Quality and Configuration

Management in Your Pocket

1
 MANAGING QUALITY IN DEFENCE

Foreword by the Defence Functional Authority

for Technical, Quality and Standardisation

Stephen Wilcock MBE

BEng(Hons) MSc MDA MA
ChPP CEng FRAeS
“Everyone has a part to play in
effective Quality Management and
Assurance. It is about providing
operational excellence across all
aspects of our business through our governance, assurance
and improvement. Quality is not a retrospective exercise rather
it is about informing and driving continuous improvement,
drawing on data and information to inform proactive measures
to improve, to ensure we uphold the highest levels of safety
through our Quality activity, and to hold ourselves to account
for the work we undertake in support of our Armed Forces. To
meet their needs, we need to be safe, efficient and consistent
in providing reliable and effective products, services and
support to the front-line commands. This Pocket Guide covers
the essentials of Quality across the MOD which I commend to
you and your people.”

2
 Foreword by Quality and Configuration
Management Policy Team Leader

Tim Pearce
CQI MCQI
“Quality and Configuration Management
(CM) are key enablers to us providing safe
and fit for purpose equipment, support and
services to protect our people, territories,
values and interests at home and overseas,
our security and to work jointly with our
allies.
Quality is about us achieving consistent and predictable results to meet
Defence needs, expectations and requirements in an effective and
efficient way. To do this we need to ensure; we have the right
frameworks and conditions in place to succeed, our risks are
appropriately managed, we have balanced levels of risk-based
assurance, we are working to ensure that waste and rework are
minimised, that issues and trends are attended to, and necessary
improvements put in place to prevent recurrence.
CM applies discipline and technique to things we produce, acquire and
manage. This enables us to; have an effective baseline that should be
consistently match through life in order to meet the performance levels
we require or specified, to test and verify/validate they have met these,
to effectively manage and control variation, to effectively manage lifed
components and other serviceable aspects/maintenance such they
continue to perform as required, to help us identify and manage
unplanned deviations (including quarantine and incident management in
a way that minimises risk and operational impact) and to control and
manage upgrades and changes effectively.
Done well and early, they enable us to succeed. Done poorly or as an
afterthought they drive up cost and rework, risk compromising safety and
adversely impact our ability to effectively support national and
international Defence needs.”

3
Table of Contents
1. Introduction.................................................................. 7
1.1 Quality in the MOD ........................................................................7
1.2 MOD Policy for Quality ..................................................................7
1.3 Configuration Management in the MOD .......................................8
1.4 MOD Policy for Configuration Management .................................8
2. Quality .......................................................................... 9
2.1 What is Quality Management? ......................................................9
2.2 Chartered Quality Institute Profession Map ............................... 10
2.3 Quality Management Principles ................................................. 12
2.4 Quality Management Operational Framework ........................... 13

3. Government Quality Assurance (GQA) .................... 14

3.1 GQA Framework Stages ............................................................ 15
3.2 Planning for Acquisition ............................................................. 16
3.3 Project Quality Management Plan ............................................. 16
3.4 Requirements Preparation ......................................................... 17
3.5 Appropriate Certification ............................................................ 17
3.6 Selecting QA Requirements for Contracts ................................. 18
3.7 Standard QA Requirements for Contracts ................................. 18
3.8 Primary QA Requirements ......................................................... 18
3.9 Supplementary QA Requirements ............................................. 19
3.10 Counterfeit Materiel .................................................................. 21
3.11 Performance Indicators ............................................................ 22
3.12 Supplier Selection and Contract Award ................................... 23
3.13 Contract Execution ................................................................... 24
3.14 Supply Chain GQA ................................................................... 24

4
 3.15 GQA Representatives (GQARs) .............................................. 24
3.16 GQA Surveillance (GQAS)....................................................... 24
3.17 Overseas Quality Assurance ................................................... 25
3.18 Delivery .................................................................................... 26
3.19 Acquisition Conclusion ............................................................. 26

4. Quality Improvement Tools and Techniques ........... 27

5. Configuration Management ....................................... 28
5.1 What is Configuration Management? ........................................ 28
5.2 Configuration Management Principles ....................................... 29
5.3 Configuration Management Plans ............................................. 31
5.4 Assurance of Configuration Management ................................. 31
6. Roles and Responsibilities ....................................... 31
6.1 Defence Functional Authority for Technical, Quality &
Standardisation (DFATQS) .............................................................. 31
6.2 DFATQS Policy .......................................................................... 32
6.3 Key MOD Quality Engagements ................................................ 32
6.4 National Quality Assurance Authority (NQAA) .......................... 33
6.5 Defence Quality Assurance Field Force (DQAFF) .................... 33
6.6 Configuration Management........................................................ 34
7. Check Lists ................................................................ 34
8. Professional Competences ....................................... 35
8.1 Description ................................................................................. 35
8.2 Personal Development ............................................................... 36
8.3 MOD Quality Practitioner Licensing Scheme ............................ 37
8.4 Licenced Quality Practitioner ..................................................... 37
8.5 Chartered Quality Institute Membership .................................... 37

5
9. Quality Policy and Guidance Documents................. 38
10. CM Policy and Guidance Documents ....................... 40
11. Useful Websites ......................................................... 41
12. Abbreviations ............................................................. 42
Annex A – QA Checklists .................................................... 45
A.1 Delivery Team Leader ........................................................... 45
A.2 Authorised QA Signatory ...................................................... 46
A.3 Project GQA Practitioner ....................................................... 47
A.4 Government Quality Assurance Representatives (GQARs). 48
A.5 Delivery Team Members ....................................................... 49
Annex B - CM Checklist ...................................................... 50

6
1. Introduction
Configuration Management (CM), together with Quality Assurance (QA)
and Quality Management (QM) combine to build confidence that the
product supplied to the end user is fit for purpose.

1.1 Quality in the MOD

Quality is about meeting the needs and expectations of the customer by
doing the right things at the right time. The benefits of a sound approach
to managing quality (both internally (QM) and of the products, goods,
and services we acquire (QA)) are improving performance and safety
across the business whilst making savings to time, cost, and reducing
waste.

