A Configuration Management Guide for Aerospace & Defense Project Managers
It is no secret that levels of technical complexity and financial risk have rapidly grown within nearly every function of a modern-day aerospace and defense (A&D) contractor’s program. Today’s A&D project managers are experiencing a crushing density of complexity due to a confluence of business drivers and technology trends. As a result, it is not uncommon that large and small programs alike run over budget and beyond schedule, yet still underperform their goals. And once deployed into service it may take months for incorrect assumptions, design flaws, or configuration management errors to surface.
The unrelenting complexities experienced by the program office can originate from many sources including: innovative design changes, higher performance requirements, wider design envelopes, systems engineering challenges, product configuration permutations, compressed design cycles, embedded software, advanced manufacturing processes, new materials usage, supply chain integration, shorter testing time, extended service life, workforce retention, safety concerns, and regulatory compliance.
While any one of these elements alone can disrupt a program schedule, their combination can wreck even the best-managed well-funded new product introduction, often with dire consequences as in recent commercial aviation aircraft accidents.
Example Complexity of Aircraft Changes from Mark Nowlin of The Seattle Times
A succession of strategies with supporting software solutions has emerged throughout recent years to help tame the complexity beast. While the resulting automation, digitalization, simulation, and integration of products, data and processes throughout the original equipment manufacturer (OEM) enterprise has certainly helped, it has at the same time injected many new complexities for project managers. In the process, a deep layer of hidden digital interdependencies has been added on top of the known intricacies which already existed in the physical world.
Configuration Management is a Project Management Governance Responsibility
One of the most visible consequences of cascading levels of complexity manifests itself in the expectations for and challenges of the practice of Configuration Management (CM). This is true for the application of CM whether it be for a single product component, complete system or system of systems, product portfolio, larger program, or an entire enterprise including its extended supply and service chain partners.
A general definition of CM that is valid for any industry is the application of resources, methodologies, processes, best practices, standards, governance policies, and software solutions to establish and maintain consistency and traceability between product requirements, the actual product as manufactured and serviced, and product data for all the creators and users of this information. Read more about the practice of CM.
The importance of the role of CM – and consequences from the lack thereof – is well understood by most A&D OEMs and supply chain contractors. The financial cost and business risk from not having an updated all-inclusive understanding of CM with a valid CM Plan can produce catastrophic failures in new products or ruinous consequences to an entire business line. Yet while many OEMs realize the strategic value of CM, its role in everyday practice is not always fully appreciated by new project managers or new contract-chain suppliers.
All too often it is incorrectly thought that configuration management is performed only by product engineering. They do not recognize that there are more users and revisers of configuration data outside of product engineering than inside. Others believe that if they have change control processes defined then they must by default have an adequate CM implementation.
Even experienced project managers may have been “told and sold” that if they have invested in engineering PDM or enterprise PLM software solutions then CM is already taken care and there is little to worry about. Nothing could be further from the truth!
For over thirty years CMstat has focused on developing and implementing CM best practices, industry standards, and software tools for the A&D industry. The CM consultants at CMstat often encounter the same misunderstandings about the role of CM even within well-respected OEM organizations. As a result, in our engagements we often present a configuration management guide on the top ten truths that A&D managers should know about CM, dispelling a few common myths along the way.
# 1 – Configuration Management is the foundation for Quality Management at the product, project and program levels.
The lack of a robust CM implementation is the greatest quality management issue a company may ever face. Without an effective CM implementation you cannot state with certainty that you are in compliance with AS9100 quality standards; nor can you verify that you are designing and delivering to contractual requirements.
The Pillars of Configuration Management
The five CM foundational elements of Planning, Identification, Change Control, Status Accounting, and Traceability and Audit apply to every process, service, and product developed through its entire lifecycle. While design activity may be concerned with either design for a one-off product or for larger production runs, how the unit is actually built, tested, delivered and maintained falls to the down-stream users of the engineering As-Designed documentation. Quality management through effective configuration control at each of these steps is of critical importance. Lear more about the relationship of QM and CM in this CMsights post on Why Configuration Management is Quality Management.
