ISO 20000 Configuration Management Process Template

What is configuration management?

Configuration management is an essential process in any IT service organization as it ensures that all changes to the IT infrastructure are appropriately documented and tracked. Organizations can only avoid potential problems arising from changes made with proper planning or testing by having a clear and up-to-date view of the IT infrastructure.

The ISO 20000 standard defines configuration management as "a process responsible for identifying, documenting, authorizing, approving, controlling, distributing, baselining, tracking and auditing all changes to configuration items (CIs) throughout their life cycle.” To be effective, configuration management must be applied to all CIs in the organization, including hardware, software, networks, documentation, and processes.

The primary goals of Configuration Management are to ensure that the SMS can deliver services consistently and to provide visibility into the current state of the SMS. Configuration Management also plays a vital role in Continual Service Improvement, as it includes information that can be used to identify areas where improvements can be made.

To be effective, Configuration Management must be integrated with other Service Management processes, such as Change Management, Release Management, and Service Asset and Configuration Management. It is also important to note that Configuration Management is not just about technology but includes the SMS's people, processes, and other non-technical aspects.

Why is configuration management critical?

Configuration management is essential in ISO 20000 for several reasons.

• First, configuration management ensures that all changes to IT services are controlled and tested before being implemented. This helps to avoid disruptions to service delivery and confirms that new changes do not introduce new problems.
• Second, configuration management records all IT infrastructure and service changes. This can be useful for troubleshooting purposes and understanding changes' impact.
• Third, configuration management can help prevent unauthorized IT infrastructure and service changes. Keeping track of who made what changes and when unauthorized changes can be detected and prevented.
• Overall, configuration management is essential in ISO 20000 because it helps ensure IT services' stability and quality.

How to implement configuration management?

Identification - Identification assigns unique identifiers to track items throughout their lifecycle. The purpose of identification is to distinguish one track item from another so that changes to the track item can be correctly associated with the appropriate item.
To uniquely identify a track item, several attributes may be used, including, but not limited to:

• Item name
• Item type
• Item identifier
• Item revision
• Item location

Baseline - A baseline is a known state of a system at a given time. This general state can be captured in various ways, such as a snapshot of the system's files or a record of the system's configuration settings. A baseline can also be considered a starting point from which changes can be made or tracked.

In configuration management, a baseline is used to track changes to a system over time. Baselines can be used to track the current state of a system and the changes that have been made to that system. Baselines can track changes to individual files, configurations, or entire systems.

It allows developers to work on a software project concurrently and track these changes over time. In addition, it ensures that the project's source code is always up to date and can be easily accessed by all development team members.

Version control - Version control systems are either centralized or distributed. Centralized version control systems (CVCSs) require developers to check out code from a central repository and check it back in when they are finished making changes. Distributed version control systems (DVCSs), on the other hand, allow developers to work offline and then sync their differences with the central repository when they are connected.

Auditing - The auditing process typically begins with identifying auditable units, generally defined as areas of the organization subject to specific compliance requirements. Once auditable units have been placed, auditors will develop a plan for reviewing the compliance of each unit.
The plan will detail the specific auditing procedures that will be used, as well as the criteria that will be used to determine compliance. After the auditing plan is implemented, auditors will conduct their review and compile a report of their findings.