The main purpose of a software configuration audit is to maintain and establish the integrity of the products of a software project throughout the software production cycle. It is like a checklist to identify work products and baselines that are subject to configuration control; approval and rejection of proposed changes; tracking and reporting of configuration data and changes; and ensure that the requirements are met and properly documented.
A configuration audit is used to determine that software complies and conforms to a set of agreed requirements. It is a quality assurance mechanism to identify opportunities for the continuous improvement of a product.
You can do 2 types of audits for a software configuration, a physical configuration audit and a functional configuration audit.
- The physical configuration audit will compare the system components against the vendor’s technical documentation based on these:
- The audit shall establish a configuration baseline of the software to be tested to confirm if the vendor’s documentation is enough for the user to install, operate, and validate the software.
- Examine the vendor’s source code against the submitted documentation to verify that the software conforms to specifications the vendor submitted. You must also check the entire vendor’s release control system and see if any changes that have been made to the baseline version are for the submitted software version.
- If the software is to run in other systems and equipment, you have to review all drawings and specifications, test and technical data associated with the system hardware and review the documentation for this against the system’s functional specifications and resolve issues.
- All changes that have been made to the baseline software configuration during the physical audit should be reexamined and new documentation should be submitted.
- Check that all deliverables have been met such as workmanship standards, delivery media conformity, shipment and export compliance deliverables, as well as well as third-party requirements.
Software Configuration Management of functional configuration audit is done during the development cycle of the software to provide management with ongoing evaluation to validate that the software conforms to the policies, processes, plans and systems and other standards as agreed upon.
For a functional configuration audit:
- The testing agent should review the test procedures conducted by the vendor to determine that the specified functional requirements have all been tested and that the software performs all the functions as described in the vendor’s documentation.
- All required changes that need to be implemented based on the functional configuration audit should be reviewed and the verified against the revised documentation submitted by the vendor.
- During your testing, you should also do interface testing as well as test the required quality attributes of the software in terms of performance, usability, safety and security.
The configuration audits for a software while in the production process ensures that the end product performs and delivers the results as specified and that the accompanying documentation is user friendly and applicable to the specific software.