Home Articles Configuration Audit

Configuration Audit

PDF Print E-mail

The Configuration Audit tests and verifies that the correct version of the code (called configuration items or CIs) are in production (or QA, for that matter). There are two types of Configuration Audits. The first is a physical audit that verifies that the correct physical files (e.g. binaries, config) are in place. The second is a functional audit that verifies that the Configuration Items are performing as expected. It is essential that Configuration Management best practices include automated procedures to conduct the configuration audit. This means that you need an automated procedure to extract the unique immutable version ID from the binary itself.

When you deploy a release, you must also be able to conduct the configuration audit to (trust but) verify that the correct CIs are in place (and are performing correctly).
There are many techniques for doing this and I will be adding articles showing specific examples. Please send me an email and tell me which examples you would like to see!

The configuration audit is one of the four core functions. The others are configuration identification, status accounting and change control.

More articles by this author

Join us at the Agile Development Conference for IT Governance and Compliance in an Agile World Date: Wednesday November 07, 2012 2:15pm Presenter: Bob Aiello, CM Best Practices Consulting Description: Establishing IT governance and compliance practices is essential for organizations that have regulatory or audit requirements. The good news is that you can be agile and still comply with Sarbanes-Oxley, CFR 21, HIPAA, and other regulatory imperatives. Done well, IT controls actually help you improve both productivity and quality. Bob Aiello describes how to implement IT controls in frameworks such as ISACA, Cobit, and ITIL v3 that many regulatory frameworks require—while maintaining agile practices. Bob’s guidance includes specific examples of establishing IT controls: separation of duties, work-item to change-set traceability, physical and functional configuration audits, and more. Bob explains how these practices help government, defense-related, and other critical mission corporations scale agile practices where audit and regulatory compliance is a must. In fact, Bob attests to the fact that a disciplined approach to agile can improve the productivity and quality of most all agile development efforts. Also, please join us the day before for Configuration Management Best Practices training    
Join us at the Better Software Conference for Configuration Management Best Practices training Date: Monday, June 2nd, 2013 8:30 AM Presented by  Bob Aiello, CM Best Practices Consulting Description Robust configuration management (CM) practices are essential for creating continuous builds to support agile’s integration and testing demands, and for rapidly packaging, releasing, and deploying applications into production use. Classic CM—consisting of identifying system components, controlling changes, reporting the system’s configuration, and auditing—won’t do the trick anymore. Bob Aiello presents an in-depth tour of a more robust and powerful approach to CM consisting of six key functions: source code management, build engineering, environment management, change management and control, release management, and deployment. Bob describes current and emerging CM trends—support for agile development, cloud computing, and mobile apps development—and reviews the industry standards and frameworks that are essential in CM today. Take back an integrated approach to establish proper IT governance and compliance using the latest CM practices while offering development teams the most effective CM practices available today.      
Copyright © 2017 CM Best Practices. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.

Product News

Live Online Training