Soft audit Checklist・No6: Configuration management process

05/02/202121/10/2021Audit for soft-Develop..

ページの概要

1. The fifth part of the development process checklist is configuration management
2. Checking configuration management activities is a confirmation of baseline control of design documents and source code.
3. Baseline management is simply managing that everyone is using the correct version.
4. Next to configuration management is outsourcing management

The fifth part of the development process checklist is configuration management

In this article, we will introduce each item of the audit checklist used for software development audit . The audit checklist is 　divided into ( 1) development process, ( 2) requirements management, (3) testing, and (4) design and implementation. In this article, (1 ) individual items of configuration management in the development process are introduced. (The checklist itself can be found in the article on Software Audit Practice / Checklist Part 1: Development Process (Requirements Management) , so please refer to that.)

Checking configuration management activities is a confirmation of baseline control of design documents and source code.

In the development process checklist, the check items for configuration management are the 6 items whose item numbers start with CM-. The term configuration management is often used in software development, but some may be unfamiliar with it. The concept is not so difficult, it is the activity of managing versions of design documents and source code .

To make software, many documents such as requirement specifications, design documents, and test specifications are required, and many source codes can be created based on those documents . The number of documents and source code can range from tens to thousands, but they must all be the correct version. The correct version of a document or set of source code is called the baseline of the software . It means the foundation needed to generate the final program code that the CPU executes.

Baseline management is simply managing that everyone is using the correct version.

For example, if Mr. A is looking at the correct version of the design document, but Mr. B is looking at the design document of one older version, it will not work correctly when the programs created by Mr. A and Mr. B are combined. Will occur. In the case of a project in which multiple people work together to create software, it is necessary to maintain that everyone involved in the software development project is viewing the correct version of the document or source code . Such activities are called configuration management, which is very important for software development sites. In addition to documentation, the baseline generally includes the development environment.

Let’s look at them in order

[Item number: CM-01]

There are various things that require configuration management other than design documents and source code . Configuration management is necessary because the purchased object code must also be the appropriate version, and the included libraries change when the build environment changes, so configuration management is also necessary. The first thing to look at is what you’re targeting for configuration management in your project .　

[Item number: CM-02]

Configuration management is basically version control. Version control is basically to make sure that when a version changes , the change work is done and the changed version is fully communicated to all parties concerned . For example, if you revise the design document and upgrade from Ver1.1 to Ver1.2, you can review the changes, respond to the points to be reviewed, store Ver1.1 before the change, and Ver1.2 after the change. There are various things that you can’t go without doing things such as storage. In this way, make sure that the procedure for changing the version of the object subject to configuration management is clear and that the procedure is strictly followed.

[Item number: CM-03]

Whereas the previous section was a confirmation of the procedure for changing the version, this item is a confirmation of the procedure for notifying all concerned parties of the change . When the design document-A is upgraded from Ver1.1 to Ver1.2 , the fact is communicated to all the people who refer to the design document-A at that moment, and the design document-A of Ver1.2 is accessed. I have to be able to do it. There are various methods, such as distributing by e-mail or putting it on the server and everyone refers to it, but there is a steady method without omission, and notifications are sent to all parties according to that method every time. Check if.

[Item number: CM-04]

If the software scale is small, configuration management can be performed manually using an EXCEL table, etc., but if the scale is large to some extent, it is easy for mistakes to occur manually. If possible, it is preferable to install a configuration management tool to prevent mistakes from entering. From that perspective, see what configuration management tools you have for your documentation and source code.

[Item number: CM-05]

Design documents are important for software, but all software development activities are ultimately integrated into the source code. And, in the case of large-scale software giant master tree the management maintain and continue the software development while. In order to properly maintain the baseline of thousands of source files registered in the master tree, the operation rules of the master tree must be properly created. Make sure that you are operating according to the appropriate rules for managing the master tree to check in without fail and managing the source files to check in the correct files.

[Item number: CM-06]

Assuming that soft baselines such as documents, source code, and development environment are maintained correctly, if the procedure for generating the executable code that is finally executed on the actual machine from those baselines is wrong, the correct executable code Is not completed. This is the final step in software development, but let’s check if the procedure is clear.