The global skills and competency framework for the digital world

Configuration management CFMG


Planning, identifying, controlling, accounting for and auditing of configuration items (CIs) and their interrelationships.

SFIA 9 is in development

  • SFIA 9 beta due in early July 2024
  • SFIA 9 planned for publication October 2024

Guidance notes


Configuration items (CIs) can include a wide variety of components (objects) such as — but not limited to — source code, software, products, systems, hardware, networks, buildings, suppliers, process definitions and documents.  A coherent set of CIs forms a configuration.

Activities may include — but are not limited to:

  • identifying and documenting the functional and physical characteristics of CIs
  • identifying the relationships and maintain coherence between CIs for specific configurations
  • identifying the associated configuration(s), status, version and other characteristics of CIs at distinct points in time
  • controlling changes to CI characteristics, recording and reporting change processing and implementation status
  • systematically controlling changes to a configuration and maintaining the integrity, coherence, and traceability of that configuration throughout the project, system and/or service life cycle
  • adhering to established safety, security and quality standards
  • verifying and auditing CI records for data quality and compliance with specified internal and external requirements.


Defined at these levels: 2 3 4 5 6

Configuration management: Level 1

Configuration management: Level 2


Applies tools, techniques and processes to administer, track, log, report on and correct configuration items, components and changes.

Assists with audits to check the accuracy of the information and undertakes any necessary corrective action under direction.

Configuration management: Level 3


Applies tools, techniques and processes to track, log and correct information related to configuration items.

Verifies and approves changes ensuring the protection of assets and components from unauthorised change, diversion and inappropriate use.

Ensures that users comply with identification standards for object types, environments, processes, life cycles, documentation, versions, formats, baselines, releases and templates.

Performs audits to check the accuracy of the information and undertakes any necessary corrective action under direction.

Configuration management: Level 4


Proposes and agrees the configuration items (CIs) to be uniquely identified with naming conventions.

Puts in place operational processes for secure configuration, classification and management of CIs, and for verifying and auditing configuration records.

Develops, configures and maintains tools (including automation) to identify, track, log and maintain accurate, complete and current information.

Reports on the status of configuration management. Identifies problems and issues and recommend corrective actions.

Configuration management: Level 5


Plans the capture and management of CIs and related information.

Agrees scope of configuration management processes and the configuration items (CIs) and related information to be controlled.

Identifies, evaluates and manages the adoption of appropriate tools, techniques and processes (including automation) for configuration management.

Contributes to the development of configuration management strategies, policies, standards, and guidelines.

Configuration management: Level 6


Develops configuration management strategies, policies, standards, and guidelines.

Champions the importance and value of configuration management and develops new methods and organisational capabilities (including automation) for configuration management.

Provides resources to drive adoption of, and adherence to, policies and standards.

Measures and monitors adherence to standards and ensures consistent execution of the process across the organisation.

Configuration management: Level 7