1 product worth 45.55 in your cart
go to the checkout

0
shares

Configuration Management is something that is critical to the sucess of any regulated facility; especially those utilising IT/IS, however it is also something that often overlooked from a point of view of criticality. This is something that seems to be reinvented on project to project, site to site.

Save time and money with configuration management

Managed configurations are extremely worthwile and save a hell of a lot of time in the future (often unplanned) when this has been done properly. Configuration Management is a core component of PRINCE2 and ITIL (IT Infrastructure Library) – these methodologies have been proven to consistently work.

This article will give a brief insight into some of the fundamentals of configuration management and exemplify how something that seems so small can have such a large effect – moving a computer.

The jargon explained

From a terminology point of view, bear these in mind, as with all IT related articles this one contains jargon:

  • CM = Configuration Management
  • CI = Configuration Item
  • CMDB = Configuration Management Database

Find the right balance

Firstly we will look at the reasons why this is either not deployed, not deployed properly or simply so cut down it doesn’t work. A starting point is something that most people struggle with at the best of times, sometimes we just can’t get the vision right, largely due to a lack of experience and/or knowledge; couple this with personality clashes and a workplace culture, implementing configuration management is going to get difficult. Can you see where this is going? Sponsorship from superiors is often difficult to obtain due to departmental/supplier barriers and boundaries. Mix this with people, processes and technology and usually the whole thing never gets mentioned again.

The reality is that there is already lot of data, yes it’s there but to varying degrees of accuracy. Maintained? Some. But more often than not there is a LOT of informal data and local knowledge that is, well, just there! In a multi-site organisation this data is often just inconsistent.

We have chosen the ITIL CM approach because it’s, in our opinion the best and therefore we’ll use this to portrait the concept in the hope that more people will take this onboard. The ITIL CM process contains 5 core components:

Planning: Self explanatory but for those how aren’t sure: “Failing to plan, is planning to fail”. Job done.

Identification: This is deciding on what exactly is going to be controlled by the CM process and then..

Control: Link to change management (very important); a question is yeilded from the control component, “Are you allowed to change it and how is the change to the configuration controlled?”.

Status Accounting: This is about what has changed and why!

Verification and Audit: Is this what we said we’d have? Have we done it correctly?

More changes than you think

The CMDB holds the details of each CI in an organisation, especially those items used to support the manufacturing operations of a GMP environment. Let’s say, for example we’re going to move 5 servers from a control room in building A to a computer room or data centre in Building B. Sounds simple, they’re just computers, put them on a trolley move them to building B and then as log as there is power and a network socket it’s a case of plug and play. Bob’s your uncle. Now can we go to the pub?

But wait, lets look deeper what has actually changed about that computer? Their room number has changed; they are connected to different network outlets. Does they need UPS power and are they still connected to the UPS? Were they connected the the UPS anyway? How do we tell? Do we need to know or does it just have to look like it is working? Will there be enough power in the new room, is there sufficient cooling – will the environment condition changes affect the service level agreement? Is there sufficient LAN / SAN outlets? There is a lot of change going on here.

Standardise your approach

In addition to all this, there are a lot of views of the situation – The cost view, the service view, the system view (logically are the specifications suitable; physically – is there room and capacity). Parts of these views are crossing over as well, they’re overlapping into areas of common concern and it is these components whose configurations must be managed (not leaving out others but merely highlighting the importance of configuration managment). These should be controlled.

The first thing is to make sure you’ve got the right team; each and every business has a different way of working – prototype the process until it is correct. Standardise naming conventions for everything: services, locations, cabinets, devices and so forth. Identify any gaps and where the knowledge lies – this is usually a combination of formal knowledge and informal knowledge (what people know that they haven’t documented). Make sure that ownership is clear and unambiguous and most importantly make sure that visible sponsorship and support is present.

Can you afford not to use configuration management?

This all sounds like a lot of work, but in the long run this is a completely valuable exercise and demonstrates control for numerous purposes. For example, every time a new IT project comes up does someone have to survey the datacentre for capacity for power, network, rack space, air conditioning capacity? These are all jobs that can be done from the desk when an efficient, up-to-date CMBD is setup and active – in addition a good system will give everyone confidence in their planning of anything from a small upgrade to a massive MES project implementation.

Without CM, change management is of limited effectiveness; its change management that we rely on so heavily in this industry to demonstrate our control in making changes to validated systems and qualified platforms. An end-to-end view is created with CM with each task rather than being able to plan, confidently in bulk. Service reporting will always be risky and therefore not trusted, even though it is required and finally and crucially, without CM the impact of faults and changes cannot be predicted with confidence.

Can you afford not to do configuration management?

Premier Infrastructure

If you would like to learn more about configuration management feel free to contact Premier Infrastructure anytime.

0
shares

  • http://www.coolpac.com Andrew

    it seems that you are saying configuration management is the same as change management. the example you used I would have said was one of change management. so is there a difference between the two?

    In one company that I worked at we put some IT systems under configurration management (a lesser version of change management). this entailed identifying the system and allowing IT staff to alter settings in software but each alteration had to be documented in a specific log. this enabled IT staff to make changes quickly where necessary i.e. roll out patches and security updates.

  • http://www.coolpac.com Andrew

    it seems that you are saying configuration management is the same as change management. the example you used I would have said was one of change management. so is there a difference between the two?

    In one company that I worked at we put some IT systems under configurration management (a lesser version of change management). this entailed identifying the system and allowing IT staff to alter settings in software but each alteration had to be documented in a specific log. this enabled IT staff to make changes quickly where necessary i.e. roll out patches and security updates.

  • Mark Richardson

    Configuration Management isn’t a lesser version of Management. All changes should be carried out under approved change management processes/procedures; released under release management procedures.
    When implementing changes in a regulated industry, especially IT changes there is always or nearly always at least two components, firstly the change to the system, secondly the change to the specifications for that system. By deploying an efficient change management system, the CI would have a corresponding component on the computer system, this would be documented in the CMDB as well, therefore, when the requirement for change originates and is approved, the change will happen to both the CI in the CMDB and the system. This provides a structured approach and helps to ensure that the system and the documentation is aligned at all times.

    In summary, both Change and Config Management are different, in regulated environments the config management will be changed in accordance with approved change control procedures, otherwise as you have mentioned logbooks can be updated to roll out quick-changes as long as this method is proceduralised in an approved SOP or Work Instruction.

    I hope this clarifies.

  • Mark Richardson

    Configuration Management isn’t a lesser version of Management. All changes should be carried out under approved change management processes/procedures; released under release management procedures.
    When implementing changes in a regulated industry, especially IT changes there is always or nearly always at least two components, firstly the change to the system, secondly the change to the specifications for that system. By deploying an efficient change management system, the CI would have a corresponding component on the computer system, this would be documented in the CMDB as well, therefore, when the requirement for change originates and is approved, the change will happen to both the CI in the CMDB and the system. This provides a structured approach and helps to ensure that the system and the documentation is aligned at all times.

    In summary, both Change and Config Management are different, in regulated environments the config management will be changed in accordance with approved change control procedures, otherwise as you have mentioned logbooks can be updated to roll out quick-changes as long as this method is proceduralised in an approved SOP or Work Instruction.

    I hope this clarifies.

Similar articles:

0
shares

Not all suppliers are the same, for example when you buy a car or a house, time and effort is dedicated into finding the best provider with the best product in terms of quality and reliability.

Choosing a Vendor

The same methodology needs to be dedicated when choosing a vendor for your business. Not only will you be purchasing their products or services, but you will also be dealing with them on a regular basis hence your personal relationship most also be strong.

Regulated Environment

When working in a regulated environment one of the key questions that needs to be considered is will the product of service affect your product quality. If the answer is yes then it is paramount that you can trust your supplier/vendor and the quality of their product or service

Supplier Qualification Online Course

This module is taken from our course on Supplier Qualification.

 

About Us

Learnaboutgmp is a cloud based learning management system (LMS) designed specifically for life science and regulatory organizations. Our LMS contains the courses you need to help you achieve regulatory compliance. With new courses published every month and existing courses updated in line with regulatory changes we are your true continuous learning platform.

0
shares

Similar articles:

0
shares

Choosing the correct software for your organisation is a tricky task and even more so when you are working in a regulated environment.

It’s one thing finding a great software package but if the vendor does not take their quality system seriously this could have a dramatic effect on the evolution and robustness of the solution.

They need to take their quality efforts as seriously as you take yours otherwise product quality and patient safety could be compromised.

An overall quality audit should be performed on each vendor before a decision is made, below are a list of questions that you could ask each vendor specifically on their quality system.

If the software vendor does not take their Quality System seriously you need to walk away.

Quality System Questionnaire

  1. Does the company have an established and Documented Quality System?
  2. Does the Quality System adequately reflect the client’s quality engineering policies?
  3. Is the responsibility for Quality defined (SOP)? What are their qualifications?
  4. Is Quality System documentation adequately controlled in terms of review, approvals and distribution
  5. Is the QS documentation regularly updated and otherwise maintained appropriately? (frequency)
  6. Are there procedures for reviewing the performance of the QS e.g. Internal Audit, Management Review?
  7. Are there training procedures and Job specifications? Are these adequate for the Maintenance of the QS
  8. Is there a Quality Plan for the Design, Development and Implementation of the products?
  9. Do the company use Sub Contractor’s?
  10. Do the company have control over any Sub Contractor’s QS? e.g. Vendor Assessment, Specification, Documentation review and approval?
  11. Do the company have access to relevant Sub-contractor Quality documentation?
  12. Is Sub Contractor’s Quality System compatible with the previous questions of this section?
  13. Have the Sub Contractors been audited? Review the report?
  14. Has accreditation/registration been achieved for: BS 5750 Pt. 1 or 2, TickIT, ISO 9000, Other (name
  15. Does the company operate to GAMP for computer systems?
  16. Are there SOPs for QC? Is there a release procedure?
  17. Is there an out-of-specification procedure?

Choosing the correct software application for your organization is a very tricky task and one that takes alot of upfront planning in order to make the correct choice.

The task has even got more difficult with the emergence of cloud based technology and how that impacts the overall validation process.

Remember to outline your requirements clearly and get buy-in from the other business owners.

0
shares

TOP

Similar articles: