SIST EN 9223-104:2018

SLOVENSKI STANDARD
SIST EN 9223-104:2018
01-maj-2018
Vodenje programov - Vodenje konfiguracije - 104. del: Nadzor konfiguracije
Programme Management - Configuration Management - Part 104: Configuration Control
Programm-Management - Konfigurationsmanagement - Teil 104: Konfigurationslenkung
Management de Programme - Gestion de la Configuration - Partie 104 : Maîtrise de la
configuration
Ta slovenski standard je istoveten z: EN 9223-104:2018
ICS:
03.100.70 Sistemi vodenja Management systems
49.020 Letala in vesoljska vozila na Aircraft and space vehicles in
splošno general
SIST EN 9223-104:2018 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN 9223-104:2018

---------------------- Page: 2 ----------------------

SIST EN 9223-104:2018


EN 9223-104
EUROPEAN STANDARD

NORME EUROPÉENNE

March 2018
EUROPÄISCHE NORM
ICS 35.080; 49.020
English Version

Programme Management - Configuration Management -
Part 104: Configuration Control
Management de Programme - Gestion de la Programm-Management - Konfigurationsmanagement
Configuration - Partie 104 : Maîtrise de la configuration - Teil 104: Konfigurationslenkung
This European Standard was approved by CEN on 25 September 2017.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and United Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2018 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN 9223-104:2018 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------

SIST EN 9223-104:2018
EN 9223-104:2018 (E)
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 5
4 Configuration control place in the overall programme Configuration Management . 6
5 Configuration control principles . 9
6 Evolution of configuration control throughout the programme lifecycle . 18
7 Specific cases. 21
(informative) Document management prerequisite necessary for Configuration
Management control . 23
(informative) Marking and traceability prerequisite necessary for Configuration
Management control . 24
(informative) Example of technical change handling process (Informative, to start
the approach within the framework of customer/supplier relationship) . 25
(informative) Nonconformity handling process and relationship with configuration
control . 29
Bibliography . 33

2

---------------------- Page: 4 ----------------------

SIST EN 9223-104:2018
EN 9223-104:2018 (E)
European foreword
This document (EN 9223-104:2018) has been prepared by the Aerospace and Defence Industries
Association of Europe - Standardization (ASD-STAN).
After enquiries and votes carried out in accordance with the rules of this Association, this Standard has
received the approval of the National Associations and the Official Services of the member countries of
ASD, prior to its presentation to CEN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by September 2018, and conflicting national standards
shall be withdrawn at the latest by September 2018.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
According to the CEN-CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
3

---------------------- Page: 5 ----------------------

SIST EN 9223-104:2018
EN 9223-104:2018 (E)
Introduction
1
The finality of Configuration Management is to assure during the whole product lifecycle :
— consistency and commonality of the technical information among all actors;
— traceability of this technical information.
For that purpose, Configuration Management organizes and implements the following activities:
— selection of items and technical information that shall be submitted to Configuration Management,
under clearly established responsibility (configuration identification);
— capture, keeping this information and making it available (configuration status accounting);
— verification and validation of the coherence of this information at defined steps of the product
lifecycle (configuration verifications, reviews and audits);
— technical changes and gaps processing in order to keep the consistency of this information
(configuration control).

1
See EN ISO 9000:2015.
4

---------------------- Page: 6 ----------------------

SIST EN 9223-104:2018
EN 9223-104:2018 (E)
1 Scope
The present document is declined from the principles described in the EN 9223-100, it:
— is based on internationally-recognised concepts;
— proposes organisational principles and implementation processes for configuration management
from both viewpoints: “programme” and “company”, with emphasis on the “programme”
viewpoint;
— deals with configuration control but not contract management methods.
It is up to each person responsible for a programme to define the detailed methods of application and
tailoring as necessary.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
EN 9100, Quality Management Systems — Requirements for Aviation, Space and Defence Organizations
EN 9223-100, Programme Management — Configuration Management — Part 100: A guide for the
2
application of the principles of configuration management
2
EN 9223-105, Programme Management — Configuration Management — Part 105: Glossary
EN ISO 9000, Quality Management System — Fundamentals and Vocabulary
ISO 10007:2003, Quality management system — Guidelines for configuration management
3 Terms and definitions
For the purposes of this document, the terms and definitions given in EN ISO 9000, ISO 10007 and
EN 9200 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
The specific terms needed to understand and to use the document are the object of definitions
appearing in EN 9223-105.

2
Published as ASD-STAN Prestandard at the date of publication of this standard. http://www.asd-stan.org/
5

---------------------- Page: 7 ----------------------

SIST EN 9223-104:2018
EN 9223-104:2018 (E)
4 Configuration control place in the overall programme Configuration
Management
4.1 Configuration control process overview
As a rule, configuration control begins when the configuration baseline has been identified and then
verified, reviewed and audited.

