1、BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06Programme Management Configuration ManagementPart 103: Configuration Verifications, Reviews and AuditsBS EN 9223-103:2018National forewordThis British Standard is the UK implementation of EN 9223-103:2018.The UK partici
2、pation in its preparation was entrusted to Technical Committee ACE/1, International and European Aerospace Policy and Processes.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions
3、of a contract. Users are responsible for its correct application. The British Standards Institution 2018 Published by BSI Standards Limited 2018ISBN 978 0 580 90026 6ICS 49.020; 35.080Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published
4、 under the authority of the Standards Policy and Strategy Committee on 30 April 2018.Amendments/corrigenda issued since publicationDate Text affectedBRITISH STANDARDBS EN 9223-103:2018EUROPEAN STANDARDNORME EUROPENNEEUROPISCHE NORMEN 9223-103March 2018ICS 35.080; 49.020EUROPEAN COMMITTEE FOR STANDAR
5、DIZATIONCOMIT EUROPEN DE NORMALISATIONEUROPISCHES KOMITEE FR NORMUNGCEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2018 CEN Ref. No. EN 9223-103:2018: EAll rights of exploitation in any form and by any means reserved worldwide for CEN national MembersProgramme Management - Configur
6、ation Management - Part 103: Configuration Verifications, Reviews and AuditsManagement de Programme - Gestion de la Configuration - Partie 103: Vrifications, revues et audits de la configurationProgramm-Management - Konfigurationsmanagement - Teil 103: berprfungen, Reviews und Audits der Konfigurati
7、onThis European Standard was approved by CEN on 25 September 2017.CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
8、references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member.This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a
9、 CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions.CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedo
10、nia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.English VersionEN 9223-103:2018 (E)European foreword 3Introduction .
11、 41 Scope . 52 Normative references 53 Terms and definitions . 54 The configuration verification, review and audit processes and their place in the overall programme Configuration Management . 64.1 Configuration verification and audit process overview 64.2 Nature of the configuration verification an
12、d audit process . 64.3 Configuration audits: ending activity and starting point . 74.4 Configuration verification activities preliminary to the audits . 75 Configuration verification, review and audit activities 85.1 Configuration verification, review and audit activities overview . 85.2 Verificatio
13、ns during programme reviews (or equivalent milestones) 85.3 Configuration audits 105.3.1 Configuration audits overview . 105.3.2 Preliminary operations . 105.3.3 Audit committee 115.3.4 Performing the audits .125.3.5 Functional configuration audit (FCA) .125.3.6 Physical configuration audit (PCA) .1
14、35.3.7 Output data of configuration audits .145.3.8 Actions monitoring .155.4 Relationship between FCA, PCA, configuration baselines and qualification 155.4.1 Sequencing of FCA and PCA . 155.4.2 FCA, PCA and configuration baselines155.4.3 Place of configuration audits in a qualification process .166
15、 Specific cases .166.1 Configuration audits resumption during the product life 166.2 COTS, Components Off The Shelf 166.3 Configuration item common to several programmes .176.4 Coherence between the product and specific means .17Annex A (informative) Verification methods that can be usedto prepare a
16、 configuration audit .18Annex B (informative) Examples for configuration audit procedures .19Bibliography .232Contents PageBS EN 9223-103:2018EN 9223-103:2018 (E)European forewordThis document (EN 9223103:2018) has been prepared by the Aerospace and Defence Industries Association of Europe Standardi
17、zation (ASDSTAN).After enquiries and votes carried out in accordance with the rules of this Association, this Standard has received the approval of the National Associations and the Official Services of the member countries of ASD, prior to its presentation to CEN.This European Standard shall be giv
18、en the status of a national standard, either by publication of an identical text or by endorsement, at the latest by September 2018, and conflicting national standards shall be withdrawn at the latest by September 2018.Attention is drawn to the possibility that some of the elements of this document
19、may be the subject of patent rights. CEN shall not be held responsible for identifying any or all such patent rights.According to the CENCENELEC Internal Regulations, the national standards organisations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulg
20、aria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzer
21、land, Turkey and the United Kingdom.3BS EN 9223-103:2018EN 9223-103:2018 (E)IntroductionThe finality of Configuration Management is to assure during the whole product lifecycle1): consistency and commonality of the technical information among all actors; traceability of this technical information.Fo
22、r that purpose, Configuration Management organizes and implements the following activities: selection of items and technical information that shall be submitted to Configuration Management, under clearly established responsibility (configuration identification); capture, keeping this information and
23、 making it available (configuration status accounting); verification and validation of the coherence of this information at defined steps of the product lifecycle (configuration verifications, reviews and audits); technical changes and gaps processing in order to keep the consistency of this informa
24、tion (configuration control).1) See EN ISO 9000:2015.4BS EN 9223-103:2018EN 9223-103:2018 (E)1 ScopeThe present document: is based on internationally-recognized concepts; proposes organisational principles and implementation processes for Configuration Management from both viewpoints: “programme” an
25、d “company”, with emphasis on the “programme” viewpoint; deals with verifications, reviews and audits tending towards the validation of the configuration information consistency. It details the principles described in EN 9223-100.It is up to each programme responsible person to define the necessary
26、details of application and tailoring in the Configuration Management plan.Important remark:Configuration audit doesnt be confused with quality audit (for detailed information, see 4.1).This document does not deal with configuration system audits (quality audit) deployed within the scope of a program
27、me. These audits stem from quality audits as defined in EN ISO 9001 (process conformity or efficiency audits).2 Normative referencesThe following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, onl
