Configuration Audit - Info Security Consulting Services

Configuration Audit

  • Configuration Audit



A Physical Configuration Audit (PCA) is the formal examination of the "as-built" configuration of a configuration item against its technical documentation to establish or verify the configuration item's product baseline. The PCA is used to examine the actual configuration of the Configuration Item (CI) that is representative of the product configuration in order to verify that the related design documentation matches the design of the deliverable CI. It is also used to validate many of the supporting processes that the contractor uses in the production of the CI. This is also used to verify that any elements of the CI that were redesigned after the completion of the Functional Configuration Audit (FCA) also meet the requirements of the CI's performance specification. Additional PCAs may be accomplished later during CI production if circumstances such as the following apply:
The original production line is "shut down" for several years and then production is restarted.

The production contract for manufacture of a CI with a fairly complex, or difficult-to-manufacture, design is awarded to a new contractor or vendor.

A configuration management process that confirms the integrity of a systems product prior to delivery. There are two types of configuration audits:

Functional audit. The objective of the functional audit is to provide an independent evaluation of a software product, verifying that its configuration items' actual functionality and performance is consistent with the relevant requirement specification. This audit is held prior to software delivery to verify that all requirements specified in the Software Requirements Specification have been met.

Physical audit. The objective of the physical audit is to provide an independent evaluation of a software product's configuration items to confirm that all components in the as-built version map to their specifications. Specifically, this audit is held to verify that the software and its documentation are internally consistent.

A)Who Conducts Configuration Audits?

Configuration audits may be conducted by the software quality assurance, the configuration management or the verification and validation functions.

Why Audit the Configuration?

Configuration audits are conducted at the end of each life cycle phase. They verify that:

  • All required configuration items have been produced
  • All configuration items produced comply with the specified requirements
  • Technical documentation completely and accurately describes the configuration items
  • The Configuration Item Register accurately describes designated baselines
  • All approved change requests have been resolved
  • At the completion of development, the software or systems product is ready for delivery.

For Query & Registration