ISO Configuration Management Guide for Engineers: A Complete Roadmap
Hello, this is Hermes Solution.
Starting this week, we are launching a new series for engineers preparing for ISO certifications — a practical and easy-to-follow guide to Configuration Management (CM).
Configuration Management is a core requirement across major industry standards such as:
ISO 26262 (Functional Safety)
ISO 42001 (AI Management System)
ISO/SAE 21434 (Automotive Cybersecurity)
ISO 9001 (Quality Management)
If you are new to ISO standards, you may often wonder:
“What exactly is Configuration Management?”
“Isn’t it just version control using Git?”
This roadmap is designed to help beginners clearly understand Configuration Management from the ground up and apply it effectively in real engineering environments.
1. Understanding the Why Behind Configuration Management
Configuration Management (CM) refers to the systematic control of changes to all components — including products, software, documents, and system elements.
Before learning the standards, it is crucial to understand why such management is necessary.
What Is Configuration Management?
Let’s explain it with a simple analogy.
Imagine you are building a complex LEGO castle:
Recording which blocks are used → Configuration Identification
Asking for approval before changing a block → Configuration Control
Keeping track of who made what changes → Status Accounting
Checking if the final castle matches the design → Configuration Audit
Without CM, if 10 people freely modify the castle, the structure collapses — the same happens in software development.
Real-World Software Example
Developers modify files independently
Testers use outdated versions
The team loses track of which version is deployed
Such issues frequently lead to failures or safety incidents.
With proper CM, organizations maintain stability, traceability, and quality consistency.
2. Configuration Management vs Version Control: Key Differences
Many engineers assume CM and version control are the same, but they serve different purposes.
Category | Version Control | Configuration Management |
|---|---|---|
Scope | Individual files | Entire system configuration |
Focus | Tracking change history | Managing relationships among elements |
Tools | Git, SVN | Jira, Confluence, ALM systems |
Examples | Document v1.0 → v1.1 | Requirement → Design → Code → Test traceability |
Version control manages file revisions.
Configuration Management manages the entire lifecycle flow, including changes, approvals (CCB), baselines, and traceability.
In simple terms:
Version control is part of CM, while CM is a broader discipline that ensures product integrity across the entire development lifecycle.
3. Essential Terminology in Configuration Management
For beginners, these foundational CM terms are important:
Configuration Item (CI): Any managed artifact (documents, software, components)
Baseline: An approved reference version
CCB (Configuration Control Board): The group that reviews and approves changes
Traceability: Linking requirements, design, code, and tests
Change Request (CR): A formal request to update a configuration item
4. Why Configuration Management Matters: The Toyota Recall Case
A well-known example shows how CM failures lead to massive risks.
Toyota Unintended Acceleration Incident
Millions of vehicles recalled
Severe financial losses and global brand damage
NASA’s investigation found software issues and a major lack of CM, including:
No clear record of software versions installed in each vehicle
No ability to trace change history
Difficulty identifying configuration of affected vehicles
If Proper CM Had Been Implemented:
Faulty software version identified immediately
Only affected vehicles would be recalled
Costs could have dropped from trillions of won to mere billions
Configuration Management is not “just documentation”—
it is essential for safety, risk management, and product reliability.
5. The Four Core Activities of Configuration Management
According to ISO 10007 and ISO 26262, CM consists of four main activities.
1) Configuration Identification
Defines what needs to be managed
(including CI selection, naming rules, and baseline setup)
2) Configuration Control
Ensures only approved changes are applied
(Flow: CR → Impact Analysis → CCB Approval → Implementation → Verification → Baseline Update)
3) Status Accounting
Tracks real-time configuration status
(Which version is deployed? Where? When?)
4) Configuration Audit
Checks whether CM processes are followed and outputs match approved baselines
6. Tools Used in Modern CM Practices
Understanding CM tools is essential for practical implementation.
Git / SVN – version control
Jira / Confluence – change management & documentation
ALM tools (Polarion, Jama, DOORS) – requirements & traceability
Notion – collaborative document management
These tools help automate traceability, document control, and baseline management.
7. Benefits of Strong Configuration Management
Effective CM leads to:
Easier ISO certification
Higher development efficiency
Fewer defects and quality issues
Improved team collaboration
Greater customer trust
Reduced risk exposure
More predictable product releases
As technologies evolve — autonomous driving, AI systems, smart factories — CM is becoming a mandatory capability, not an optional one.
8. Configuration Management Roadmap Summary
Step 1: Understand core concepts
Step 2: Learn the four CM activities deeply
Step 3: Apply CM using tools and real workflows
Mastering CM makes ISO certification significantly easier.
Why Choose Hermes Solution?
Many companies provide ISO consulting — but Hermes Solution offers real, operational CM systems, not just documentation.
1) We Build Executable, Not Theoretical Systems
Most consultants deliver documents that aren’t used.
We design processes that developers, QA engineers, and PMs can actually apply daily.
2) Deep Experience Across Automotive, Semiconductor, and AI Industries
Our team has real field experience in highly regulated industries,
so we provide solutions that work in real engineering environments.
3) Cross-Domain Expertise (ISO 26262 + 42001 + 21434 + ASPICE)
Modern development requires integrated governance across safety, AI, cybersecurity, and quality.
Hermes Solution is one of the few firms that can support all these domains together.
4) Designed for Certification and Re-Certification
Many companies struggle when re-certification comes.
We build systems that function independently within your organization long-term.
5) Education + Consulting + Tool Integration (All-in-One)
ISO compliance requires people (training) + process (procedures) + tools (systems).
Hermes Solution provides all three in a unified approach.
