The configuration management process should define the approval authority for a change.
The approval authority for various changes may vary based in the significance of the
5.5.1 Performing Work
Changes must be reviewed, approved, verified, and validated before they are
implemented. They must be implemented consistent with the approved change control
package. Work must be performed consistent with hazard controls and using approved
instructions, procedures, or other appropriate means.
5.5.2 Developing Change Control Packages.
The contractor should (1) document each step of the change control process (i.e.,
identification, reviews, approvals, implementation, and document updates) and (2) track
the implementation in the change control package. Documenting and tracking are
essential to ensure that each change is fully assessed, approved, and implemented in
accordance with the approved change, and that the affected documentation is identified,
updated, and distributed to controlled users. The change control package should be used
to capture the change request, the various technical reviews and evaluations, the
management review, and the implementation results. The contractor must also include
related information (such as the change request, design package, installation package and,
post-modification testing) in the change control package. The change control package
should be kept in one location until installation is complete.
The change control package should be used to track the changes to completion. Prior to
implementation of the changes, the change control package should be reviewed to ensure
it is complete and usable,
there are no unidentified physical interferences,
the change is likely to meet defined post-implementation acceptance criteria,
the change has been approved for implementation.
The change control package should:
identify all deviations from current design requirements so that the changes
are tracked and documented,