The Martin Pollins Blog

History, economics, business, politics…and Sussex

Configuration Management – Ensuring Products Work as Intended


Configuration management (CM) can be defined as the process of tracking and controlling changes to a product or system throughout its lifecycle.

Its purpose is to ensure that the product or system meets its intended requirements and is consistent, reliable, and easy to maintain. It does that by using a process for establishing and maintaining consistency of a product’s performance, functional, and physical attributes with its requirements, design, and operational information throughout its life.[2]

CM in Practice
CM is a way to ensure a system performs as expected, even after many changes are made over time. Using CM management tools, administrators can set up an IT system, such as a server or workstation, singly or in clusters, then build and maintain other servers and workstations with the same settings. Military engineering organisations widely use the CM process to manage changes throughout the system lifecycle of complex systems, such as weapon systems, military vehicles, and information systems. Beyond the military, the CM process is also used with IT service management as defined by ITIL and with other domain models in civil engineering and other industrial engineering segments such as roads, bridges, canals, dams, and buildings.[3]

CM often involves using specialised software tools to help manage the configuration of systems and assets. These tools may include version control systems, automated testing frameworks, and asset tracking systems. CM can also be integrated into broader IT management frameworks such as ITIL or DevOps (see below). It involves documenting the characteristics of these assets, tracking changes to them, and ensuring that they are properly integrated and maintained over time.


The Importance of CM and its Benefits
CM is important because it helps organisations manage the complexity of IT environments and ensure that changes are made in a controlled and systematic way. By maintaining a comprehensive view of the configuration of systems and assets, CM enables IT teams to identify potential issues before they become problems and to troubleshoot issues more effectively when they do arise.

CM is the process of managing and controlling the changes made to a system’s hardware, software, documentation, and related resources throughout the system’s lifecycle. It is a crucial aspect of software development, IT operations, and system administration.

The Process
CM involves identifying, tracking, and documenting changes to the system’s configuration items (CIs), the elements that make up the system. These CIs can include hardware components, software applications, network configurations, user documentation, and more. The primary goal is to ensure that the system remains stable, reliable, and secure, even as changes are made to it over time. It involves implementing processes and tools to track and manage changes, enforce standards and policies, and maintain the integrity of the system’s configuration.

CM is important for ensuring that changes to a system are made in a controlled and systematic way and that any potential impacts or risks are identified and mitigated. It helps to reduce the risk of downtime, data loss, security breaches, and other issues that can arise from uncontrolled changes to a system’s configuration.

Who Kickstarted the Process Improvement Movement?
The late W. Edwards Deming[4] is considered one of the pioneers of the process improvement movement. He is known for his work in promoting quality management and statistical process control in manufacturing and business practices. His teachings and ideas have been influential in the development of various quality management methodologies, including Six Sigma and CM.

Credit: Openverse.Org. W Edwards Deming by Andriana18 is licensed under CC BY-SA 4.0.

The 14 Points for Management, which Deming introduced in the 1980s, are widely regarded as the foundation of modern quality management. They provide a set of principles aimed at improving an organisation’s quality and competitiveness:

  • Creating constancy of purpose towards the improvement of product and service.
  • Adopting a new philosophy.
  • Ceasing dependence on mass inspection.
  • Ending the practice of awarding business on price tag alone; instead, minimising total cost.
  • Improving constantly and forever every process for planning, production and service.
  • Instituting training on the job.
  • Instituting leadership.
  • Driving out fear.
  • Breaking down barriers between staff areas.
  • Eliminating slogans, exhortations, and targets for the workforce.
  • Eliminating numerical quotas for the workforce and numerical goals for management.
  • Removing barriers that rob people of pride in workmanship and eliminating the annual rating or merit system.
  • Instituting a vigorous program of education and self-improvement for everyone.
  • Putting everybody in the company to work to accomplish the transformation.

What Does Configuration Management Look Like?

Top Level CM Activity Model
Attribution: Department of Defense Handbook, Public domain, via Wikimedia Commons

Page URL:

What are ITIL and DevOps?
ITIL and DevOps are two popular frameworks for managing IT operations and software development, respectively, as explained below:

  • ITIL, which stands for Information Technology Infrastructure Library, is a framework for IT service management that provides best practices for managing IT services and operations. ITIL includes a set of guidelines and procedures for managing IT infrastructure, services, and operations, focusing on improving efficiency, effectiveness, and quality of service. ITIL defines a set of processes, roles, and responsibilities for managing IT services, including incident management, problem management, change management, and service level management.
  • DevOps, on the other hand, is a set of practices and cultural values that emphasise collaboration and communication between development and IT operations teams. The goal of DevOps is to increase the speed and efficiency of software development and deployment by breaking down the traditional silos between development and operations. DevOps emphasises using automation, continuous integration and delivery, and monitoring and feedback loops to speed up the software development lifecycle while maintaining high quality and reliability.

While ITIL and DevOps have different origins and focuses, they are not mutually exclusive and can be used together to manage IT operations and software development in a complementary way. For example, ITIL’s focus on incident and change management can help ensure that DevOps processes are carried out in a controlled and compliant manner. Similarly, DevOps practices such as automation and continuous delivery can help ITIL teams to improve efficiency and reduce manual effort.


CM Process and Steps
The CM process typically involves the following steps:

  • Identification: This step involves identifying the specific components or configurations of a product or system that need to be managed.
  • Control: This step involves establishing procedures and processes for controlling configuration changes. This may involve using version control software to track changes and maintain a historical record of the configurations.
  • Status Accounting: This step involves tracking and reporting on the status of the configurations, including any changes that have been made and the reasons for those changes.
  • Verification and Audit: This step involves verifying that the configurations are consistent and meet the intended requirements. This may involve performing audits, testing, and inspections to ensure that the configurations are accurate and up-to-date.
  • CM Database: This is a centralised repository for storing and managing configuration information, such as specifications, designs, and drawings.

Different Uses
CM is often used in software development, telecommunications, aerospace, defence, and other complex industries. CM aims to reduce costs, improve quality, and increase efficiency by clearly and consistently understanding the product or system. This helps avoid misunderstandings, reduce errors, and ensure the end product meets the intended requirements.

Today, customers want more. They want cheap products, they expect fast delivery, and they want products and services tailored to increasingly exacting expectations. First used in Aerospace and Defence, CM (CM) applications are now sought in virtually every industry. It’s the only fully developed management discipline focusing on managing a product’s viability.

CM is both a management discipline and a process[5] :

  • The purpose of both is quite simple and elegant. CM is designed to ensure that organisations have the information they need to ensure their products perform as intended.
  • Other management disciplines and processes are designed to control and optimise costs, schedules, and resource allocations. Whilst these tools work very well and have attracted billions in information technology investments while raising productivity and competitiveness to historic levels, these processes and systems are pointless if you cannot use them to make the right product for a customer. CM closes that gap.
  • CM is unique in its focus on controlling outcomes. It makes sure these engines of efficiency are marshalled together to produce the right product. It also controls change, making sure that its impact is assessed and that every effort is made to prevent erosion of product functionality or safety.

CM is the detailed recording and updating of information that describes an organisation’s computer systems and networks, including all hardware and software components. It usually includes the versions and updates applied to installed software packages and the locations and network addresses of hardware devices. When a system needs a hardware or software upgrade, a computer technician can access the CM program and database to see what is currently installed. The technician can then make a more informed decision about the upgrade needed.


Thus, CM is the process of identifying and defining the items in the system, controlling the change of these items throughout their lifecycle, recording and reporting the status of items and change requests, and verifying the completeness and correctness of the constituent items.

An advantage of a CM application is that the entire collection of systems can be reviewed to make sure any changes made to one system do not adversely affect any of the other systems. With CM, design and development meet the customer’s objectives the first time. Data and changes are recorded so that the product can be repeated exactly with minimal human intervention. Innovations are timelier and more cost-effective because data is accurate and can be readily reused. CM is also used in software development, called Unified CM (UCM). Using UCM, developers can keep track of the source code, documentation, problems, changes requested, and changes made.

Configuration Management Systems[6]
A Configuration Management system allows an organisation to define settings consistently and then build and maintain them according to established baselines. A configuration management plan should include tools that:

  • Enable classification and management of systems in groups.
  • Make centralised modifications to baseline configurations.
  • Push changes automatically to all affected systems to automate updates and patching.
  • Identify problem configurations that underperform or are non-compliant.
  • Automate prioritisation of actions needed to remediate issues.
  • Apply remediation when required.

The Six “Pillars” of Configuration Management
The so-called ‘six pillars’ collectively provide a framework for effective configuration management, ensuring that systems, products, or projects are properly identified, controlled, tracked, and managed throughout their lifecycle.

The six pillars are as follows:

  • Identification: This pillar focuses on uniquely identifying and labelling configuration items (CIs) within a system or project. Each CI should have a distinct identifier to ensure traceability and enable effective management.
  • Control: Control involves establishing baselines for CIs, maintaining version control, and implementing change management processes. It ensures that only authorised changes are made to CIs and that proper documentation and approval procedures are followed. Configuration control of specifications and test plans is vital for quality control to be effective.
  • Status Accounting: Status accounting tracks the current state and history of CIs. It involves recording and reporting changes, updates, and related information to provide visibility into the status of each CI at any given point in time. It provides records and reports that relate to a deliverable and its configuration information.
  • Verification and Audit: Verification and audit activities aim to validate that the configuration items are consistent with their defined specifications, requirements, and documentation. It ensures that CIs are correctly implemented, meet quality standards, and comply with relevant policies or regulations.
  • Configuration Audit: Configuration audits are formal reviews conducted to assess the accuracy, completeness, and consistency of the configuration management documentation and processes. They help identify discrepancies, gaps, and potential areas for improvement.
  • Reporting and Management: Reporting and management encompass generating reports, metrics, and insights related to configuration management. It involves analysing data, identifying trends, and providing relevant information to support decision-making, planning, and compliance efforts.

Concept Recognition
The concept of the six pillars of CM is widely recognised and implemented in the field of CM, particularly in IT service management and software development. While a single definitive source or authority for these pillars is unknown, they have emerged as key principles and best practices based on the collective knowledge and experience of practitioners in the field, albeit given marginally different explanations in some cases.


Configuration management frameworks and standards, such as ITIL (Information Technology Infrastructure Library) and ISO/IEC 20000, often incorporate these pillars as essential components of effective configuration management processes. These frameworks provide guidance and recommendations for managing configuration items and their associated attributes throughout their lifecycle.

Furthermore, the six pillars of configuration management have gained recognition and widespread implementation in various industries, particularly in IT service management and software development. These pillars serve as fundamental principles and best practices, drawing upon the collective knowledge and experience of practitioners in the field. Although different sources may provide slightly different explanations, the overarching concepts remain consistent.

The first pillar, Identification, emphasises the need to assign unique identifiers to configuration items (CIs) within a system or project. This approach ensures traceability and facilitates effective management throughout the lifecycle of the CIs.

The second pillar, Control, revolves around establishing baselines for CIs, maintaining version control, and implementing change management processes. By adhering to these practices, organisations can ensure that authorised changes are made to CIs while proper documentation and approval procedures are followed. Configuration control of specifications and test plans is particularly crucial for maintaining quality control.

Status Accounting, the third pillar, involves tracking the current state and history of CIs. This pillar requires recording and reporting changes, updates, and related information to provide visibility into the status of each CI at any given point in time. Through status accounting, organisations can maintain records and reports that pertain to deliverables and their configuration information.

The fourth pillar, Verification and Audit, focuses on validating whether the configuration items align with their defined specifications, requirements, and documentation. Organisations ensure that CIs are implemented correctly, meet quality standards, and comply with relevant policies or regulations by conducting verification and audit activities.

Configuration Audit, the fifth pillar, encompasses formal reviews designed to assess the accuracy, completeness, and consistency of the configuration management documentation and processes. Through these audits, organisations can identify discrepancies, gaps, and potential areas for improvement, ultimately enhancing their configuration management practices.

Lastly, Reporting and Management, the sixth pillar, involves generating reports, metrics, and insights related to configuration management. Organisations analyse data, identify trends, and provide relevant information to support decision-making, planning, and compliance efforts. This pillar is crucial in ensuring transparency and enabling effective configuration management.

While the six pillars are widely accepted and utilised, it’s important to acknowledge that specific organisations or industries may adapt or customise these principles to suit their needs and requirements. Flexibility in implementing the pillars allows organisations to tailor their configuration management practices while still adhering to the fundamental concepts.

Configuration management frameworks and standards, such as ITIL (Information Technology Infrastructure Library) and ISO/IEC 20000, often incorporate these pillars as essential components of effective configuration management processes. These frameworks provide guidance and recommendations for managing configuration items and their associated attributes throughout their lifecycle.


A group of people looking at a computer Description automatically generated
Configuration Management
Configuration Management is a field of management that focuses on establishing and maintaining consistency of a system or product’s performance and its functional and physical attributes with its requirements, design, and operational information throughout its life.
Source: Wikipedia

Configuration Management is the detailed recording and updating of information that describes an enterprise’s hardware and software. Such information typically includes the versions and updates that have been applied to installed software packages and the locations and network addresses of hardware devices.”

Best IT Practice
CM is a “best practices” IT process that looks to identify, document, control, and track the configuration of interrelated and interdependent software, hardware, and networking components throughout their life cycles. It can be broken down into four stages:

1 Configuration Identification
Get a “snapshot” of your existing body of components and how they are configured, as well as documents and other products under IT control, to create a baseline – a solid point of reference against which you can measure all actual or proposed changes.

2 Configuration Control
Create a formal management process to control changes and minimise risk. This process must include a single channel through which all “events are carefully recorded, evaluated, prioritised, scheduled, and tracked until system changes have been successfully completed.”

3 Configuration Auditing
Verify that the set of configuration components is complete to ensure that the process has been executed effectively and meets best practices. This also ensures that everyone involved has complied with agreed-upon policies, processes, and procedures.

4 Status Accounting
Keep an ongoing record including the status and history of all components outlined in the baseline, as well as any proposed changes to the components, the status of those change requests, any interdependencies or effects on the network that each component has, etc. This disciplined process of treating your network as an interconnected, organic whole and planning for changes with this fact in mind will bring:

  • Greater control over interrelated components, ensuring higher levels of availability and performance.
  • The reduction of non-essential changes to the network.
  • Increased accountability of developers and systems maintenance staff.
  • A clearer picture of how applications and networks have evolved to their current state.
  • A more organised and structured approach to overseeing an application or system’s life cycle.

A CM tool should:

  • Manage software/product versions throughout the development life cycle.
  • Guarantee source-to-object integrity.
  • Support and manage parallel (concurrent) development.
  • Allow identification of all components that comprise a particular change or release.
  • Provide the ability to identify and revert to a previous baseline.
  • Provide automated ‘build’ facilities.
  • Enable role-based security.
  • Provide audit facilities and reporting tools.

Capability Maturity Model®
The Capability Maturity Model[7] (CMM) is a framework describing the key elements of an effective software process. It consists of a five-level model of organisational software process improvement, providing an evolutionary path from an ad hoc, immature process to a mature, disciplined process[8].

CMM is a description of the stages through which software organisations evolve as they define, implement, measure, control, and improve their software processes. This model provides a guide for selecting process improvement strategies by facilitating the determination of current process capabilities and the identification of the issues most critical to software quality and process improvement[9].

The five maturity levels describe successive stages for continuous process improvement, starting with the initial level, where software is developed in an ad-hoc manner, through the repeatable level, where basic management controls are introduced, the defined level, where an organisation-wide process is introduced, the managed level, where measurement is introduced and finally to the optimising level. An advantage of the maturity levels is that they prioritise the steps involved in process improvement, identifying the improvements that will provide the most effective short-term benefits.

A key feature of the CMM is its capability for continuous improvement, where an organisation will continually strive to improve and refine its software process.


  • Maturity Levels: A layered framework providing a progression to the discipline needed to engage in continuous improvement (It is important to state here that an organisation develops the ability to assess the impact of a new practice, technology, or tool on their activity. Hence it is not a matter of adopting these – rather, it is a matter of determining how innovative efforts influence existing practices. This empowers projects, teams, and organisations by giving them the foundation to support reasoned choice).
  • Key Process Areas: Key process area (KPA) identifies a cluster of related activities that, when performed collectively, achieve a set of goals considered important.
  • Goals: The goals of a key process area summarise the states that must exist for that key process area to have been implemented in an effective and lasting way. The extent to which the goals have been accomplished indicates how much capability the organisation has established at that maturity level. The goals signify the scope, boundaries, and intent of each key process area.
  • Common Features: Common features include practices that implement and institutionalise a key process area. These common features include Commitment to Perform, Ability to Perform, Activities Performed, Measurement and Analysis, and Verifying Implementation.
  • Key Practices: The key practices describe the elements of infrastructure and practice that contribute most effectively to the implementation and institutionalisation of the key process areas.


  • CM is the process of managing products, facilities and processes by addressing and managing their requirements, including changes and assuring conformance in each case.
  • CMII is a process for accommodating change and keeping requirements clear, concise and valid. Every organisation needs this capability regardless of what it is called. Such a process has universal application, and organisations that do it best are the most competitive.

CMII grew out of product engineering and manufacturing. The Institute of Configuration Management extended it to software development and process management:

  • Applied intelligently, CMII can benefit the enterprise even more widely. It is not only a cost reduction tool, but a management strategy to improve profitability and provide long-term advantage.
  • When working within large organisations, CMII proponents should consider an incremental approach – applying whatever CMII principles can yield short-term results, support from key people, and a basis for further progress.

How does AI help Organisations apply Six Sigma and CM?


Artificial intelligence (AI) can help organisations apply Six Sigma and CM in several ways:

  • Data analysis: AI algorithms can analyse large amounts of data, identify patterns and anomalies, and help organisations identify areas for improvement. This can be particularly useful for Six Sigma projects, where data analysis is an important part of the DMAIC (Define, Measure, Analyse, Improve, Control) process.
  • Process automation: AI can be used to automate repetitive and time-consuming tasks, such as data entry and analysis. This can help organisations to work more efficiently and focus on higher-value activities, such as identifying root causes and implementing improvements.
  • Predictive maintenance: AI algorithms can be used to predict when equipment or systems will fail, which can help organisations to plan for maintenance and avoid unexpected downtime. This can be particularly useful in the manufacturing and production industries, where equipment availability is critical to productivity.
  • Quality control: AI can be used to monitor production processes, identify deviations from standards, and trigger actions to correct deviations. This can help organisations to maintain quality control, reduce defects, and improve efficiency.
  • CM: AI algorithms can be used to monitor changes to the configuration of a system or product and ensure that changes are made in accordance with established processes and standards. This can help organisations to maintain configuration control, reduce errors, and improve efficiency.
  • Enhanced decision-making: AI, coupled with Machine Learning, can help organisations make more informed decisions by forecasting outcomes based on historical data. These predictive analytics are particularly beneficial in Six Sigma and CM practices, where understanding future trends can significantly impact strategic planning.
  • Learning from past data: AI’s machine learning component can assist organisations in learning from historical data and applying those learnings to predict future outcomes or avoid past mistakes. This can be particularly beneficial in CM, where past configurations and their impacts could provide valuable insights for future setup or changes.
  • Intelligent anomaly detection: Machine learning can also allow for intelligent anomaly detection, wherein it can identify outliers in data that may indicate a potential issue. This early detection system can help in mitigating problems early, which aligns with the proactive approach of the Six Sigma methodology.
  • Process optimisation: AI can assist in identifying and suggesting optimisations in the process, thereby reducing waste and increasing efficiency, which is a core principle of Six Sigma.
  • Enhanced scalability: AI can easily handle large volumes of data and tasks, providing scalability that may not be feasible with human-only teams. This is beneficial in both Six Sigma and CM practices, where the complexity and volume of data and configurations can be significant.

By leveraging AI, organisations can improve their ability to apply Six Sigma and CM and achieve better results in terms of cost savings, increased efficiency, and improved quality. However, it’s important to note that AI should be used as a tool to support these processes and not as a substitute for the expertise and experience of human Six Sigma and CM practitioners. AI provides tools to assist, but the strategic and tactical decision-making processes, and the understanding and interpretation of the results, often require a human touch.

