This week I was chatting with a colleague of mine who is an expert in Configuration Management - with many years of experience implementing build and release management frameworks. I was shocked when he mentioned that he had never really read any of the industry standards and frameworks and had simply learned CM from the trenches. I am a trench level guy myself, but I was further shocked when he asked me if I thought CM gurus should just go off and learn standards on their own. This discussion made me rethink whether or not standards are really important. Read on if you would like to take a cold hard look at what industry standards bring to the table and whether or not they are worth your time to study and implement.

Standards Skeptic
Standards (and some frameworks) are hard to read and many standards boards don't do much to help make them more understandable. The cryptic wording in many standards is more suitable for a long unreadable business contract than practical guidance for implementing CM. The cold hard truth is that many standards boards rely upon having a captive audience who are contractually obligated to use standards. Many standards are also incomplete at best and often archaic in their descriptions. Frameworks have also been criticized for being less than readable. Cobit control practices can be puzzling at best (I wrote an article entitled “Puzzling my Way Through Cobit”). ITIL has volumes of excellent documentation but takes a long time to digest and understand.

Standards Approval
The process for getting a standard approved can take a long time and is often impacted by challenges from internal politics to technical challenges. The approval process itself can take years - often while the technology is changing rapidly in many important ways. I recently learned that one popular CM related standard could not get a new version approved by the standards board. Part of the challenge of implementing standards is navigating the standards approval process itself! 

Practical Guidance or Just Pass/Fail
The CMMI Framework has been criticized for not providing enough guidance on how to actually stand up the CM function.  Susan Land and John Walz wrote an excellent book that describes how to use the IEEE Standards to support the CMMI and another book on supporting ISO 9001 with IEEE Standards.

Stealing Good Ideas
Standards are all about sharing best practices. I devoted a whole chapter to standards and frameworks in my own book on CM Best Practices: Practical Methods that Work in the Real World (Addison-Wesley, 2010). The best way to think of standards is a checklist of best practices that should be implemented as described. Standards working groups are made up of industry experts who meet regularly to share their experience with others and create a comprehensive document that provide practical guidance. Using standards will help you avoid costly mistakes and ultimately produce a better product.

What's In a Standard?
Traditional CM standards include four functions: Configuration Identification, Status Accounting, Change Control and Configuration Audits. Most people have no clue as to what “status accounting” means. Status accounting refers to following a configuration item throughout its lifecycle. This is usually done with an automated workflow solution. In my opinion this has evolved into what we call Application Lifecycle Management today. Configuration Identification refers to having clear and consistent naming conventions (for configuration items, branches, baselines, etc.). Standards provide guidance for implementing CM in a clear and consistent way. More importantly standards help you pass your audit.

IT Governance and Compliance
Whether your organization must comply with section 404 of the Sarbanes-Oxley Act of 2002 or the CFR 21 rules related to HIPAA, you may need to pass an audit some time. Using standards and frameworks for guidance puts you in a very strong position and usually results in auditors needing to look elsewhere for something to write up.

What About Agile?
Scott Ambler has been writing about Agile process maturity. I had the privilege of writing a Forward to his new ebook on this topic and participate in a podcast on the same topic. Agile itself is maturing itself in many ways and many organizations are adopting frameworks to support and scale Agile. Rest assured that you can do Agile and still use industry standards and frameworks. This is a strong interest of mine (along with Agile ALM). Drop me a line if you are interested in using Standards and Frameworks along with Agile.

Tailoring for Success.
I have found that the secret to success with Standards and Frameworks is to take a Lean Approach. I have seen people get mired in trying to comply with the guidance in a standard when the particular issue was not really relevant to their situation. Tailoring means that you trim down the requirements of the standard. Be careful with this since you may have contractual requirements that must be met. But if your standards discuss subcontractor maintenance and you don't have any subcontractors then chance are you can tailor down and omit that section. Again, it is better to just follow the guidance in the standard, but sometimes tailoring is necessary and can help make your effort successful.

Conclusion
Standards are wisdom and best practices. You can learn a lot by studying and implementing industry standards and frameworks. I almost forgot to mention that I told my colleague that I would like him to read the industry standards and frameworks first and then decide if they are useful or not. It's easy to discount something that you have not read and understood. Be prepared to evangelize standards and frameworks in your organization and then enjoy the success of running a world class CM function!

Trackback(0)

TrackBack URI for this entry

Comments (0)

Subscribe to this comment's feed

Write comment