1 — Place of the configuration control process in Configuration Management processes
Figure
4.2 The Configuration Control process nature
The configuration management process is composed of a set of actions and decisions (product and
responsibilities-trees), set up in order to keep and improve consistent relationships between the
configurations and the products trees:
— maintaining identification (updates of functional, allocated and product configuration baselines,
etc.);
— maintaining qualifications (verification of non-regression);
— maintaining links between the different configurations of a same item such as, links between index
of definition file and index of the technical requirement specification.
Configuration control is mainly a decisional process (preparing decision and decision making, and
control of decisions implementation) meant to guarantee the overtime consistency for configuration
items and associated data. As such, for a given authority, configuration control exclusively concerns
6

---------------------- Page: 8 ----------------------

SIST EN 9223-104:2018
EN 9223-104:2018 (E)
items and data selected during the configuration identification process. This set of items and data
establishes the authority’s field of competence.
The process is implemented as soon as the first configuration baseline is established.
It addresses any effects on the configuration of (see Figure 3):
— needs for technical changes (including those following the detection of defects);
— technical events and anomalies.
Within this framework, configuration control relies on an organization that:
— associates customers, industrial partners and suppliers to jointly carry out tasks and
responsibilities;
— attributes a making authority to each configuration item;
— attributes power delegations throughout the network of customers, partners and suppliers,
according to the decisions of selection;
— uses mandatory or existing document management systems, (see Annex A);
— uses mandatory or existing technical data management systems;
— uses mandatory or existing product lifecycle management systems;
— specifies modalities of tracking of changes as described in the Configuration Management plan.
Technical events and anomalies detected and characterized throughout the product lifecycle are
processed in a specific way, including as necessary (but not limited to) the following actions:
— describing conformity issues (actually stated or foreseeable);
— investigating the causes and assessing the effects;
— designing and implementing curative actions (e. g. rework or repairs);
— designing corrective and/or preventive actions;
— confirming and identifying nonconformity;
— issuing requests for:
— concessions on the considered item;
— technical changes and deviations on subsequent items.
Such requests are outputs from the above described processes, and should be submitted to the
competent Configuration Management authority and forms inputs for the configuration control process
(see Figure 3).
The final consequences on the configuration may be:
7

---------------------- Page: 9 ----------------------

SIST EN 9223-104:2018
EN 9223-104:2018 (E)
— technical changes introduced in the updated approved configuration, the applicable configuration,
and the as-built configuration;
— decided and implemented deviations;
— accepted and recorded concessions.
Possible consequences on the contractual baseline are covered by the provisions specific to contract
management (amendment, endorsement or equivalent).
The configuration control process is more precisely described (hereafter).
Control process for concessions and deviation permits as well as the associated competence criteria,
should be based on the same basic requirements.

Figure 2 — Configuration control and other interface processes
4.3 Tasks associated with configuration control
4.3.1 Identifying process
The following tasks apply to all items, whether selected or not as configuration items, even though these
tasks cannot be considered as Configuration Management activities. Nonetheless, an efficient
configuration control process cannot be carried out without their rigorous implementation. The
Configuration Management plan shall specify details of implementation.
4.3.2 Document management tasks
The setting up of a system of identifiers permit to identify changes within a document, although it does
not belong to configuration management activities (indeed, an item or a document shall have an
identifier, whether it is considered as a configuration item or not).
8

---------------------- Page: 10 ----------------------

SIST EN 9223-104:2018
EN 9223-104:2018 (E)
4.3.3 Product marking
Products or batches/lots marking shall permit to link these items to any control decision.
Thus:
— this marking, thanks to the documentation of associated configuration status, can lead to know all
the control decisions (change index, deviation or concession marking);
— serialisation marking also guarantees the traceability necessary to maintenance
(interchangeability);
— marking ensuring interchangeability must be implemented on the specimen or on its associated
accompanying documents.
Marking rules could be clarified in the configuration management plan.
5 Configuration control principles
5.1 General
For a specific authority, configuration control over an item encompasses the configuration
documentation and associated data, “identified” as a whole.
3
In order to define its scope of intervention, each authority assumes the decision to recognise
configuration items and data for which it has been delegated configuration management authority.
5.2 Allocation of an item to an authority
The allocation of an item to an authority, and reciprocally, is deduced from an analysis based on the
configuration data and items, as potentially impacted by a control decision. This allocation rule shall be
clarified in the configuration management plan.
5.3 Technical changes, deviations permits and concessions shared provisions
In the following clauses, provisions common to technical changes, deviation permits and concessions
and provisions specific to each category will be distinguished.
Each technical change, deviation permit and concession experiences its own life cycle and is subject to a
decision-making process.
Management process:
— indicates involved entities and actors (who does what?);
— describes process flow (how?) and the decisions to be made (what?);
— is tailored as the programme progresses.
Two pieces of information are particularly important in the technical changes, deviation permits and
concessions management procedure:

