Configuration control is generally, what first comes to mind when somebody brings up the topic of configuration management (CM). While it lies at the heart of the system, all the components of a CM system are critical. The purpose of this component is to:

• Maintain and control configuration baselines (known and defined states)
• Document and control change and variance
• Limit approved changes to those which are either required or offer important benefits
• Ensure the variances lie within defined boundaries
• Include the customer
• Control product interfaces (interface control document)
• Verifying that change proposals manage the effect of the change
• Control cascading changes
• Control coordinated changes (multiples happening simultaneously)
• Only approved product are affected

The key word is clearly “control.” In most cases, we will automate the process to allow computer software to help us control these changes, although we have seen usable low-technology CM systems that worked fine for small organizations. In general, we will follow a pattern:

1. Identify the need for change
2. Identify the products needing change in great detail (configuration identification)
3. Control the change (configuration control)
4. Provide reporting (configuration status accounting)
5. Verify the change (configuration auditing)

Note that part of configuration control involves the control of decisions to reject changes. We want to verify that bad and unapproved material does not make onto the production floor. We may even use a physical process to sequester potentially dangerous or illegitimate components or software. We have been witness to some cases where renegade software made it to the production floor because some immature engineering thought the software was satisfactory, bypassing the process and dissatisfying the customer.