RPACT Change & Configuration Management Policy
RPACT GbR
POL-RPACT-004
Version 1.0.0
POL-RPACT-004_Change_and_Configuration_Management_Policy.Rmd
RPACT GbR
Am Rodenkathen 11
23611 Sereetz
Germany
www.rpact.com
Copyright © 2025 RPACT GbR. All rights reserved.
| Policy ID | POL-RPACT-004 |
| Title | RPACT Change & Configuration Management Policy |
| Description | This policy defines RPACT’s approach to change and configuration management throughout the system lifecycle to ensure that changes are properly recorded, reviewed, approved, verified, and implemented with minimal risk. |
| Author | Friedrich Pahlke |
| Reviewer | Gernot Wassmer, Daniel Sabanés Bové |
| Creation date | 2025-03-26 |
| Version | 1.0.0 |
| Date of modification | 2025-03-31 |
| Effective date | 2025-03-31 |
Purpose
This policy defines RPACT’s approach to change and configuration management throughout the system lifecycle to ensure that changes are properly recorded, reviewed, approved, verified, and implemented with minimal risk.
Scope
This policy applies to all changes made to RPACT-managed systems and software, including code, documentation, validation artifacts, and infrastructure configurations.
Responsibilities
- Partners at RPACT are jointly responsible for evaluating, approving,
and documenting changes.
- External collaborators may propose changes, but approval must be granted by one of the RPACT partners.
Change Management Process
Change Recording
- All changes are documented using version control systems such as
GitHub (for code) or Subversion (SVN, for validation documents).
- Each change is logged with a timestamp and the name of the author. A description of the rationale for the change is mandatory in GitHub via commit messages, and optional but recommended when using Subversion.
Impact and Risk Evaluation
- For each proposed change, the impact on existing functionality and
the potential risk (regulatory, functional, or performance-related) is
evaluated.
- For complex or critical changes, the evaluation is discussed jointly by the partners.
Verification of Changes
- Changes are verified in accordance with their risk and
complexity.
- For code changes, automated test pipelines (e.g., CI/CD) are used to
ensure correctness.
- Manual validation is performed when necessary.
Approval of Changes
- All changes require approval by at least one RPACT partner before
release.
- For critical components, dual approval may be requested.
- Approval is documented through GitHub Pull Request approvals or commit annotations.
Back-Out Plan
The following standard back-out plan for all critical or potentially disruptive changes must be applied:
- In the event of a failed or problematic change, the system will be restored to the last known stable state.
- This is typically achieved by reverting to:
- a previous Git commit (e.g., the most recent successful CI-verified
version on the main branch), or
- a previous SVN revision for documentation-related artifacts.
- a previous Git commit (e.g., the most recent successful CI-verified
version on the main branch), or
- For CRAN-released packages (e.g., rpact), the latest production tag may serve as a stable fallback if appropriate.
- If required, the restoration steps are performed manually by the RPACT partners and verified before resuming further development.
This standardized procedure eliminates the need for maintaining separate back-out plans per project.
Configuration Management
- All configurable settings and dependencies are tracked in version
control and documented as part of the release package.
- Any configuration-specific change is treated as part of the change management process.
Proportionality
- The depth and formality of the change process is adapted to the risk
and type of system involved.
- For internal research tools or prototypes, lightweight procedures
may be sufficient.
- For production or validated tools (e.g., rpact), full traceability is ensured.