Configuration Audit Checklist


Below is a sample configuration audit checklist (for FCA and PCA). The Project Managers can use the following checklist as a reference for the readiness of the audit or even for doing the audit.


Release audit:

  • Does the release documentation clearly define the scope of release, including the CRs that should be incorporated?
  • Are all dependencies / bugs been documented?
  • Is there adequate documentation that identifies the environment to recreate the release?
  • Is there adequate documentation that specifies the components and the versions of those components that comprise the release?
  • Are all the items of the release in sync with each other?
  • Has the release been created using the right versions of the right components from the right repositories?

Repository/Configuration item audit:

  • Are the repositories defined as per the SCM plan?
  • Have the items been put into the correct repositories?
  • Are the required items present in the repositories?
  • Have the items been named according to the conventions specified in the SCM plan?
  • Are the version numbers of items according to the SCM plan?
  • Have all items been put in the repositories according to the events defined in the SCM plan?
  • Do the items have required documentation to identify the item, version and the change history?

Change Implementation Audit:

  • Have all the required CRs been closed?
  • Do CRs identify all items to be changed?
  • Have all items identified for change in the CR been changed?
  • Is it possible to isolate the changes between any two versions of the items?
  • Is the documentation in the items adequate to trace the changes back to the appropriate CR?
  • Is there adequate means to go back to a previous means?
  • Are there any changes between two versions of an item that are not traceable to an approved CR?
  • Are the CRs documented before making changes in items?
  • Are CRs analysed, evaluated and approved prior to making of the change in items?

Other aspects to Audit:

  • Are appropriate back ups of repositories been taken?
  • Has the recovery from back up been tested?
  • Are there any unauthorized components available in the working directories of the team members?
  • Is there adequate security/authorization to ensure that only authorized team members perform the check-in and check-out?

Search more stuff on Project Management, Agile & Scrum:

  1. No comments yet.
  1. June 13th, 2009 at 12:07 | #1
    Configuration Audits and Checklist | Quality Assurance

Subscribe & Get FREE updates on Project Management