# 2 – CM is everyone’s responsibility, not just that of the engineering group or the CM expert.
By some estimates there is an order of magnitude more users of configuration information downstream of product development than in engineering. These users include stakeholders in contracts, finance, requirements planning, supply chain, reliability, safety, manufacturing, quality, test, logistics, compliance, customer support and service. Many of these users don’t just view or use CM data produced by engineering, but also change, enrich, and repurpose it for many other uses.
While it is the responsibility of the engineering staff to know the “partial derivative” with respect to everything that may occur downstream, this pre-supposes that the information is available in a useable format to everyone else. An effective CM implementation assures that the digital threads created by the downstream entities are woven together in such a way that these impacts are quantified so mid-stream functional re-allocations are defined. Read more about CM and digital twins and digital threads in this recent CMsights post Digital Twins for As-Maintained Configuration Management.
The Long Thick Tail of the Digital Thread in the Configuration Lifecycle
# 3 – CM is not about the product history, its present state, or even the future impact of changes.
It’s about all three states in time. The well-known MIL-HDBK-61A on Configuration Management Guidance (http://www.acqnotes.com/Attachments/MIL-HDBK-61A%20(SE)Configuration%20Management%20Guidance.pdf) states that “Configuration Status Accounting (CSA) is the process of creating and organizing the knowledge base necessary for the performance of configuration management. In addition to facilitating CM, the purpose of CSA is to provide a highly reliable source of configuration information to support all program/project activities including program management, systems engineering, manufacturing, software development and maintenance, logistic support, modification, and maintenance.”
The States of Configuration Accounting
What this means in the implementation of CM across the product lifecycle is that the state of the product as well as changes to its component parts, subsystems, assembled systems, and documentation is known and visible at every state. CM processes must then be structured in such a way that not only is the As-Designed status information captured but also the As-Built, As-Delivered, As-Maintained, and As-Retired data for every lot or serial number delivered. The As-X’s provide the configuration of each Configuration Item (CI) throughout its lifecycle. For A&D defense contractors CIs are identified for products, critical components, spares for fielded equipment, or complete weapon systems. Learn more about the use of CI’s in tracking As-X configurations in this CMsights blog post about Hardware Configuration Items.
# 4 – Your state of the art Enterprise Resource Planning (ERP) or Supply Chain Management (SCM) system will not support the five tenets of CM.
ERP systems deliver and integrate core business functions such as planning, purchasing, inventory, sales, marketing, finance and human resources. While this sounds like it covers everything it is missing key product lifecycle stages such as engineering design and change control from the As-Designed through the As-Disposed configurations. Likewise, SCM systems may share data and integrate processes with suppliers but they rarely synchronize the change control loop between downstream service operations and the OEM’s engineering group. The five foundational elements of CM – Configuration Planning, Configuration Identification, Change Control, Status Accounting, and Traceability & Audit – each require special functionality and workflows that accommodate these stages and each of their requirements.
Also lacking in ERP and SCM is the planned interrelated responsibilities and interfaces required for program success and meeting key reviews and audits, as well as management of Key Performance Indicators (KPIs) and metrics utilized by CM managers. Out-of-the-box ERP or SCM systems are not set up to establish, maintain or feed the digital threads needed to pull the desired metrics from the system. Read more about the importance of these CM metrics in Why CM Professionals Should Care About Metrics.
# 5 – Neither does having PDM or PLM software guarantee that your project is performing CM.
Most PDM software products support engineering change control. However, since many users and operators of CM data are outside of engineering, expecting that an engineering-centric PDM solution with a CM module will be usable by everyone is unrealistic. Likewise, most PLM solutions claim to also support CM, yet few can answer these basic questions without extensions or customizations:
Is compliance with industry-specific CM standards, rules, and best practices inherent or must it be manually added and configured by the user at additional cost?
Can different levels of configuration control be performed without requiring all the OEM’s original CAD or BOM data which is often not available nor accurate years later?
Is the CM functionality independent of where the CAD and PDM data may have originated or the CAD development platform?
Is the PLM system capable of supporting multi-CAD and multi-PDM operating environments from different providers typical of those found across the extended supply and service chains?
Is having a complete product structure always mandatory, even for component-level CM work performed by a supplier or service chain partner?
Can users restrict, filter, or throttle automatic updates to the product structure such that as-configured records of fielded products are not prematurely or unintentionally polluted?
Learn more about why most PDM software solutions do not fully support CM in this 3-part series blog post at Why not use PDM for all CM Requirements.
# 6 – Engineering change control or document version control is not configuration management.
Configuration Management is a comprehensive approach that assures, maintains and verifies a product’s physical and functional attributes against its requirements and documented design and operation throughout its life. Configuration management provides the provenance of every item contained in the product including what was tested, how it was tested, part substitutions and field modifications. Change management is just a single element of configuration management. You can’t have true configuration management without change management. But you can have excellent change management processes yet still have non-existent configuration management controls.
If all you are doing is change management, you are only performing one fifth of the scope of CM. By comprehensively implementing all five element of CM you eliminate 80% of the risk associated with having only change control. As an example, if subsystem design and documentation changes are managed without defining the metadata to be captured and internal subsystem-to-subsystem interfaces the review process of stakeholders is severely constricted. At the time the individual subsystems are completed and merged together integration is harder because things rarely interface properly. The costs associated with rework, re-design and re-test far outweigh the extra effort required to fully implement CM.
Read more about the differences between change control and configuration control at How is Configuration Management Different From Change Management.
# 7 – A plan for using CM software is not the same as having a CM Plan.
For A&D contractors, the CM Plan defines how an organization will establish and fulfill the program management, systems engineering, and other mission requirements specified in the contract throughout the life of the design. This includes the extra layer of CM control associated with those elements designated as CIs for each serial or lot number. A CM Plan should address intra-organizational as well as extra-organizational responsibilities and interfaces, units of measure and date-time notations, metadata, metrics, procedures, and activities. It must also define the oversight necessary to provide configuration identification, change control, change board membership, status accounting and configuration verification as well as support in-process, internal and formal audits.
Within the CM Plan, configuration planning defines how and where CM activities fit into the organization and its processes. As such, the scope of a CM Plan is far greater than delivery of required data defined in the system requirements specification, Mission Assurance Requirements (MAR), Statement of Work (SOW) or Data Requirements List (DRL). It extends to requirements specified in the other sections of the contract including supplies and services, packaging and marking, inspection and acceptance, deliveries or performance, special contract requirements and contract clauses. Finally, the CM Plan is a living document that is released, revised, and maintained throughout the entire lifecycle of the product or program.
Read more about what goes into the development of new CM Plan at What is a Configuration Management Plan and how CMstat helps its customers to audit or improve upon existing plans at Configuration Management Plan Review.
# 8 – Special CM training and certification will be needed no matter how good the CM Plan is or how easy the CM software tools are to use.
It is critical that an experienced staff member or a respected external consultant be engaged to perform the needs assessment, define strategy options, develop a CM Plan, establish policies, specify requirements, evaluate software, architect processes, deploy and test a solution, and train users. CM consultants often receive their formal classroom training from organizations like CMPIC (https://www.cmpic.com/), Institute for Process Excellence (https://ipxhq.com/), and NDIA (https://www.ndia.org/). CM software solution providers like CMstat among others provide customized training for groups and individuals through their consulting services such those described at Configuration Management Training.
Example Classroom Certifications of a CM Expert
While it can be helpful for this lead to have familiarity with your A&D products and processes, it is more important that they have experience in guiding a CM implementation and independently moderating the work of other specialists who will have the product and institutional knowledge needed. Without such independent training a CM lead may be so ingrained in the “how things have always been done” status quo that they fail to grasp the entirety of the CM mission. The wider view provided by external training and certification means that the CM implementation is undertaken from a top-down strategic perspective rather than a tactical bottom-up approach.
Learn more about an engineer’s journey into CM training at An Engineers Journey into Configuration Management.
# 9 – Ignore CM standards at your own peril, especially on international A&D projects.
There are dozens of international organizations, trade associations and governing bodies that stipulate hundreds of standards relating to configuration management. As a consequence, it is no surprise that some A&D contractors have a dedicated resource if not an entire office to monitor and master these standards, especially with frequent changes and updates. The failure to do so can be especially costly to a program with international partners and global customers.
A comprehensive list of organizations with CM standards include:
Code of Federal Regulations (CFR)
Commercial U.S. Airlines Air Transportation Association (ATA)
Department of Defense (DOD)
Department of Energy (DOE)
Department of Transportation, Federal Highway Administration (DOT/FHA)
Electronic Industries Alliance (EIA)
Electric Power Research Institute (EPRI)
European Cooperation for Space Standardization (ECSS)
European Committee for Standardization (ECS)
European Computer Manufacturers Institute (ECMI)
European Defense Standards Reference System (EDSTAR)
European Space Agency (ESA)
Federal Aviation Administration (FAA)
Institute of Electrical & Electronic Engineers (IEEE)
Institute of Nuclear Power Operations (INPO)
International Organization for Standardization (ISO)
Information Technology Infrastructure Library (ITIL)
International Telecommunications Union (ITU)
National Aeronautics and Space Administration (NASA)
National Institute of Standards and Technology (NIST)
North Atlantic Treaty Organization (NATO)
Nuclear Information & Records Management Association (NIRMA)
Nuclear Regulatory Commission (NRC)
Nuclear Science Advisory Committee (NSAC)
National Technical Information Service (NTIS)
Occupational Safety & Health Administration (OSHA)
The Quality Excellence for Suppliers of Telecommunications (QUEST)
Radio Technical Commission for Aeronautics (RTCA)
Society of Automotive Engineers (SAE)
Software Engineering Institute (SEI)
Simple Protocol for Independent Computing Environments (SPICE)
TechAmerica – Now SAE
The most important CM standards for A&D contractors are to be found from the Code of Federal Regulations, Dept. of Defense, European Defense Standards Reference System, European Space Agency, Federal Aviation Administration, NASA, NATO, and SAE International. These standards include:
MIL-HDBK-61A, Configuration Management
DOD-STD-1700, Data Management Program
ECSS-M-40A, Configuration Management
ECSS-E-10, System Engineering
ECSS-M-50, Information/Documentation Management
NASA GPR 1410.2, Configuration Management (GSFC)
NASA-STD 0005, NASA Configuration Management Standard
NATO ACMP-1, Requirements for Preparation of CM Plans
NATO ACMP-6, NATO Configuration Management Terms and Definitions
AS9100, Quality Systems Aerospace—Model for Quality Assurance in Design, Development, Production, Installation, and Servicing
SAE/EIA 649, Configuration Management
GEIA-HB-649, Configuration Management Handbook
GEIA-859, Data Management
For additional information and references about these standards visit Industry Standards.
# 10 – CM requires executive involvement to provide oversight and governance.
It should now be clear that CM is not a single engineering function, product development task, or compliance hassle to be delegated to any one functional or project manager. CM responsibilities and potential liabilities run across all facets of a program or enterprise. As such, the responsibility for CM must reside within the province of an executive office such as a Vice President, Chief Product Officer, or even Chief Operations Officer.
These executives should own the mandate to monitor the evolving maturity of their organization’s configuration management competency, including the identification of performance gaps as well as comparison with industry peers. Anything less creates sinkholes that due to the increasing complexity of present-day A&D products and programs can no longer be evaded as they might have been lucky enough to have done in past years.
There are savvy executives who understand the relevance and breadth of CM at the outset, and then there are those who arrive late to the game discovering the importance of CM only after a product failure. When a failure occurs, when the customer is on the phone demanding answers; everyone in the company, including executive officers, suddenly become members of the CM department.
To learn more about the questions of oversight that executives should ask of their project managers to assess if configuration management is truly under management control – and project managers should expect help with from their colleagues – read this CMsights post Configuration Management and Change Control under Management Control.
What Next….
Did we miss an important truth that you have learned over your career in CM? Let us know by leaving a comment below.
To schedule an on-site workshop to help your organization to fully comprehend and employ these ten truths of CM contact Tom Tesmer, President of CMstat, at ttesmer@cmstat.com or (877) 537-1959.
(An abridged version of this article was first published in the May 2019 issue of Aerospace Manufacturing and Design at https://www.aerospacemanufacturinganddesign.com/article/10-configuration-management-truths–for-project-managers/.)
Receive CMsights
Subscribe to CMsights News for the latest updates from CMstat on Configuration Management, Data Management, EPOCH CM, and EPOCH DM.
Request a Demo
See how EPOCH CM and EPOCH DM support industry standards and best practices in Configuration Management and Data Management.