Configuration Management may not be easy to understand, so I thought it might be a good idea to end this paper with a simple explanation. I hope it helps. I can’t ask you to close your eyes as you wouldn’t be able to read the words below.

A person with smoke coming out of his head Description automatically generated with low confidence Configuration Management is like organising and keeping track of things to ensure they work properly. Imagine you have a big collection of things, like toys, model cars, dolls, and building blocks. You want to keep them in good condition and know where each toy is. That’s where Configuration Management comes in.

It helps you give each toy a special name or label, so you can easily find it when you want to look at it or play. It also helps you keep track of any changes you make to your toys, like adding new parts or fixing something that’s broken. For example, let’s say you have a favourite toy car. With Configuration Management, you can keep a record of what colour it is, what parts it has, and even how fast it can go. So, if you want to play with it later or show it to your friends, you’ll know all the important information about that car.

Sometimes, you might want to make changes to your toys. Maybe you want to add a spoiler to your toy car or change the hairstyle of your doll. Configuration Management helps you record these changes to remember how your toys looked before and after the changes.

Overall, Configuration Management is about keeping things organised, knowing what you have, and ensuring everything works how you want it to. It’s like having a special system to care for your toys and keep them in great shape.

Now, was that better?

Reference Sources


A white figure with arms outstretched next to a stack of books Description automatically generated

CAUTION: This paper is compiled from the sources stated but has not been externally reviewed. Parts of this paper include information provided via artificial intelligence which, although checked by the author, is not always accurate or reliable. Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials covered in this paper for any particular purpose. Such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law. Your use of any information or materials on this website is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any products, services or information available through this paper meet your specific requirements and you should neither take action nor exercise inaction without taking appropriate professional advice. The hyperlinks were current at the date of publication.

End Notes and Explanations

  1. Source: Compiled from research using information at the sources stated throughout the text, together with information provided by machine-generated artificial intelligence at: [chat] and
  2. Sources: [1] “MIL-HDBK-61A, “”Military Handbook: Configuration Management Guidance”. Department of Defense. 7 February 2001, and [2] ANSI/EIA-649B, “National Consensus Standard for Configuration Management”. TechAmerica. 1 April 2011. Cited at:
  3. Sources: [1]  “History and Heritage of Civil Engineering”ASCE, [2] “Institution of Civil Engineers What is Civil Engineering” (PDF). ICE, and [3] “Configuration Management and the Federal Transportation Administration (FTA) National Lessons Learned Program”. Federal Transportation Administration. Cited at:
  4. Explanation: William Edwards Deming (14 October 1900 – 20 December 1993) was a US engineer, statistician, professor, author, lecturer, and management consultant. Educated initially as an electrical engineer and later specialising in mathematical physics, he helped develop the sampling techniques still used by the US Department of the Census and the Bureau of Labor Statistics. He is also known as the father of the quality movement and was hugely influential in post-WWII Japan. He is most well-known for his theories of management. Source:
  5. See CM Information Centre at:
  6. Source and acknowledgement:
  7. Explanation: The Capability Maturity Model (CMM), is a development model created in 1986 after a study of data collected from organisations that contracted with the U.S. Department of Defense, who funded the research. The term “maturity” relates to the degree of formality and optimization of processes, from ad hoc practices, to formally defined steps, to managed result metrics, to active optimization of the processes. The model’s aim is to improve existing software development processes, but it can also be applied to other processes. In 2006, the Software Engineering Institute at Carnegie Mellon University developed the Capability Maturity Model Integration, which has largely superseded the CMM and addresses some of its drawbacks. The Capability Maturity Model was originally developed as a tool for objectively assessing the ability of government contractors’ processes to implement a contracted software project. The model is based on the process maturity framework first described in IEEE Software and, later, in the 1989 book Managing the Software Process by Watts Humphrey. It was later published in a report in 1993 and as a book by the same authors in 1995. Although the model comes from the field of software development, it is also used as a model to aid in business processes generally and has also been used extensively worldwide in government offices, commerce, and industry. Cited at: Capability Maturity Model and CMM are registered in the US Patent and Trademark Office.
  8. Source: European Software Institute
  9. Source: European Software Institute

Leave a Reply

Blog at

%d bloggers like this: