May, 2019

After the recent CMsights article on “What is a Configuration Management Plan” CMstat received several excellent questions about what should and should not go into a configuration management plan. Some readers were seeking help with developing a new CM plan from scratch, while others were attempting to perform a configuration management plan review of an existing document that was several years old.

Configuration Management Plan Processes

Example CM Workflows Referenced in a CM Plan

A few of these conversations reminded us that some aerospace industry suppliers mistakenly think that planning for the use of CM software is the same as having a CM Plan. Or they erroneously conclude that they must already have a CM Plan because after all they have CM users of CM modules included in their engineering PDM software or enterprise PLM solutions.

Most large aerospace OEMs know better from experience, but may still not have a well-maintained CM Plan that has been updated to reflect all the changes and complexities which their businesses may now be experiencing. These include variations in their customers’ requirements, products manufactured, operating envelopes, processes used, contractors employed, workforce training, and service life expectancy. Some aerospace managers may have been seduced into thinking that once a CM Plan is written their organizations must surely be adhering to it. Or worse yet, that a CM Plan is good forever without regularly recurring reviews and updates.

Over our years of developing and supporting CM applications in the A&D industry CMstat has created a portfolio of consulting services that is right-sized for any maturity level of CM-process effectiveness a customer may be at. These services include four offerings that are configured to match the specific needs of a customer’s organization, products and processes.

Configuration Management Plan Example

  1. Configuration Management Plan Review (CMPR) – An independent review of an existing configuration management plan using a multi-faceted analysis to assess its thoroughness in addressing the five core functions of CM which are configuration planning, identification, status accounting, change control, and verification and audits.
  2. Configuration Management Plan Develop (CMPD) – Undertake the discovery process to then develop a custom configuration management plan from start to finish that addresses the specific unique needs of an organization along with its products, processes, customers, and suppliers.
  3. Configuration Management Plan Update (CMPU) – Updating or rescuing an older CM Plan to accommodate changes in requirements, products, processes, workforce, customers, suppliers, and risks (technical, financial, and regulatory) that have occurred since the original plan was prepared.
  4. Configuration Management Plan Audit (CMPA) – A formal audit of configuration management procedures and processes to determine how well the CM Plan is actually being followed and supported across the organization and supply chain.

The most often requested service is the Configuration Management Plan Review where we independently evaluate an existing written plan using a substantial checklist of the most important questions that every valid CM Plan must address. These questions dive into each of the five core functions of configuration management: Configuration Planning, Configuration Identification, Configuration Status Accounting, Configuration Change Management and Configuration Verification and Audits.

Example elements of a CM Plan that we inspect in a CMPR using precision-guided optics include:

  • Is there a comprehensive definition of CM-related terms, processes, and resources within the plan stated in a language that is understood across the enterprise at all levels?
  • Who has organizational responsibility and authority for configuration management (CM) and data management (DM) activities?
  • What internal, contractual and international standards are being used to assure a comprehensive CM implementation?
  • Are Configuration Items (CIs) clearly identified, what criteria was used to select them, and what items are not CIs but are to still be under CM and DM control?
  • Where does impact assessment of changes start and does it include the impact of not implementing the change as well as the impact and planning for change implementation?
  • Who are the change board members, stakeholders and their responsibilities?
  • How are change control board requests made, scheduled and evaluated?
  • How are change effectivities handled when changes are made to documentation versus to the product (e.g. parts, systems, installations, etc.)
  • How are product digital threads captured from disparate systems and how is the digital fabric across the program, project and enterprise woven to assure compliance?
  • What are the internal and external data recovery plans, who are the contacts, and is it appropriate to the physical environment in which the business is located?
  • What reports are created, which metrics are tracked, and what are the Key Performance Indicators they support?
  • Who provides oversight and governance of the overall process; is it distributed or concentrated and how are the internal and external interfaces identified and managed?

As part of the review our CM experts will assess whether these questions and numerous others are adequately answered. They will also evaluate how realistic it is for the plan to be adhered to given the applicability and specificity of the details – where all the devils and gremlins are hiding. Additionally, they will expose if the CM Plan was based on a generic plan using a generic template to satisfy contract quality management or a regulatory compliance officer. If that is the case it is likely that it will eventually fail the test of CM implementation adequacy.

The findings of CMstat’s CMPR are presented in 2-hour collaborative workshop held over a remote web meeting or during a live site visit as may be mutually agreed upon. We encourage our clients to have representatives attend from each of the organizations who are impacted by a CM Plan – especially one that is insufficient or obsolete. This includes stakeholders from the project, contracts, compliance, engineering, quality, test, procurement, manufacturing, logistics, service, and support organizations.

We are often asked why an organization can’t perform a CM Plan review on its own, especially when they have well-trained experienced CM experts entrenched in their team. The answer is…because they have well-trained experienced CM experts entrenched in their team! Having the same internal organization or professionals review the plan who led in its creation is unwise for several reasons. The most important of which is if the team missed an important element in the development of the plan, they will still be unaware that it is absent in a review. A second reason is the occasional “stove-piping” of a CM implementation to appear to comply with contractual and statutory mandates using a one-size-fits-all CM plan template. In our experience CM Plans, as in CM implementations, are all different for many valid reasons. For A&D contractors a CM Plan should be tailored to meet the needs of each program, each product portfolio, and its supply chain variances.

In future CMsight posts we will describe the CMPD, CMPU and CMPA consulting services along with each of their deliverables. Until then, to get started with an independent CM Plan Review contact Tom Tesmer at or 877-537-1959. For the remainder of 2019 CMstat will offer a CM Plan Review at no cost to qualified organizations. Contact us now to see if your organization qualifies.