Lecture 4_Change Control, CA SA PDF

Summary

This document provides an overview of Change Control, Configuration Auditing, and Status Accounting in software maintenance and configuration management (SCM). It discusses the process, steps, and essential factors involved in managing changes to software products and systems.

Full Transcript

TMA4093
Software Maintenance
& Configuration
Management (SCM)
Change Control
Configuration Auditing
Status Accounting
 What is Change Control?
Definition:
SEE FOR
A systematic process of managing YOURSELF!
and regulating modifications to software products and
systems to ensure that all changes are introduced in a controlled and coordinated manner.
The reality of change control in a software engineering context has been
summed up beautifully by James Bach
Change control is vital.
We worry about change because a tiny perturbation in the code can create a big failure
in the product. But it can also fi x a big failure or enable wonderful new capabilities.
To prevent unauthorized changes, reduce the risks of unintended
consequences, and ensure that all modifications align with project goals,
standards, and quality requirements.
 Why Change Control is Essential
1. Risk Management
Change control reduces risks by assessing changes before implementation. It helps prevent defects,
SEE FOR YOURSELF!
delays, and cost overruns, and enables quick rollbacks to restore functionality if issues arise.
2. Enhanced Collaboration and Communication
Centralized change control improves communication across teams, ensuring alignment on updates
and preventing misunderstandings, leading to more efficient collaboration.
3. Resource Optimization
Prioritizing critical changes allows for better resource allocation, helping teams stay on track, within
budget, and prepared for rollbacks when needed.
4. Traceability and Compliance
Change control ensures traceability, supporting quality assurance and regulatory compliance. It
allows for quick rollbacks if changes affect compliance.
5. Agility and Adaptability
Change control enables teams to adapt to evolving needs while maintaining system integrity.
Rollbacks to stable versions ensure minimal disruption during problematic updates.
Overview of Change Control Process
Too much change control and we create
SEE FOR YOURSELF!
problems. Too little, and we create other
problems.
For a large software project, uncontrolled
change rapidly leads to chaos.
For such projects, change control
combines human procedures and
automated tools to provide a mechanism
for the control of change.
 Change Control Process
Generally, the change control process
flow takes 5 steps:
1. Change request
2. Review
3. Decision Making
4. Implementation of Change
5. Verify

Ensure changes are managed,
documented, and controlled to maintain
software quality and stability.
Minimize risks while facilitating
necessary changes.

(Pressman & Maxim, 2015)
 Change Request Submission
Who Can Submit: Developers, QA team, project managers, product owners, and
stakeholders (including end-users).

E.g. User feedbacks on bug, developer refactor the authentication module,
add new feature request, etc

Key Information in a Change Request Submission:
Request Details: Description of the change, rationale, and objectives.
Requester Information: Name and role of the person submitting.
Priority Level: Indication of urgency or importance.
Supporting Documentation: Relevant files, screenshots, or data for context.
 Evaluation and Impact Analysis (Review)
Purpose:
Assess the feasibility, risks, and impact of the requested change on the project and
system.
Key Roles and Responsibilities:
Technical Lead: Analyzes technical feasibility, identifies potential system impacts and
evaluates resource needs.
Project Manager: Assesses effect on scope, timeline, and budget.
Product Owner: Reviews the change’s alignment with business and product goals and
Prioritizes the change request
QA Lead: Identifies testing needs and quality risks.
Outcome: A well-informed recommendation for the Change Control Board (CCB).
 Approval and Rejection Process(Decision Making)
Purpose: Change Control Board (CCB) evaluates change requests and decides
whether to approve, reject, or defer.
Process:
1. CCB Review: The CCB reviews the request and impact analysis.
2. Factors Considered:
✓ Technical Impact: System stability and performance.
✓ Project Impact: Scope, schedule, and resource effects.
✓ Business Alignment: Alignment with goals and priorities.
✓ Risk Assessment: Identified risks and mitigations.
3. Decision Outcomes:
Approve: Move to implementation. Inform the request owner.
Reject: No further action. Inform the request owner with reasons
Defer: Postpone decision for further review or additional information. Inform the request owner
of the delay and next steps.
 Implement the Change
Purpose: Apply the approved change to the system in a controlled and planned
manner.
Process:
1. Deploy Change: Apply the change in the designated environment.
Responsible: Development Team, DevOps
2. Update Configuration: Ensure configuration items (CIs) are aligned with the change.
Responsible: Configuration Manager, Technical Lead
3. Communicate Progress: Notify relevant stakeholders of the implementation status.
Responsible: Project Manager, Product Owner

Outcome: The change is deployed and integrated into the system, ready for
verification to confirm its success.
 Verification and Closure
Purpose: Ensure that the change was successfully implemented and meets its objectives
before finalizing the process.
Process:
1. Testing: Perform tests to validate the change and ensure it works as intended.
Responsible: QA Team, Development Team
2. Review and Validation: Check that the change aligns with the original requirements and
objectives, ensuring no regressions or issues.
Responsible: Product Owner, QA Lead
3. Monitoring: Observe system performance post-change to identify any potential issues, If issues
arise, a rollback can be triggered to restore stability.
Responsible: System Admin, Operations Team
4. Closure: Finalize the change, update documentation, and close the change request.
Responsible: Configuration Manager, Project Manager
Outcome: The change is verified as successful, with all issues addressed and documented.
The change request is closed, and the system remains stable.
 Change Control Board (CCB)
CCB is responsible for reviewing, approving, or rejecting change requests.
Composition: includes representatives from various departments, such as:
Project managers or product owners who understand project goals and priorities.
Developers or technical leads who assess technical feasibility.
Quality assurance (QA) leads who evaluate testing requirements.
Operations or support staff who assess potential impacts on users or performance.
Role in Review: The CCB reviews the change request, conducts risk analysis, and
decides whether to approve or reject the request based on its impact and alignment
with project goals.
Role in Decision Making:
Ensures changes align with project goals, timelines, and resource constraints, and
verifies compliance with standards.
 Configuration Audit
Configuration Audit in Software Configuration Management
(SCM) process is verifying that configuration items (CIs) and
their associated changes meet specified requirements,
standards, and baselines. Configuration audits ensure that
the SCM process maintains the system’s integrity, accuracy,
and compliance.
How can a software team ensure that the change has been properly implemented?
Technical Review + Configuration Audit
Technical review focuses on the technical correctness of the CI that has been modified
A software configuration audit complements the technical review by assessing a
configuration item for characteristics that are generally not considered during review. E.g.
CIs traceability, consistency and integration
 Configuration Audit
The audit asks and answers the following questions:
Has the change specified in the ECO been made?
Have any additional modifications been incorporated?
Has a technical review been conducted to assess technical correctness?
Has the software process been followed and have software engineering
standards been properly applied?
Has the change been “highlighted” in the SCI? Have the change date and
change author been specified? Do the attributes of the configuration object
reflect the change?
Have SCM procedures for noting the change, recording it, and reporting it been
followed?
Have all related SCIs been properly updated?
 Status Accounting
Status Accounting involves tracking, recording, and reporting the status of
configuration items (CIs) to maintain accurate, current information on
configuration changes.
SCM tasks answer the following questions:
(1) What happened?
(2) Who did it?
(3) When did it happen?
(4) What else will be affected?
 Configuration Audit in Change Control
Audit Process:
1. Change Request Submission
Audit: Verify alignment with existing configuration baselines.
Responsible: Configuration Manager
2. Evaluation & Impact Analysis
Audit: Assess impact of the proposed change on configuration items (CIs).
Responsible: Configuration Manager, Technical Lead
3. Approval & Decision
Audit: Confirm compliance with standards and documentation requirements.
Responsible: CCB, Configuration Manager
4. Implementation
Audit: Ensure proper updates to CIs and that changes align with the request.
Responsible: Configuration Manager, Development Team
5. Verification & Closure
Audit: Conduct final checks and ensure the configuration baseline is updated.
Responsible: Configuration Manager, QA Lead
Outcome: The configuration audit ensures all changes are tracked, compliant, and correctly integrated into the
system.
 Status Accounting in Change Control
Purpose: Track and report the status of configuration items (CIs) during the change control process to
ensure proper management.
1. Change Request Submission
Status Accounting: Log the status of submitted change requests and impacted CIs.
Responsible: Configuration Manager
2. Evaluation & Impact Analysis
Status Accounting: Document evaluation status and any impact on existing CIs.
Responsible: Configuration Manager, Technical Lead
3. Approval & Decision
Status Accounting: Record the approval status and decision details, ensuring traceability.
Responsible: CCB, Configuration Manager
4. Implementation
Status Accounting: Track the status of implemented changes and updated CIs.
Responsible: Configuration Manager, Development Team
5. Verification & Closure
Status Accounting: Finalize status, ensuring changes are verified and baseline is updated.
Responsible: Configuration Manager, QA Lead
Outcome: Status accounting ensures transparency, traceability, and proper integration of changes
throughout the process.
Thank You