The task of configuration auditing (configuration auditing) is to verify the consistency of configuration items against configuration identifiers. A configuration audit is performed to maintain the integrity of the configuration baseline, the configuration audit confirms that the final baseline and documentation complies with specific standards or requirements, and the audit results are appropriately documented. The practice of information systems development has shown that although configuration items are identified, change control and version control are implemented, chaos can still occur if not checked or verified. This verification includes:
(1) Whether the processing of the configuration item deviates from the initial specification or the approved change request.
(2) Whether the guidelines for configuring identification have been followed.
(3) Whether the change control process has been followed and whether the change records are available.
(4) Whether traceability is maintained between specifications, products, and change requests.
1. Configure the content of the audit
Configuration auditing mainly focuses on two aspects: one is functional configuration auditing, that is, to verify that the actual efficacy of a configuration item is consistent with its information system requirements; the other is physical configuration auditing, that is, it is determined that the configuration item meets the expected physical characteristics. The physical properties referred to here are the specified media form.
The functional configuration audit includes the following aspects:
(1) The development of configuration items has been successfully completed.
(2) The configuration item has reached the specified performance and functional characteristics.
(3) The operation and supporting documentation of the configuration item has been completed and complies with the requirements.
Functional configuration reviews include reviewing formal test documentation against test data, reviewing verification and validation reports, reviewing all approved changes, reviewing updates to previously delivered documentation, spot-checking the output of design reviews, comparing code and documented requirements, conducting reviews to Make sure all tests are executed. In addition, functional configuration reviews can include additional and sample testing based on functional and performance requirements.
Physical configuration audits are audits to verify that each built configuration item complies with the appropriate technical documentation, and that the configuration item corresponds to the information in the configuration status report. Physical configuration reviews include reviewing system specification completeness, reviewing functionality and review reports, understanding actions taken in the event of non-compliance, comparing architectural design and detailed design artifacts for consistency, reviewing module lists for compliance with approved coding standards, reviewing The format, completeness and compliance with the system function description, etc. of manuals (eg, user manuals, operation manuals, etc.).
2. Steps to configure auditing
(1) The project manager decides when to conduct the configuration review.
(2) The quality assurance team or the project's configuration management team designates configuration reviewers.
(3) The project manager and configuration auditor determine the scope of the audit.
(4) The configuration auditor prepares the configuration audit checklist.
(5) The configuration auditor arranges time to review documents and records. Review activities may involve project scope, configuration item check-in and check-out, review records, configuration item change history, test records, file naming, change requests, and versions. number, etc.
(6) Configure auditors to find non-conformities during the audit and record them.
(7) The project manager is responsible for arranging personnel to eliminate nonconformities.
(8) Configure auditors to verify that all found nonconformities have been resolved.
3. Configuration Review and Formal Technical Review
The purpose of a configuration review is to demonstrate the technical and management integrity of the products throughout the project life cycle. At the same time, ensure that the content of all documents does not change beyond the scope of the originally determined information system requirements. Make the configuration have good traceability. This is the basis for project change control personnel to master the configuration and conduct approval. In addition to configuration review, formal technical review can also be conducted.
Formal technical review focuses on checking the technical correctness of the modified configuration item. Reviewers evaluate the configuration item to determine its consistency with other configuration items and whether there are omissions or possible side effects. Formal technical reviews should be performed on all but the most trivial changes.
For more knowledge points and related exam questions over the years, please look for conciseness in the application treasure. If you are busy with projects and have thought about soft exams, you need conciseness!