3
Several authority levels exist; each authority is responsible for the configuration identification, at its level.
9

---------------------- Page: 11 ----------------------

SIST EN 9223-104:2018
EN 9223-104:2018 (E)
— the request which generally replaces the statement of need (see 5.8);
— the file which, from the request, is step by step supplemented with any necessary elements
(see 5.7).
A simplified example of the logical progression of technical change management is presented in
Annex C.
NOTE In case of acknowledged emergency, and subject to previous collection of any necessary pieces of
advice, this process may be conducted according to a specific procedure generally called “emergency procedure”.
5.4 Technical changes process
Any technical change shall meet an identified specific need (see 5.8).
Any technical change exhibits the following features:
— once approved, the technical change is intended to stand unmodified (any cancellation or
modification would require another technical change to be approved);
— the technical change is intended to apply to the whole set of items to be produced after the decision,
subject to related application provisions;
— retrofitting previously produced items is possible;
— once approved, the technical change is incorporated in the updated approved configuration.
5.5 Deviation permit process
A deviation permit is a predicted gap of conformity with respect to the updated approved configuration
resulting from a decision made (or to be taken) before effective implementation:
— on a limited and specified batch of articles; or
— during a limited and specified period.
Once accepted, a deviation permit shall be incorporated in the applicable configuration. As such, a
deviation permit has main features in common with a technical change.
Typical reasons for processing a deviation permit may be:
— anticipated implementation of a technical change, that is under consideration but not yet qualified;
— a change to the applicable requirements, that is under consideration but not yet implemented in the
technical specification;
— a quite specific feature, intended to be applied on a strictly limited batch of articles (colour,
configuration for tests, repair solution, material characteristics that exceed specifications, etc.);
— provisional implementation of a technical change, for qualification and validation purpose;
— temporary acceptance of a nonconformity to be phased out by a future necessary technical change,
not yet approved (or even designed);
10

---------------------- Page: 12 ----------------------

SIST EN 9223-104:2018
EN 9223-104:2018 (E)
— emergency and temporary implementation of a device mandatory for operation, to be replaced by a
future permanent technical change;
— modification of the implementation rank compared with that specified in the approved technical
change file;
— deliberate omission of an element of the updated approved configuration.
For most deviation permits, there is no need to distinguish the request from its file. Indeed, the
request shall specify all the justifications for the need usefulness and satisfaction.
Each time the reason for a deviation permit is to anticipate a technical change, the final acceptance
decision shall specify the effects on each involved specimens subject to deviation, and on its applicable
configuration. The marking of products or products location can be associated with deviations in order
to prevent any delivery before the final decision.
5.6 Concessions handling process
A concession is a conformity gap that affects a specimen with respect to its applicable configuration.
On principle, a concession shall be an exception and affect only a batch, both limited and
defined.
Such concessions are not limited to supplier’s deliveries to the customer, but include any effects of
events occurring during the product utilization.
A number of events may result in concessions phasing out, e. g. scrap, rework or subsequent
engineering change implementation. The process for managing concessions shall specify the
provisions that apply to concession phasing out.
The process may require a separate request for each specimen or batch/lot under concession.
5.7 Data necessary for decision making
Any acceptance decision for a technical change, a deviation permit and a concession request shall be
supported by a file.
Depending on circumstances, such file may be sufficient at the request application or be progressively
incremented to gather all data necessary for decision making. In the last circumstances, the initial
claimer shall provide any data needed for further processing (see hereafter).
For decision making, all information contained in the file shall cover at least, for item and data selected
during configuration identification process (see 5.9):
— the proposed configuration description (set of related products and documents);
— the technical justification data;
— the effects on the products configuration documents (identifiers), and product marking;
— the effects on interoperability between different specimens;
— the industrial (manufacturing and control data files and tooling) and logistical effects;
11

---------------------- Page: 13 ----------------------

SIST EN 9223-104:2018
EN 9223-104:2018 (E)
— the opinions about file classification and possible use limitations from any stakeholders;
— the financial and lead time impacts;
— implementation provisions (rank, location, actors, scheduling, contractual provisions, etc.).
And for concessions and deviation permits:
— proposed supporting actions required for product use (recording, product marking, utilisation and
support documentation);
— the provisions for possible annulment.
To help the decision making, the file may state and argue any other studied but not proposed solution.
Once the decision is made and implemented, the file shall be registered and archived.
During the investigation period, the file can be successively submitted to each upper authority in the
management authorities’ tree structure. Each authority may enrich, modify, reject or transmit the file
up to the upper authority until the final decision.
5.8 Request for an engineering change, a deviation permit or a concession
a) Origin and reasons for the request
The origin of technical change request, deviation permit or concession may be either customer/user
side, or supplier/sub-contractors side.
Reason for issuing a request may be:
— regulatory rules (environment, legal, etc.);
— a technical event or an anomaly;
— experience feed-back.
and for technical changes and deviation permits, it also may be:
— a new expression of need;
— a supply resource that become unavailable;
— an imperfect interpretation of the need;
— a product that does not fully meet its requirements;
— an opportunity or a search for optimization (rationalizing of the production system, etc.).
For a deviation permit, specific reasons are stated in section 5.5.
To allow timely and proper decision making, on both technical and economical aspects, facts and
reasons for the technical change, deviation permit or concession shall be clearly established as soon as
possible and the origin authority shall be uniquely identified.
12

---------------------- Page: 14 ----------------------

SIST EN 9223-104:2018
EN 9223-104:2018 (E)
b) Request content
The authority originating a Request for technical change, deviation permit or concession should
provide, at the time being, the best available information, at least on each of the following topics:
— authority originating the request;
— reasons and justifications of the request;
— supposed impacts on critical characteristics (performance, cost, lead times, urgency, risks, etc.);
— proposed changes or effects on any technical contract requirement;
— area affected (CI, interfaces, data, links, etc.) by the technical change, deviation permit or
concession and initial proposed classification;
— supposed impacts on configuration documents (identifiers), product marking;
— requirements for modified and unmodified articles interoperability, etc.;
— industrial and logistics aspects;
— consequences of a rejection or no application of the request.
For technical changes and deviations, the request shall also include quantified objectives (when the
design is not fixed).
NOTE When technical change(s) are closely linked to deviation permit(s), the related requests refer each
other.
c) Forwarding the request
The request shall be provided to the management authority in charge of the full identified area as
quickly as possible.
The request shall be escalated to the successive authorities in the management authorities’ tree
structure (see 5.9 and Figure 3).
5.9 Area affected and related management authority
5.9.1 Classification and associated procedures
A technical change, deviation permit or concession affecting a component of the product may have
impacts on:
— the environment of the component itself inside the product;
— other products related to the programme (logistic and operation support elements, external or
internal interfaced products, etc.);
— another programme using the same component.
13

---------------------- Page: 15 ----------------------

SIST EN 9223-104:2018
EN 9223-104:2018 (E)
In order to identify the competent authority in charge of the technical change, deviation permit or
concession, it is necessary to investigate its impacts through a bottom up analysis in the products tree
structures. This investigation addresses the physical and functional characteristics of the successive
items. Such investigation involves the successive management authorities when going up in those tree
structure, starting from the first authority in charge of the request (see Figure 3).
During this escalation, each of these authorities shall assess its competence. Such an assessment implies
that the authority is in position to access to the design justification.
When the authority assesses its competency, the request shall be managed at its level.
When the authority considers itself not to be competent, or is not in a position to decide on the point,
then she shall direct the request towards the next higher level authority.
The investigation results shall be registered as soon as possible, even at the time of the request.
Should the area affected by the technical change, deviation permit or concession be questioned during
the process, the competence of the authority might be affected.
To sum up, the following principles are applicable (see EN 9223-100):
— the lowest level authority whose field of competence includes all its consequences is the
responsible of decision on any change, deviation permit or concession;
— any decision affecting the competence of another authority (or if there is any doubt in this respect)
should be taken by an authority at the next suitable higher level, or, in the case of repercussions
outside of the programme, by suitable board if necessary.
14

---------------------- Page: 16 ----------------------

SIST EN 9223-104:2018
EN 9223-104:2018 (E)

Figure 3 — Field of competence for a technical change, deviation and concession request
5.9.2 Engineering change, deviation permit or concession classification
Depending on the effects on the products characteristics and on the possible need for actions in support
of the technical change, deviation permit or concession implementation (see hereafter), two or more
categories may be defined to classify any engineering change, deviation permit or concession, e. g.
“class 1”/“class 2” /“class 3”, “major” / “minor”/“secondary”, “modification”/“amendment”/“correction”,
etc.
Classification practices and vocabulary may depend on trades and companies, standards and regulation
ruling the programme.
15

---------------------- Page: 17 ----------------------

SIST EN 9223-104:2018
EN 9223-104:2018 (E)
EXAMPLE (see Figure 4) A technical change, a deviation permit or a concession will be considered:
— class 3 if it is demonstrated that it does not affect any one of the
products physical and functional characteristics;
— class 2 if it is demonstrated that it affects only the products physical
characteristics and that it does not require any supporting action;
— class 1 in any other case.
Such classification relates to a configuration item.
Classification decisions are the responsibility of the configuration Item management authority for the
item.
Such classification affects the applicable provisions for decisions. Such provisions shall be specified in
the configuration management plan.
...