28、y the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.EN 9100, Quality Management Systems Requirements for Aviation, Space and Defence OrganizationsEN 9223-1001), Programme Management Configuration Management Part 100: A
29、 guide for the application of the principles of configuration managementEN 9223-1012, Programme Management Configuration Management Part 101: Configuration identificationEN 9223-1052, Programme Management Configuration Management Part 105: GlossaryEN ISO 9000, Quality management systems Fundamentals
30、 and vocabularyEN ISO 9001, Quality management systems Requirements3 Terms and definitionsFor the purposes of this document, the terms and definitions given in EN ISO 9000, ISO 10007 and EN 9200 apply.ISO and IEC maintain terminological databases for use in standardization at the following addresses
31、: IEC Electropedia: available at http:/www.electropedia.org/ ISO Online browsing platform: available at http:/www.iso.org/obpThe specific terms needed to understand and to use the document are the object of definitions appearing in EN 9223-105.1) Published as ASD-STAN Prestandard at the date of publ
32、ication of this standard http:/www.asd-stan.org/.5BS EN 9223-103:2018EN 9223-103:2018 (E)4 The configuration verification, review and audit processes and their place in the overall programme Configuration Management4.1 Configuration verification and audit process overviewFigure 1 Place of the config
33、uration verification, review and audit process in Configuration Management processesImportant remarks:Configuration audits shall in no case be performed by third party auditors (organisms accredited to deliver audits certificates on quality systems) because of the risk of losing restricted know-how.
34、 They are normally performed by a first party auditor (belonging to the company) and up to a point by a second-party auditor (customer).4.2 Nature of the configuration verification and audit processConfiguration verification occurs at determined milestones during the system or product lifecycle, ess
35、entially linked to establishing and approval of configuration baselines and to verification of the conformity of a specific unit of the product or achieved configuration item to these configuration baselines.The configuration verification shall: assure that the design of the product guarantees the f
36、ulfilment of the specified requirements; validate the completeness and the accuracy of the product configuration information; assure the consistency between a product and its product configuration information;6 BS EN 9223-103:2018EN 9223-103:2018 (E) guarantee that the configuration control process
37、shall be able to maintain the fulfilment of the requirements and the consistency between the product and its configuration information during the remaining of the lifecycle; guarantee that controlled configuration information is the basis for operational use, support, training, spare parts and repai
38、rs.Configuration verification uses the configuration audit technique, which consists in: comparing defined characteristics in a configuration baseline to those presented by a realized and representative of to-be-delivered system, product or configuration item; identifying and highlighting gaps; obta
39、ining an approved decision for each of them (concession or setting in conformity).As the programme flows however, a certain amount of data belonging to configuration information and some Configuration Management activities linked to the phase of programme flow down can be subject to verifications. T
40、hese verifications are achieved during configuration audits and reviews that sequence the lifecycle.4.3 Configuration audits: ending activity and starting point the configuration audit is carried on a configuration item. That means it can exist at three levels: at system level, at product level and
41、at configuration item lower level. It is a bottom-up approach: configuration audits for a system rely on the consolidation of the configuration audits for the products that make it up and themselves rely on configuration audits of the configuration items that make up these products; in the scope of
42、a product design, configuration audits will end the implemented Configuration Management activities and thus will contribute to the qualification process. Indeed, if configuration information is described in documentation, it must also be achieved in the physical product. At the end of the developme
43、nt of an item, the audit aims at assuring that there is no gap (or at least they are under control) between the actual product and its representation in documentation. So this audit guarantees that the performances and the physical characteristics can be reproduced all along the operational life of
44、this product; configuration audits are heavy-duty activities that should not be repeated. This does not mean that Configuration Management activities will end at this level. Particularly, control and status accounting activities will go on during the remaining of the lifecycle. These audits are mean
45、t to finalize the achievement of consistency between all the configuration baselines (FBL, ABL and PBL) at the end of the development phase and to show that the control process implemented allows maintaining this consistency without necessity for systematically redo complete configuration audits; th
46、e configuration audit finalizes the identification activity through approval of configuration baselines. It becomes the starting point for configuration control activities; in case of important changes in specifications and/or product design, there may be additional or new audit, especially for the
47、following cases: long life products; obsolescence processing; requirement for modernizing.4.4 Configuration verification activities preliminary to the audits Before performing verifications, a procedure shall be established. It describes: conditions;7BS EN 9223-103:2018EN 9223-103:2018 (E) methods;
48、means; additional resources; the associated organization; the scheduling of verifications and of the audit. Configuration verification activities have to be planned making clear at which moment they occur, according to which process, and who will participate. Particularly for configuration audits, i
49、t is worth to make clear how they are embedded in the qualification process, at which level and up to which degree of sharpness they have to be performed; Before audits, it has to be checked that: the configuration information used as baseline for configuration audits exists beforehand: configuration baselines; as-designed configurations; status of technical changes that have to be implemented in the product before verification; accepted deviations. the systems, products or configuration items achieved are: