provides
the tool capabilities for the automation of CM activities to support software and systems lifecycle processes.
NOTE The following documents have been reviewed for identifying the CM tool capabilities: ISO/IEC 12207:2008,
ISO/IEC 15288:2008, ISO/IEC TR 15846, ISO/IEC TR 19759 SWEBOK, ISO/IEC 14102:2008, ISO 10007:2003,
ISO/IEC 15940:2006, IEEE 828:1990, ANSI/EIA 649:1998, and commercial tool information. The life cycle processes and
activities from these references have been used as the basis for the CM tool capability categorization found in this
document.
5.2 Configuration management tool capabilities
5.2.1 Overview
The CM activities described in ISO/IEC 12207:2008 and ISO/IEC 15288:2008 includes configuration
identification, configuration baselining, configuration control, configuration status accounting, configuration
auditing, and release management and delivery. Besides of these CM activities, integrating CM tools into the
software development environment is also a key for automated CM support. The CM tool should provide not
only the capabilities supporting the CM activities but also the tool integration capability into other tools and
platforms.
5.2.2 Configuration identification
Configuration identification should capture the attributes of the software to be controlled: the software contents,
the different versions of contents, the operation data, and any other essential elements that constitute the
configuration item. The tools should provide the following capabilities for the configuration items:
⎯ identifying configuration items
⎯ specifying configuration item relationship
⎯ defining states and specifying status of configuration items
NOTE Refer to ISO/IEC 12207:2008 and ISO/IEC 15288:2008 for the output of software lifecycle process, activity,
and task.
5.2.3 Configuration baselining
For each configuration item and its versions, the tool should provide the following capabilities for baselines:
⎯ creating baseline
⎯ storing the baseline with its version references and identification details
⎯ tracing baselines
⎯ reporting baseline status
4 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC TR 18018:2010(E)
5.2.4 Configuration control
The tool should provide the following capabilities for configuration control:
⎯ controlling changes
⎯ controlling access
⎯ controlling versions
5.2.5 Configuration status accounting
The tool should provide the following capabilities for status accounting:
⎯ recording status information
⎯ tracing the status
⎯ reporting status of configuration management items
5.2.6 Configuration auditing
The tool should provide the following capabilities for configuration audits:
⎯ planning audit
⎯ auditing the functional completeness of configuration items against requirements
⎯ auditing the physical completeness of the configuration items (whether their design and code reflect an
up-to-date technical description)
⎯ reporting audit results
⎯ analyzing anomaly
5.2.7 Release management and delivery
The tool should provide the following capabilities for release management and delivery:
⎯ building software products
⎯ storing the master copies of the code and documentation over the life of the software product
⎯ replicating, packaging, and delivering of code and documentation in accordance with the policies of the
organizations involved
⎯ tracking build and release identification
5.2.8 Other configuration management tool capabilities
The tool should provide the following general capabilities:
⎯ integrating with other tools and platforms
© ISO/IEC 2010 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO/IEC TR 18018:2010(E)
5.3 Configuration identification
5.3.1 Overview
Configuration identification is the basis for the subsequent control of the software configuration. This activity
includes identifying items to be controlled, establishing an identification scheme for the items and their
versions, and specifying the relationship and status of the configuration items.
5.3.2 Identifying configuration items
Configuration item identification should capture at a minimum the following characteristics of the
software/system elements to be controlled:
⎯ software/system element contents (e.g., requirements, design, analysis, code, test cases, and traceability
between the elements)
⎯ different versions of configuration item and its constituent components
⎯ software/system element operation data (e.g., history of change, version number, number of change
requests)
⎯ name of configuration item.
The tool should provide the following capabilities for configuration item identification:
⎯ generating a unique identifier to distinguish each item (e.g., alphabetic, alphanumeric)
⎯ providing a means of documentation (e.g., templates or forms) of the configuration information to be used
to describe each configuration item (e.g., configuration identification number, link to other configuration
item, link to software structure, link to baseline, link to version hierarchy, link to storage, owner, creation
date, version number, and configuration status)
⎯ linking to change requests associated with the configuration item.
5.3.3 Specifying configuration item relationship
The structural relationships among the configuration items affect other CM activities or tasks, such as software
building or analyzing the impact of proposed changes. The tool should provide the following capabilities for
configuration item relationships:
⎯ the tracing to and from the configuration items
⎯ the tracing the configuration item relationship links both upward and downward in the software hierarchy
⎯ the mapping of the identified configuration items to the elements of software structure (e.g., system, sub-
system, component, library, or unit code).
5.3.4 Defining states and specifying status of configuration items
A configuration item may have a lifecycle that goes through different states (e.g., checked-in, checked-out,
change-requested, change-approved, change-rejected, change-reviewed, change-tested, and change-
completed). Changes in state are triggered by conditions or events (e.g., submit, retrieve, change-request-
submit, change-approve, change-review, change-reject, testing, and change-complete).
The status of a configuration item is defined by the state in which it exists at any given time.
6 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/IEC TR 18018:2010(E)
The tool should provide the following capabilities for configuration item status:
⎯ defining the set of states of configuration items
⎯ defining the conditions or events that enable or enact the change of configuration item status
⎯ specifying the status of configuration items.
5.4 Configuration baselining
5.4.1 Overview
A baseline is a set of configuration items designated at a specific time during the software life cycle. It
represents the approved status of configuration items and provides the point of departure for further evolution.
A configuration item belongs to more than one baseline. Baselining activities include the creating, storing,
tracing, access controlling, and reporting of baseline.
5.4.2 Creating a baseline
Creating a baseline consists of identifying which configuration items are part of it. The tool should provide the
following capabilities for initiating baselines:
⎯ naming the configuration items and versions specified in the configuration item hierarchy that comprise
the baseline
5.4.3 Storing baseline
The baseline shall be stored with the detailed attributes associated with acceptance, change, support, and
disposal of baseline. The tool should provide the following capabilities for storing baselines:
⎯ placing the baseline attributes into a repository, (e.g., creation date, owner, acceptance criteria, and
change history)
⎯ the placing of associated tool information for versioning, build, and release
⎯ searching the attribute information of baseline from the repository
⎯ changing the attribute information from the repository
5.4.4 Tracing baseline
Traceability is a key capability that helps investigate the history of every change in a baseline chain. The tool
should provide the following capabilities for tracing baselines:
⎯ the tracing across baselines (e.g., the system requirements baseline, software requirements baseline,
design baseline, and delivery baseline)
⎯ tracing the systems and software artifacts including derived ones (e.g., the project plan, requirement
definition document, standards, system analysis document, system design document, prototype, system
test plan and specification, program source code, object code and executable, unit test plan and
specification, test and project data, and user manuals)
© ISO/IEC 2010 – All rights reserved 7

---------------------- Page: 12 ----------------------
ISO/IEC TR 18018:2010(E)
5.4.5 Reporting baseline status
The status report on baseline should include a range of baseline information. The tool should provide the
following capabilities for reporting baseline status:
⎯ searching for the baseline information at a minimum by configuration item, change history, status, release
identifier, and links to other baselines
⎯ generating a status report on a baseline at a minimum by configuration item, change history, status,
release identifier, and links to other baselines
⎯ reporting change requests associated with a baseline
5.5 Configuration control
5.5.1 Overview
Software configuration control is concerned with managing changes during the software life cycle. It covers
the activities for controlling changes, controlling access to the configuration item, and controlling versions
resulting from the modification of configuration items.
5.5.2 Change control
5.5.2.1 Overview
Change control covers the activities for determining what changes to make, approving changes, and
implementing changes as follows:
⎯ proposing the change request
⎯ analyzing the changes
⎯ approving or disapproving the request
⎯ implementing and releasing the changes
⎯ communicating the disposition
⎯ tracking the changes
5.5.2.2 Proposing changes
Change request needs formal procedures for submitting and recording the anomaly or enhancement from the
baselined configuration item. The tool should provide the following capabilities for proposing changes:
⎯ providing a template or a form for change request which includes at a minimum, configuration and version
identification number, requester, date of request, reason for change, priority of the proposed changes
⎯ storing the change request information into a repository and notifying the request to the authorized
person by using email, groupware, or any other electronic communication means
⎯ querying and tracing the change request at a minimum, by requester, date, configuration identification
number, and reason for change
8 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 13 ----------------------
ISO/IEC TR 18018:2010(E)
5.5.2.3 Analyzing changes
Impact analysis is required to determine the extent of modifications that the change request. The tool should
provide the following capabilities for analyzing changes:
⎯ tracing configuration items and related baselines affected by the proposed change
⎯ tracing any approved modifications affecting the identified configuration items or baselines
5.5.2.4 Approving/disapproving change requests
The authority for accepting or rejecting proposed changes depends on a Configuration Control Board (CCB).
The board reviews each proposed change, approve or disapprove it, and if approved, coordinate the change
with the affected group. The tool should provide the following capabilities to support the CCB:
⎯ providing a template or a form for describing the scope and reason of the change (e.g., accept, modify,
reject, or defer)
⎯ enabling to specify the associated information (e.g., change priority, change effort, approver, responsible
persons for the change, due date for the change implementation)
⎯ providing a means of recording the decision of the CCB
5.5.2.5 Implementing/releasing the changes
After the change request is approved, modification should be performed on only the approved modification. To
implement and release each approved change, the tool should provide the following capabilities:
⎯ tracking of which change requests are incorporated into particular software versions and baselines
⎯ allowing only the versions and baselines which are associated to the approved modifications be changed
in a workspace
⎯ monitoring that the changes are completed on time and are implemented by the authorized person
⎯ releasing the changed versions to the designated medium and destination
⎯ the roll back of a configuration item so that at any point, a configuration item can be brought back to its
previous state
5.5.2.6 Communicating disposition of change requests
The designated changes should be distributed by notifying everyone impacted by the disposition. The tool
should provide the following capabilities for communication dispositions:
⎯ notifying those who use the affected configuration items if the change is approved
⎯ notifying those
...