EN 9223-104:2018

SLOVENSKI STANDARD
01-maj-2018
Vodenje programov - Vodenje konfiguracije - 104. del: Nadzor konfiguracije
Programme Management - Configuration Management - Part 104: Configuration Control
Programm-Management - Konfigurationsmanagement - Teil 104: Konfigurationslenkung
Management de Programme - Gestion de la Configuration - Partie 104 : Maîtrise de la
configuration
Ta slovenski standard je istoveten z: EN 9223-104:2018
ICS:
03.100.70 Sistemi vodenja Management systems
49.020 Letala in vesoljska vozila na Aircraft and space vehicles in
splošno general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN 9223-104
EUROPEAN STANDARD
NORME EUROPÉENNE
March 2018
EUROPÄISCHE NORM
ICS 35.080; 49.020
English Version
Programme Management - Configuration Management -
Part 104: Configuration Control
Management de Programme - Gestion de la Programm-Management - Konfigurationsmanagement
Configuration - Partie 104 : Maîtrise de la configuration - Teil 104: Konfigurationslenkung
This European Standard was approved by CEN on 25 September 2017.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2018 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN 9223-104:2018 E
worldwide for CEN national Members.

Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 5
4 Configuration control place in the overall programme Configuration Management . 6
5 Configuration control principles . 9
6 Evolution of configuration control throughout the programme lifecycle . 18
7 Specific cases. 21
(informative) Document management prerequisite necessary for Configuration
Management control . 23
(informative) Marking and traceability prerequisite necessary for Configuration
Management control . 24
(informative) Example of technical change handling process (Informative, to start
the approach within the framework of customer/supplier relationship) . 25
(informative) Nonconformity handling process and relationship with configuration
control . 29
Bibliography . 33

European foreword
This document (EN 9223-104:2018) has been prepared by the Aerospace and Defence Industries
Association of Europe - Standardization (ASD-STAN).
After enquiries and votes carried out in accordance with the rules of this Association, this Standard has
received the approval of the National Associations and the Official Services of the member countries of
ASD, prior to its presentation to CEN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by September 2018, and conflicting national standards
shall be withdrawn at the latest by September 2018.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
According to the CEN-CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
Introduction
The finality of Configuration Management is to assure during the whole product lifecycle :
— consistency and commonality of the technical information among all actors;
— traceability of this technical information.
For that purpose, Configuration Management organizes and implements the following activities:
— selection of items and technical information that shall be submitted to Configuration Management,
under clearly established responsibility (configuration identification);
— capture, keeping this information and making it available (configuration status accounting);
— verification and validation of the coherence of this information at defined steps of the product
lifecycle (configuration verifications, reviews and audits);
— technical changes and gaps processing in order to keep the consistency of this information
(configuration control).
See EN ISO 9000:2015.
1 Scope
The present document is declined from the principles described in the EN 9223-100, it:
— is based on internationally-recognised concepts;
— proposes organisational principles and implementation processes for configuration management
from both viewpoints: “programme” and “company”, with emphasis on the “programme”
viewpoint;
— deals with configuration control but not contract management methods.
It is up to each person responsible for a programme to define the detailed methods of application and
tailoring as necessary.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
EN 9100, Quality Management Systems — Requirements for Aviation, Space and Defence Organizations
EN 9223-100, Programme Management — Configuration Management — Part 100: A guide for the
application of the principles of configuration management
EN 9223-105, Programme Management — Configuration Management — Part 105: Glossary
EN ISO 9000, Quality Management System — Fundamentals and Vocabulary
ISO 10007:2003, Quality management system — Guidelines for configuration management
3 Terms and definitions
For the purposes of this document, the terms and definitions given in EN ISO 9000, ISO 10007 and
EN 9200 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
The specific terms needed to understand and to use the document are the object of definitions
appearing in EN 9223-105.
Published as ASD-STAN Prestandard at the date of publication of this standard. http://www.asd-stan.org/
4 Configuration control place in the overall programme Configuration
Management
4.1 Configuration control process overview
As a rule, configuration control begins when the configuration baseline has been identified and then
verified, reviewed and audited.

1 — Place of the configuration control process in Configuration Management processes
Figure
4.2 The Configuration Control process nature
The configuration management process is composed of a set of actions and decisions (product and
responsibilities-trees), set up in order to keep and improve consistent relationships between the
configurations and the products trees:
— maintaining identification (updates of functional, allocated and product configuration baselines,
etc.);
— maintaining qualifications (verification of non-regression);
— maintaining links between the different configurations of a same item such as, links between index
of definition file and index of the technical requirement specification.
Configuration control is mainly a decisional process (preparing decision and decision making, and
control of decisions implementation) meant to guarantee the overtime consistency for configuration
items and associated data. As such, for a given authority, configuration control exclusively concerns
items and data selected during the configuration identification process. This set of items and data
establishes the authority’s field of competence.
The process is implemented as soon as the first configuration baseline is established.
It addresses any effects on the configuration of (see Figure 3):
— needs for technical changes (including those following the detection of defects);
— technical events and anomalies.
Within this framework, configuration control relies on an organization that:
— associates customers, industrial partners and suppliers to jointly carry out tasks and
responsibilities;
— attributes a making authority to each configuration item;
— attributes power delegations throughout the network of customers, partners and suppliers,
according to the decisions of selection;
— uses mandatory or existing document management systems, (see Annex A);
— uses mandatory or existing technical data management systems;
— uses mandatory or existing product lifecycle management systems;
— specifies modalities of tracking of changes as described in the Configuration Management plan.
Technical events and anomalies detected and characterized throughout the product lifecycle are
processed in a specific way, including as necessary (but not limited to) the following actions:
— describing conformity issues (actually stated or foreseeable);
— investigating the causes and assessing the effects;
— designing and implementing curative actions (e. g. rework or repairs);
— designing corrective and/or preventive actions;
— confirming and identifying nonconformity;
— issuing requests for:
— concessions on the considered item;
— technical changes and deviations on subsequent items.
Such requests are outputs from the above described processes, and should be submitted to the
competent Configuration Management authority and forms inputs for the configuration control process
(see Figure 3).
The final consequences on the configuration may be:
— technical changes introduced in the updated approved configuration, the applicable configuration,
and the as-built configuration;
— decided and implemented deviations;
— accepted and recorded concessions.
Possible consequences on the contractual baseline are covered by the provisions specific to contract
management (amendment, endorsement or equivalent).
The configuration control process is more precisely described (hereafter).
Control process for concessions and deviation permits as well as the associated competence criteria,
should be based on the same basic requirements.

Figure 2 — Configuration control and other interface processes
4.3 Tasks associated with configuration control
4.3.1 Identifying process
The following tasks apply to all items, whether selected or not as configuration items, even though these
tasks cannot be considered as Configuration Management activities. Nonetheless, an efficient
configuration control process cannot be carried out without their rigorous implementation. The
Configuration Management plan shall specify details of implementation.
4.3.2 Document management tasks
The setting up of a system of identifiers permit to identify changes within a document, although it does
not belong to configuration management activities (indeed, an item or a document shall have a
...