Quality is based on the following key principles.

a) Effective planning
b) Suitable Qualified and Experienced Personnel (SQEP)
c) Appropriate Quality Management Systems (QMS)
d) Accurate Quality Assurance requirements
e) Appropriate counterfeit materiel avoidance processes
f) Appropriate risk mitigation and GQA Surveillance (GQAS)
g) Only task authorised GQA Representatives for GQAS

1.2 MOD Policy for Quality

JSP 940 MOD Policy for Quality Part 1: Directive, contains the policy
and direction that must be followed in accordance with Statute or policy
mandated by Defence, or on Defence by Central Government.
JSP 940 MOD Policy for Quality Part 2: Guidance, provides the
means of compliance, guidance and best practice that will assist the
user to comply with the Directive(s) detailed in JSP 940: Part 1.
Knowledge in Defence (KiD) gives guidance to MOD staff on policy
and process. The Managing Quality topic within the KiD provides more
in-depth guidance in support of JSP 940.

7
1.3 Configuration Management in the MOD
The objective of CM is to define a Capability and it’s supporting
documentation by recording specifications. Its application is a critical
enabler for safety, functionality, supportability, and cost. Enacted to the
lowest appropriate level, CM is critical to providing the basis for all safety
cases.

Configuration Management (CM) is based on the 5 pillars of CM:

a) Configuration Identification
b) CM and Planning
c) Configuration Change Control
d) Configuration Status Accounting (including CM records)
e) Configuration Audit (physical and functional)

1.4 MOD Policy for Configuration Management

MOD policy on CM is contained in the Defence Logistics Framework:
Section 11. An extensive list of CM policy can be found in Section 11 of
this document.
JSP 945 MOD Policy for Configuration Management Part 1:
Directive, applies to all MOD organisations responsible for the
development, procurement, and logistics support of Defence Capability.
Should the acquirer act in collaboration with another NATO nation,
ACMP 2100 should be applied.
JSP 945 MOD Policy for Configuration Management Part 2:
Guidance, contains the guidance in accordance with the policy set out
in JSP 945: Part 1. This provides policy-compliant business practices
which should be considered best practice in the absence of any
contradicting instruction.

8
2. Quality
2.1 What is Quality Management?
“Quality Management (QM) is the process of ensuring that all the
activities necessary to deliver organisational outputs meet customer and
stakeholder requirements; that they are planned and carried out,
efficiently and effectively. QM needs to be governed, assured, and
improved ensuring the delivery of high standard products, services, and
outcomes critical to MOD Organisations.” as described in JSP 940 Pt 2,
Chapter 3.
In meeting the MOD policy requirements for QM, all ‘Top Management’1
within MOD organisations shall:
a) Take responsibility for the quality of the products, services,
capabilities, or information they are managing, and for
controlling the internal MOD processes required to deliver them.
b) Develop and implement a Quality Management System (QMS)
using the principles defined in the ISO 9000 standard (Quality
Management Systems - Fundamentals and Vocabulary). See
section 2.3 Quality Management Principles for more information.
c) Ensure that suitably qualified and experienced personnel are
developed and employed across the department to enable the
effective delivery of Quality Management (QM) and Government
Quality Assurance (GQA).

1
“Top management are individuals at Chief Executive Officer/TLB Holder or
equivalent level” – JSP 940 Pt2

9
2.2 Chartered Quality Institute Profession Map
Forming the basis of all MOD Quality policy, applying the Chartered
Quality Institute’s (CQI’s) Profession Map will ensure the interests of
customers and stakeholders are understood; that appropriate
methodologies are established to mitigate risk and protect reputation;
and improve ways of working to maximise effectiveness and eliminate
unnecessary costs.
The MOD has adopted the CQI’s Profession Map as the basis for its
Quality Governance structure. This is reflected in the policy and
structure within JSP 940. All ‘Top Management’ within MOD
Organisations shall implement the requirements as follows:

• Context: Ensuring that the organisation and its suppliers

understand the complexity of the customers’ needs and the
regulatory environment’s requirements.

• Governance: Ensuring that organisation requirements are

reflected in operational frameworks, policies, processes, and
plans, and that these meet stakeholder requirements.

• Assurance: Embedding the principles of assurance to ensure

that policies, processes, and plans are effectively implemented,
and that all outcomes (both internals and deliverable) are
consistent with requirements.

• Improvement: Facilitating the principles of measurement,

evaluation, learning from experience and improvement, which
drives more effective, efficient, and agile ways of working to
support business strategy, to enhance reputation and increase
value for money and savings.

• Leadership: Instilling a quality focused approach to the

business and facilitating good quality practices.

You can find out more in the ‘Managing Quality Section’ on the KiD.

10
Figure 1: Governance, Assurance and Improvement (GAI) Model – Chartered Quality Institute -
The Profession Map | CQI | IRCA (quality.org)

11
2.3 Quality Management Principles
ISO 9000 introduces seven Quality
Management Principles (QMPs) upon which
effective Quality Management is based. These
guide an Organisation towards improved
performance and delivery of products that
meet customer requirements:

• QMP 1: Customer Focus - The primary

focus of QM is to meet customer
requirements and to strive to exceed
customer expectations.

• QMP 2: Leadership - Leaders at all

levels establish unity of purpose and
direction and create conditions in which
people are engaged in achieving the
Figure 2: Quality
organisation’s quality objectives.
Management Principles

• QMP 3: Engagement of People - Competent, empowered and

engaged people at all levels throughout the organisation are
essential to enhance its capability to create and deliver value.

• QMP 4: Process Approach - Consistent and predictable results are

achieved more effectively and efficiently when activities are
understood and managed as interrelated processes that function
as a coherent system.

• QMP 5: Improvement - Successful organisations have an ongoing

focus on improvement.

• QMP 6: Evidence Based Decision Making - Decisions based on

the analysis and evaluation of data and information are more likely
to produce desired results.

• QMP 7: Relationship Management - For sustained success, an

organisation manages its relationships with interested parties, such
as suppliers.

12
2.4 Quality Management Operational Framework
To establish a management system, there are key elements to be
considered, all of which are centred on Leadership. These are shown in
Figure 3 below, but for further details on each element can be found in
JSP 940 Pt 2, Section 3.3.
You can find out more in the ‘Managing Quality Section’ on the KiD.

Figure 3: Organisational Context of Quality

13
3. Government Quality Assurance (GQA)
Government Quality Assurance (GQA) is undertaken to establish
confidence that the contractual requirements relating to Quality are met
for the acquisition and support of defence materiel and services 2.
Government Quality Assurance (GQA) consists of multiple activities to
be applied at all levels of Ministry of Defence (MOD) Acquisition.
Its primary role is to deliver technical assurance to the MOD for the
management of risk via internal activities and, where appropriate,
activities across the contractual boundary for achievement of the
Defence Lines of Development.
GQA in acquisition is broken down into 6 separate stages that reflect the
Acquisition Cycle. These are:

a) Planning for Acquisition.

b) Requirements Preparation.
c) Supplier Selection and Contract Award.
d) Contract Execution.
e) Delivery.
f) Acquisition Conclusion.

The activities and benefits of GQA in each stage are further detailed in
the document 'Government Quality Assurance - A Framework for
Acquisition’. Details on policy and guidance governing these stages are
referenced in JSP 940, Part 2 Chapter 4, and in the ‘Managing Quality’
Section on the KiD.
Key activities within the GQA Framework are shown in Figure 4 and
explained on the next page.

2
NATO Standardisation Agreement, STANAG 4107, Mutual Acceptance of Government Quality
Assurance and Usage of Allied Quality Assurance Publications (AQAPs).

14
3.1 GQA Framework Stages
The GQA Framework (Figure 4) consists of six sequential stages; each
outlines the effective application of QA activities required during that
specific stage of the acquisition process. The diagram below shows the
relationships between the stages and the expected output of each
feeding into the next in sequence.

Figure 4: GQA Framework

15
3.2 Planning for Acquisition
Planning for Quality is a process where stakeholder (customer, project,
and business) quality requirements are captured, planned, embedded,
measured, and continually improved upon throughout the life of the
project. This is achieved through the application of approved and
accepted quality planning using a Plan-Do-Check-Act (PDCA)
philosophy and the principles of Through Life Management.
Effective quality planning is required to be conducted and documented
for the procurement and support of all products supplied to the MOD.
Quality planning in the MOD should be conducted by a Competent
Quality Practitioner within a structured process, as part of a MOD
Organisation’s adherence to their QMS, and should adopt the following 8
principles:
a) Be initiated at the outset of a Project.
b) Involve all Stakeholders and include identification of Quality
resources required throughout the project’s lifecycle.
c) Be appropriate to the size and scope of the Project and the
associated Risks.
d) Facilitate the achievement of Project/Contract requirements.
e) Include the whole Supply Chain.
f) Be an iterative process throughout the Project lifecycle.
g) Promote a ‘right first time on time’ culture.
h) Build upon a principle of continual improvement.

3.3 Project Quality Management Plan

The Project Quality Management Plan was
developed to provide a generic format for
capturing the Planning for Quality requirements,
incorporating the hierarchical planning elements
in a single document. To ensure that internal
MOD acquisition quality activities are
appropriate and implemented, the Acquisition
Organisation is expected to apply a tailored
planning approach to the achievement of quality
for an acquisition and/or support contractual
activity.

16
3.4 Requirements Preparation
Requirements Preparation deals with the determination of the Quality
requirements for the contract, and the appropriate Supplier assessment
measures.

3.5 Appropriate Certification

The MOD policy requirement (JSP940 Pt 1) is that GQA MOD
Organisations shall (as a minimum) ‘only place MOD contracts with
Suppliers who can demonstrate that they have a QMS appropriate for
the products or services being acquired’.

Appropriate Certification is defined as:

The Right Standard – a recognised European [Euro Norm - EN] QMS
standard.
The Right Scope – registered scope of work on the certificate covers
intended acquisition.
The Right Issuing Body – certification was issued by a Certification
Body holding suitable accreditation, with the right scope, from a National
Accreditation Body who is a signatory of the International Accreditation
Forum (IAF) or IAF Accredited Regional Multi-Lateral Agreements. In the
UK, this body is UKAS.
The application of the Appropriate Certification for a specific contract is
dependent upon any applicable regulatory requirements and the severity
of risk associated with the acquisition contractual requirements, from
both a technical and complexity perspective.

The requirement for an appropriately certified QMS as a Technical

Discriminator is mandated where:

a) Regulatory requirements for Supplier QMS certification exist

(i.e., domain specific Supplier certification).
&/or
b) A Very High / High Risk Project
Should the output of the risk assessment determine risks are Medium to
Low Appropriate Certification may be applied as a Weighted Measure
within the contract Dynamic Pre-Qualification Questionnaire (DPQQ).
It may also sometimes be necessary or appropriate to place contracts
with Suppliers who do not hold appropriate certification where the
assessed risks are low or very low.

17
All activities and decisions related to this process in the Project Record
and / or applicable Project Quality Plan.
Further guidance on the application of Appropriate Certification can be
found in JSP 940 Pt 2 and JSP 940 Pt 2, Annex A.

3.6 Selecting QA Requirements for Contracts

Quality Assurance (QA) provides confidence that robust plans are
developed, implemented, monitored, and improved with the goal of
achieving fit for purpose outputs, on time delivery and within budget.
To achieve fit for purpose outputs and meet the mandated requirements
for quality, the correct QA requirements and standards must be correctly
selected for use in MOD contracts – as per the Selection Flowchart and
supporting table in JSP 940 Pt.2, Chapter 4, Annex B and C.

3.7 Standard QA Requirements for Contracts

Standard QA requirements are categorised as either:
• Primary – the main requirements for a QMS; or
• Supplementary –that supplement the QMS for a specific
purpose.
In meeting the MOD policy requirements for GQA; “all MOD contracts
include a section entitled Quality Assurance Requirements, and that all
Contract Requisitions shall have had the Standard Quality Assurance
Contractual Requirements endorsed by a member of MOD staff who is
an Authorised Quality Assurance Signatory”.

3.8 Primary QA Requirements

Primary Standard Quality Assurance Contractual Requirements are
expressed in the NATO Primary Allied Quality Assurance Publications
(AQAPs). AQAPs contractually invoke compliance with ISO 9001 or BS
EN 9100, including NATO specific requirements, which are to be applied
to the provision of products and services. They are not certification
standards, and they do not mandate that a supplier must have a certified
QMS.

18
 AQAPs contain the requirements which, if applied appropriately, provide
confidence in the Supplier’s capability to deliver a product that conforms
to the Acquirer’s contract requirements. The Primary AQAPs contain
generic requirements that are complimentary to other contractual
requirements and are to be considered for all suppliers to the MOD
regardless of type, size, and product. These standards can also be used
as part of any GQA activity that has an agreement such as a MOU
between nations where they have been sighted.
Primary Quality Assurance Contract Requirements – Only One:
AQAP 2110 NATO Quality Assurance Requirements for Design,
Development and Production. It contractually invokes
compliance with ISO 9001 QMS standard requirements
AQAP 2131 NATO Quality Requirements for Final Inspection and
Test. It is not directly linked to the Supplier’s QMS.
AQAP 2310 NATO Quality Assurance Requirements for Aviation,
Space and Defense Suppliers. It contractually invokes
compliance with BS EN 9100 QMS standard
requirements.

Note: Where the need for a primary AQAP has been identified, one and
only one of the primary AQAPs is to be included in the Statement of
Requirements (SoR) and Contract Requisition (CR).
Def Stan 05-61: Part 4 can be used when AQAP 2110 and AQAP 2310
are not included in the contract.

3.9 Supplementary QA Requirements

Supplementary Quality Assurance Contract Requirements – As
Required:
Software For MOD contracts that include development or
maintenance of either deliverable or non-deliverable
software AQAP 2210 - NATO Supplementary Software
Quality Assurance Requirements to AQAP 2110 or
AQAP 2310, shall be included. AQAP 2210 requires
the supplier to apply additional controls to assure
software quality. Note: ISO 25051: Software
engineering – Software Product Quality Requirements
and Evaluation (SQuaRE) is recommended as an
informative standard for Commercial off the Shelf
(COTS) Software.
Supplier Quality Where risks to achieving contract requirements warrant

19
 Plans a ‘deliverable’ Quality Plan and supplementary
information for the application of the Supplier’s QMS
processes, the contract will need to include AQAP 2105
and either DEFCON 602A or DEFCON 602C. The
inclusion of AQAP 2110 or AQAP 2310 in a contract
must always be accompanied by either DEFCON 602A:
Quality Assurance (with a Deliverable Quality Plan) or
DEFCON 602B: Quality Assurance (without Deliverable
Quality Plan) or DEFCON 602C: Quality Assurance
(with a Deliverable Quality Plan and QA Information).
DEFCON 602C additional information requirements are
aligned to the requirements of the KPI for Quality, which
is detailed in ‘Managing Quality’ on the KiD.
Certificate of A CoC provides a method of formal assurance from the
Conformity Supplier that the product(s) conform to contractual
(CoC) requirements. DEFCON 627: Quality Assurance -
Requirements for a Certificate of Conformity, shall be
used to contractually invoke CoC requirements for all
contracts with a Primary AQAP or for design
provenance / traceability.
Managing The process for a technically competent Supplier to
Concessions request, and the MOD to approve, concession is set out
in Def Stan 05-061: Part 1 - Quality Assurance
Procedural Requirements Part 1: Concessions.
Contractor A Contractor Working Party (CWP) is comprised of one
Working Parties or more contractor’s representatives contracted to
undertake specific tasks outside of their own facility,
usually on MOD premises. Where there is a likelihood
that CWPs will be required to operate under a contract,
the contract shall include Def Stan 05-061: Part 4 –
Quality Assurance Procedural Requirements Part 4:
Contractor Working Parties.

20
 Independent Wherever the likelihood exists that the Supplier will
Inspection for need to conduct independent inspections of safety
Safety Critical critical equipment, systems, or where the contract
Items includes ‘one shot’ escape and survival systems, the
contract shall include Def Stan 05-061: Part 9 – Quality
Assurance Procedural Requirements Part 9 –
Independent Inspection Requirements for Safety
Critical Items.
Avoidance of Where it is considered, there is a risk of counterfeit
Counterfeit materiel in the supply chain, DefStan 05-135
Materiel ‘Avoidance of Counterfeit Materiel’ shall be invoked in
the contract.
Def Stan 05-135 can be used when AQAP 2110 and
AQAP 2310 are not included in the contract.
AQAP 2021 is used for CA requirements with NATO
collaborative contracts.

3.10 Counterfeit Materiel

Materiel refers to all equipment, parts, components, products, raw
material, or software associated with the deliverable product or service.
Counterfeit Materiel constitutes “Materiel whose origin, age,
composition, configuration, certification status or other characteristics
(including whether the materiel has been used previously) has been
falsely represented by:
• Misleading marking of the materiel, labelling or packaging.
• Misleading documentation; or
• Any other means, including failing to disclose information.
except where it has been demonstrated that the misrepresentation was
not the result of dishonesty by a supplier or external provider within the
supply chain.” – Def Stan 05-135 and AQAP 2021.

DEF STAN 05-135: Avoidance of Counterfeit Materiel, when applied to a

contract, dictates that the supplier shall have a defined and documented
policy for the avoidance of counterfeit materiel, including the requirement
for an Anti-Counterfeiting Management Plan (ACMP). The ACMP shall
be made available to customers on request. The supplier shall have
arrangements in place to manage the risk of counterfeit materiel in their
supply chain.

21
The Counterfeit Avoidance Maturity Model (CAMM) has been
developed as a support tool for the MOD and its Suppliers; it is intended
to provide a consistent assessment of DEFSTAN 05–135. The CAMM
reflects good practice from across industry and establishes a level of
maturity for a Supplier’s processes. NATO has also produced
Standardisation Recommendation STANREC 4791 which identifies
several requirements that address counterfeit material including NATO
AQAP 2021: Avoidance of Counterfeit Material in the Defence Supply
Chain. AQAP 2021 includes requirements on CA for use with NATO
collaborative contracts.

The Counterfeit Avoidance Working Group (CAWG) is a MOD led

Working Group with representation from MOD and Industry who provide
direction, through policy and guidance, on the aspects of preventing,
detecting, and responding to the threat of counterfeit materiel within
defence acquisition. The CAWG annually convenes a joint MOD/Industry
international event to enhance awareness and showcase the latest
practices to mitigate the Counterfeit threat.

3.11 Performance Indicators

3.11.1 Key Performance Indicators (KPIs)
The Key Performance Indicator (KPI) for Quality is used as assurance
for the continued application of the Supplier’s Quality Management
System (QMS), Quality Planning and Quality Assurance during the term
of the contract. This emphasises to the Supplier that the MOD
recognises the importance of Quality Management and its Assurance.
The KPI for Quality has been developed for use in MOD contracts which
is aligned to (and a continuation of) the ‘additional QMS information’
required in DEFCON 602C. Designed to provide an incentive to the
Supplier for the application of robust QMS processes during the term of
a contract, this KPI should be used within the Contract Management
Plan and is recommended for use for complex and high risk acquisition
(including the risk of reputational damage to the MOD).
Whilst the requested QA information in DEFCON 602C and the KPI for
Quality are linked, DEFCON 602C can be used independently of the KPI
should the competent GQA Practitioner consider that the contract
requires only DEFCON 602C. However, the use of both DEFCON 602C
and KPI in the contract require the application of appropriate QMS
certification at Dynamic Pre-Qualification Questionnaire (DPQQ) /
Invitation to Tender (ITT).

22
3.11.2 Quality Performance Indicators (QPIs)
For all contracts, Quality Performance Indicators (QPIs) should be
included in the contracts, in addition to the other performance
measurements agreed by the Acquisition Organisation and Supplier.
Measurement analysis and improvement relies on objective evidence
and understanding of how the quality of products and/or services
delivered to the front line is changing, and how well the associated
quality processes are working.
You can find out more in Managing Quality Section on the KiD.

3.12 Supplier Selection and Contract Award

All GQA activity conducted during the Supplier Selection and Contract
Award stage shall be conducted by competent/licenced GQA
Practitioners and adhere to the Commercial Policy as defined within the
Commercial Toolkit on the KiD. To ensure Supplier compliance to the
MOD Appropriate Certification policy, a competent/licenced Quality
Practitioner shall assess submitted QMS certificates.
JSP 940: Part 2, Chapter 4, Annex A3 states that the certificate needs
to be valid, in date, and have stated a matching name and address for
the supplier on the Expression of Interest and QMS certification.
Once it has been determined to apply Appropriate Certification for a
contract, the competent GQA Practitioner is to use the suitable Model
Quality question published within the Defence Sourcing Portal; the
instructions within the ‘Model Acquisition QA Questions Application
Instruction’ document published within the Commercial Toolkit Quality
Assurance (QA) in the ‘Contracts’ page in the KiD refers.

3.12.1 Pre-Contract Award Evaluation (PCAE)

PCAE is one of several Tender Assessment (TA) tools that may be used
to mitigate or identify risks associated with a specific tenderer or the
associated bid. It is a systematic evaluation of a tenderer’s ability to
meet draft contract requirements and is undertaken by the acquisition
team, at the tenderer’s premises, in support of project TA activities.
For the PCAE to be effective, the acquisition team should ensure that
individuals evaluating the Tenderer’s QM controls are, as a minimum, a
competent Quality Practitioner. More information on the PCAE can be
found in the Tender Preparation and Process Management Commercial
Policy Statement in the Commercial Toolkit on the KiD.

23
3.13 Contract Execution
The Contract Execution stage is when the Supplier works towards
realising the equipment or service to the requirements specified in the
contract thus validating the Acquirer’s strategy for the acquisition.

3.14 Supply Chain GQA

GQA within NATO, under STANAG 4107, is defined as the process by
which National Authorities establish confidence that the
contractual requirements relating to quality are met. Within the
supply chain this is to be conducted by an authorised GQA
Representative (GQAR) organisation through the conduct of GQA
Surveillance (GQAS). UK MOD delivery teams are to apply the risk
based GQAS process when tasking GQARs.

3.15 GQA Representatives (GQARs)

GQARs are the personnel with responsibility for GQA, within the supply
chain, acting on behalf of the Acquirer. There are currently four
registered GQAR organisations in the UK:
• Defence Quality Assurance Field Force (DQAFF)
• Principle Naval Overseer (PNO)
• Nuclear Propulsion Project Team (NPPT)
• In-Service Submarines (ISM)
Three provide GQA services within their own delivery areas. The fourth,
Defence Quality Assurance Field Force (DQAFF), which provides GQAR
services to MOD delivery teams and NATO nations that place contracts
with UK suppliers. All GQAR organisations are tasked based on risk in
product delivery and the supply chain.
‘Managing Quality’ on the KiD contains details of MOD Organisations
and individuals authorised by the DFATQS to act as a GQAR within
MOD contracts.

3.16 GQA Surveillance (GQAS)

GQAS is defined as the systematic and regular monitoring of the
contractual elements of the Supplier’s QMS, processes and products, to
provide confidence to the acquiring nation that the Supplier is fulfilling
the requirements of the contract.

24
In meeting the MOD policy requirements (JSP 940) for GQA, the MOD
shall as a minimum:
• Manage supplier and/or product related risk, with consideration
given to conducting GQAS to assist the risk mitigation process
• Only task authorised GQARs to carry out GQAS to assist in the
mitigation of risk on contracts or sub-contracts within the UK
• Utilise the Overseas Quality Assurance procedures to request
GQAS to assist with risk mitigation on contracts or sub-contracts
placed outside the UK.
Within the UK, GQAS can only be performed by a registered GQAR
organisation. GQARs are the personnel with responsibility for GQA
activities within the Supplier environment, acting on behalf of the MOD
Acquirer. This is to ensure that the MOD maintains a consistent
engagement with industry. MOD ensures the organisation uses
competent GQAR practitioners, that follow the procedures agreed by
NATO nations under STANAG 4107 and defined in AQAP 2070: NATO
Mutual GQA Process.

3.17 Overseas Quality Assurance

Many MOD contracts are now placed with overseas suppliers or have
global supply chains. When contracting for quality and managing quality
aspects in overseas contracts, many basic principles are the same as for
domestic contracts; however, if the contracts are placed with suppliers in
NATO countries, then we have access to GQA services from the NATO
nation who has signed up to STANAG 4107.
Requests for GQA must be in accordance with AQAP 2070: NATO
Mutual Government Quality Assurance Process, GQA procedure and
associated templates and guidance.
The Organisation for Joint Armament Cooperation (OCCAR) uses OMP
7 (OCCAR Management Procedure 7: Government Quality Assurance),
which is based on AQAP 2070 for the mutual GQA between
participating nations. OCCAR can request Member States to provide
GQA for all OCCAR Programs irrespective of their involvement in the
Programme.

25
Where a nation is not within the NATO alliance and is signed up to
STANAG 4107, which includes NATO Interested Parties then GQA will
be subject to a bilateral agreement under a Memorandum of
Understanding (MoU) or a Implementing Arrangement (IA) under an
MoU. Care must be taken to ensure the work is carried out under the
terms of the correct MoU. If no MoU exists with the final user nation,
GQA should not be provided. JSP 462 controls the financial
arrangements embedded in any other document and states that charges
must be levied awhenever a MOD organisation is providing services to
non-MOD bodies.
More information on Overseas QA, and request processes can be found
in the ‘Managing Quality’ section in the KiD and JSP 940: Part 2.

3.18 Delivery
The Delivery stage is concerned with the Supplier’s presentation of
products or services that conform to the requirements of the contract.
Activities during Delivery include:
• Verification of conformance for contract deliverables to the
contractual requirements.
• Resolution of issues (including verification of any concessions
issued).
• Completion of the contractual documentation in accordance with
MOD and applicable regulatory requirements.

3.19 Acquisition Conclusion

Activities conducted at this stage are concerned with reviewing the
performance of both the MOD delivery team and the Supplier in
delivering the project/contract over the acquisition lifecycle. GQA
Practitioner should ensure that all GQA activities are concluded,
recorded, and reported accordingly.
You can find out more in ‘Managing Quality’ Section on the KiD.

26
4. Quality Improvement Tools and
Techniques
Quality Improvement is an essential aspect of QM and GQA. Tools and
Techniques can be utilised to improve quality, manage change, and
deliver capability. There are a range of tools and techniques the Quality
Practitioner can utilise to develop Quality Improvement.

Tools Include
• Brainstorming
• Control Chart
• Learning from Experience
• Root Cause Analysis (RCA)
- 5 Why’s
- The Cause-and-Effect Diagram
• Plan, Do, Check, Act

Techniques Include
• DRIVE (Define, Review, Identify, Verify, and Execute).
• Six Sigma.
• DMAIC process (Define, Measure, Analyse, Improve, Control).
• DMADV process (Define, Measure, Analyse, Design, Verify).
• Process Mapping.
• Statistical Process Control (SPC).
• Simulation.
You can find out more in Managing Quality Section on the KiD.

27
5. Configuration Management
5.1 What is Configuration Management?
CM ensures the product or service
functions, is operated, and is maintained as
designed. It is a through life activity and
must be considered at the earliest stages
in the capability lifecycle, from pre-Concept
through to Disposal / Termination.
The identification of these interfaces
allows:
a) An assessment to be made of the Defence Lines of
Development (DLOD) interaction or dependency.
b) The Capability to be tailored to suit the operational environment /
duration of the deployment.
c) The improved operation of the Capability either independently or
in conjunction with other coalition capabilities.
CM documents the through-life management of changes to and
traceability of the evolution of the user requirements, to the eventual
manufacture of equipment, development of software or the provision of a
service. This information can be used later in the Capability Lifecycle to
influence decisions, improve design, enhance maintainability, and
reduce cost.
Changes may be introduced to mitigate or nullify the effects of product
deterioration due to ageing, corrosion, or repair on repair.

Typical changes include In-service modification to improve/enhance:

• Safety
• Risk reduction
• Correction of product defects
• Comply with legislative changes
• Allow for technology insertion
• Capability, performance & supportability
• Mitigate obsolescence
CM is key to ensuring such changes and their impacts are appropriately
considered. “This ensures configuration is identified to the lowest
appropriate level as well as establishing system / sub-system interfaces”
- JSP 945, Pt 2.

28
5.2 Configuration Management Principles
The MOD Organisation Team Leader is ultimately responsible for the
implementation of Configuration Management policy and ensuring the 5
Key CM Principles are applied appropriately, as follows:

a) Configuration Management and Planning

To implement an effective CM process, it is necessary to first undertake
a rigorous planning exercise. The aim being to plan and manage the CM
process such that it delivers the outputs expected when required.
Configuration Management and Planning is a through life activity; it
should be undertaken initially by the MOD Delivery Organisation and
then the Supplier upon contract award. Post contract award the plan
should detail the activities, authority, and responsibilities for both the
MOD and the contractor.

b) Configuration Identification and Documentation

The application of CM controls at a system level rarely results in
effective control. For this reason, it is normal to produce a Product
Breakdown Structure (PBS) and then review the PBS to identify those
assemblies, sub-assemblies, and components for which the control of
functional and physical characteristics is critical to ongoing product
performance, safety, quality, supportability etc.
The output from the PBS review is a listing of assemblies/sub-
assemblies and components that will be subject to CM practices
throughout the product life cycle. These items are known as Configured
Items (CI).
Each CI should have a list of defined properties which together define its
uniqueness. A change to any of these properties constitutes a change to
the CI. For each CI there should be associated configuration
documentation defining the properties. Depending on the complexity,
this may range from a full specification with detailed manufacturing
drawings down to a brief descriptive brochure or datasheet.

29
 c) Configuration Change Management
The Configuration Change Management (CCM) process shall:
• Always identify the CCM authority, throughout the product life
cycle.
• Enable decisions to be taken on proposed changes to the
product.
• Ensure that compatibility is maintained between the product CIs
themselves and those in any interfacing product or system.
• Establish CCM groups/committees as determined by change
processes.
• Determine the terms of reference for each group/committee and
the controls required to manage the CCM system efficiently and
effectively.
d) Configuration Status Accounting
• A Configuration Status Accounting (CSA) process shall be
developed for all CIs and be maintained for the life cycle of the
product.
• CSA shall record and make available the information necessary
to manage the configuration effectively and maintain traceability
of the CM documentation, the status of proposed changes to the
configuration and the implementation status of authorised
changes to the product.
• Configuration information shall be presented in the formats
specified in the Configuration Management Plan (CMP).
• Procedures for CSA shall be detailed in the CMP.
e) Configuration Audits (CA)
CA reports shall be formally presented to the appropriate authority for
acceptance and evaluation of any need for corrective action.
There are two types of Configuration Audit (CA):
• Functional Configuration Audit (FCA) – is the examination of test
data/quality records for a Configured Item (CI) to verify
conformance with performance/functional characteristics.
• Physical Configuration Audit (PCA) – is the examination of the
“as built” CI to verify conformance with build data.
More information on the key principles of CM can be found within the
Engineering Section on the KiD, and in JSP 945 Part 1.

30
5.3 Configuration Management Plans
An example of a generic CM plan is available in the KiD, and a CM Plan
template can be found on GEAR. MOD Organisations can tailor the
content to suit their needs. Only relevant CM activities which add value
to the process should be included, thereby reducing negatory effort.

5.4 Assurance of Configuration Management

Assurance for all users of CM can be provided by carrying out a Project
Review & Assurance (PR&A) assessment. PR&A is an activity designed
to deliver progressive assurance throughout the life of a project and prior
to key investment decisions.
The Defence Functional Authority for Technical, Quality and
Standardization (DFATQS) is responsible for the delivery of all PR&A
CM activities. More on DFATQS can be found in Section 6 of this
document.
Assurance and assessment are also provided to PTs for compliance
with Support Solution Development Tool SSDT21, Cross Cutting
Themes CCT5.2, offering advice and guidance on compliance criteria.

6. Roles and Responsibilities

6.1 Defence Functional Authority for Technical, Quality &
Standardisation (DFATQS)
The Defence Functional Authority for Technical, Quality and
Standardization (DFATQS) operates under a Letter of Authority from the
MOD Permanent Secretary.
The DFATQS vision for Quality in MOD is to: “Ensure correct standards
are maintained in delivering Defence Capability by the appropriate
assurance of acquisition, engineering and logistics support activities
through the coherent and effective management of Quality across
Defence”.
The DFATQS is the Deputy Head of Profession for Quality and
Configuration Management (QCM), responsibilities include championing
both the Quality and the Configuration profession across all civilian and
military staff in the Defence workforce. Within DE&S the Skills Lead is
also the Head of Specialism (HoS) for QM.
The Deputy Head of Profession sponsors the MOD civilian functional
competences for Quality and CM and maintains a strategic overview of

31
Quality and Configuration specific competences and training available
across all MOD Top Level Budget areas, including the training courses
for Quality and CM delivered by the Defence Academy. This supports
the development of individuals to ensure capable, suitably qualified, and
experienced personnel in both Quality and CM across the department.

6.2 DFATQS Policy

QCM Policy as the executive arm of the DFATQS are responsible for
setting Ministry of Defence:
• Quality and Configuration Management policies and guidance.
• Quality and Configuration Management contractual standards.
• Professional standards by upskilling, assuring the competence of
licensing Quality Practitioners in the Ministry of Defence.
• Furthering collaboration and UK Ministry of Defence Quality and
Configuration Management interests in national and international
committees.
• Raising awareness and setting the policy for the identification and
control of counterfeit avoidance within the UK Defence Industry.

6.3 Key MOD Quality Engagements

The MOD undertakes external engagement with other Quality
organisations and influences the development of standards with ISO and
NATO. These engagements include:
• NATO WG 2 and NATO WG 7
• UK’s Accreditation Service (UKAS) to influence third party
certification via the UKAS Board, the Policy Advisory Committee
(PAC) and the Policy Advisory Forum (PAF).
• The Defence Industries Quality Forum (DIQF). the formal
consultation link with industry.
• The CAWG is a joint MOD/Industry international forum. More
information can be found in Section 3.10.
• The Chartered Quality Institute (CQI) to input to direction on
competence, special interest groups and studies through the
Defence Special Interest Group (DSIG) Steering Committee and
the CQI Council.
Internally the Quality Assurance Consultation Group (QACG) are the
senior MOD internal consultative mechanisms aimed at identifying and
sharing information on quality principles, good practice, issues, and
risks.

32
It enables the DFATQS to consult internally, to develop and deliver
effective Policies, Standards and Processes focused on achieving
capability at the required quality, on time, and at the best value for
money across the MOD community. Together with the DIQF, the QACG
monitors the implementation of MOD Quality Policies, Standards and
Processes.
You can find out more in ‘Quality Management’ Section on the KiD.

6.4 National Quality Assurance Authority (NQAA)

The UK National Quality Assurance
Authority (NQAA) is a position established
within the MOD to meet UK commitment
to NATO under STANAG 4107 Mutual
Acceptance of Government Quality
Assurance and usage of the AQAP.
The NQAA has two major roles:
• Ensure the UK MOD meets its
responsibilities in accordance with NATO agreement
STANAG 4107.
• Represent UK MOD interests for Quality within NATO.
The DFATQS is delegated to be UK NQAA, operating under a letter of
delegation from the MOD PS through the UK NATO Conference of
National Armament Directors (CNAD) representative.

6.5 Defence Quality Assurance Field Force (DQAFF)

DQAFF has been established by the UK NQAA to fulfil the UK
obligations under STANAG 4107 for the provision of NATO nation GQA
and agreements established through intergovernmental MoU. This
should define the requirements for mutual GQA under STANAG 4107
and the benefits to acquisition through the oversight and risk-based
surveillance of the defence suppliers and their supply chain.

See useful websites for more information on DQAFF.

33
6.6 Configuration Management
The MOD Delivery Team (DT) CM focal point is responsible for ensuring
development, implementation, and control within the PT for the life of the
project.
The Supplier shall develop a
deliverable CM plan to meet the
requirements in Def Stan 05-057. The
supplier is also responsible for fulfilling
the contractual CM requirements and
ensuring that CM controls are effective,
including all sub-contractor CM
activities.

7. Check Lists
Quality Assurance (QA), Quality Management (QM), and Configuration
Management (CM) are the 3 elements that ensure the Management of
Quality and Configuration Management (QCM).
A checklist of QA requirements can be found in Annex A with checklists
being split into the roles and requirements of the following roles:
• Delivery Team Leader (Annex A.1)
• Authorised QA Signatory (Annex A.2)
• Project GQA Practitioner (Annex A.3)
• GQARs (Annex A.4)
• Delivery Team Members (Annex A.5)

The QM roles and requirements are based on the elements of the CQI's
Profession Map (Figure 1):

• Context - Uses domain and/or industry-specific knowledge

to ensure effective implementation of governance,
assurance, and improvement.
• Governance - Ensures that all organisation requirements are
reflected in operational frameworks, policies, plans, and that
these meet all stakeholder requirements.
• Assurance - Embeds a culture of assurance to ensure that
policies, processes, and plans are effectively implemented,
and that all outputs (both internal and deliverable) are
consistent with requirements.

34
 • Improvement - Facilitates a culture of evaluation (both
qualitative and quantitative), learning and improvement which
drives more effective, efficient, and agile ways of working to
support business strategy, enhance reputation and increase
profitability.
• Leadership - Uses leadership behaviours to maximise
influence and develop a culture of evaluation and
improvement.

A checklist for CM can be found in Annex B. CM tasks are completed by

many roles and CM assurance tasks should be completed by a Subject
Matter Expert (SME). CM SMEs provide support to delivery teams and
can be contacted through the QCM-Policy Helpline.

8. Professional Competences
8.1 Description
The competence levels are made up of
Core and MOD professional
requirements and often take the form of
Skills Footprints or Terms of Reference
in relation to post and individual
performance requirements. A Quality
Practitioner should be able to
demonstrate competence on the
application of knowledge and experience, in areas of activity such as
QCM or GQA.
The basis Success Profiles, in the MOD, is the “Managing Quality”
Competence Framework, which can be found on the DefNet People
Portal under the Competence Frameworks M-Z, which takes its lead
from the competence requirements defined by the professional body for
Quality – the Chartered Quality Institute (CQI). The Managing Quality
competences are supported by other functional competence frameworks
such as Quality and Configuration Management (QCM) and Risk
Management and are underpinned by the Civil Service Core
Competency Framework.

35
8.2 Personal Development
Training and development opportunities are available to help Quality
Practitioners attain and improve MOD Quality competencies and
professionalism. Details of all courses available are shown in the Trifold
Course Guide on the QCM-Policy website. Courses are provided in
various forms:
The MOD’s Quality Development Scheme (QDS)
• Aims to develop or refresh an individual’s knowledge in Quality,
providing individuals with the knowledge to complete quality
activities in the workplace.
• 12 structured learning modules to be completed across 2 years
• Recognised professional status at the CQI
• Achievement of MOD Quality Intermediate Practitioner Licence
• Open to all TLBs and personnel in the MOD
• More details are shown on the KiD, or contact destech-
[email protected] for more information.
Virtual and face-to-face training delivered by the Defence Academy
• Quality Assurance Practitioner Training
• Contract Quality Requirements
• Configuration Management for Practitioners
• Audit and Evaluation Skills
On-Line Courses delivered by the Defence Academy
• Principles of Configuration Management
• AQAP 2070 Mutual GQA Process Online
• Counterfeit Avoidance on-line
Workbook courses hosted on the QCM-Policy website
• Quality Fundamentals
• Quality in the MOD
• Quality Management Principles (QMP)

36
8.3 MOD Quality Practitioner Licensing Scheme
The MOD Quality Practitioner Licensing Scheme is the official route for
assessment of competence and forms a major part of the Upskilling
Programme for Quality Practitioners throughout the MOD. Its intention is
to enhance the professionalism of each of the two functions of GQA and
QM by linking the competencies to the CQI.

8.4 Licenced Quality Practitioner

A Licenced Quality Practitioner holds one of the three types of licence
gained through the MOD Quality Practitioner Licensing Scheme:
• Government Quality Assurance (GQA).
• Quality Management (QM).
• Comprehensive (GQA and QM combined).

You can find out more in Managing Quality, Competence and

Development, Licensing Section on the KiD.

8.5 Chartered Quality Institute Membership

The CQI is a leading global professional body for quality and audit
professionals. As a member of the CQI, you are a part of a unique
network of thousands of professionals working in Quality Management.
Becoming a member of the CQI gives you opportunities for learning,
development, and networking, as well as unrivalled recognition.

The CQI offers a range of membership grades depending on where you

are on you career path, ranging from Student to Fellow. You can find out
more about CQI memberships here.

37
9. Quality Policy and Guidance Documents
Related Publication Title
Publications
ACMP 2100 The Core Set of CM Contractual
requirements
AQAP 2070 NATO Mutual Government Quality
Assurance Process
AQAP 2105 NATO Requirements for Quality Plans
AQAP 2110 NATO Quality Assurance Requirements for
Design, Development and Production
AQAP 2131 NATO Quality Assurance Requirements for
Inspection and Test
AQAP 2210 NATO Supplementary Software Quality
Assurance Requirements to AQAP 2110 or
2310
AQAP 2310 NATO Quality Assurance Requirements for
Aviation, Space and Defence Suppliers
AQAP 4107 Mutual Acceptance of Government Quality
Assurance and Usage of Allied Quality
Assurance Publications (AQAP)
BS EN 9100 Quality Management Systems - Requirements
for Aviation, Space and Defence
Organisations
DEFCON 524A Counterfeit Materiel
DEFCON 602A Quality Assurance (Without a Deliverable
Quality Plan)
DEFCON 602B Quality Assurance (Without a Deliverable
Quality Plan)
DEFCON 602C Quality Assurance (with a Deliverable Quality
Plan and QA Information)
DEFCON 627 Quality Assurance – Requirements for a
Certificate of Conformity
DEFCON 638 Flights Liability and Indemnity

38
DEFSTAN 05 – 057 Configuration Management of Defence
Materiel
DEFSTAN 05 – 061 Quality Assurance Procedural Requirements
Part 1 – Concessions
DEFSTAN 05 – 061 Quality Assurance Procedural Requirements
Part 4 – Contractor Working Parties
DEFSTAN 05 – 061 Quality Assurance Procedural Requirements
Part 9 – Independent Inspection Requirements for
Safety Critical Items
DEFSTAN 05 – 100 MoD Requirements for Aircraft Flight and
Grounding Running
DEFSTAN 05 – 135 Avoidance of Counterfeit Materiel
DEFSTAN 05 – 138 Cyber Security for Defence Suppliers
JSP 822 Defence Direction and Guidance for Training
and Education
JSP 892 Risk Management
JSP 940 MOD Policy for Quality
ISO 12207 Systems and Software Engineering –
Systems Life Cycle Processes
ISO 15288 Systems and Software Engineering –
Systems Life Cycle Processes
ISO 9000 Quality Management Systems –
Fundamentals and Vocabulary
ISO 9001 Quality Management Systems –
Requirements
STANAG 4107 Mutual Acceptance of Government Quality
Assurance and Usage of Allied Quality
Assurance Publications (AQAP)

39
10. CM Policy and Guidance Documents
Related Title
Publications
ACMP 2000 NATO Policy on CM
ACMP 2009 NATO Guidance on CM
ACMP 2100 NATO CM Contractual Requirements for
Materiel
AQAP 2110 NATO Quality Assurance Requirements for
Design, Development and Production
AQAP 2210 NATO Supplementary Software Quality Assurance
Requirements to AQAP 2110 or 2310
DEFCON 82 Special Procedure for Initial Spares
DEFSTAN 00-600 Integrated Logistics Support Requirements for
MOD Projects
DEFSTAN 05 - 057 CM of Defence Materiel
DEFSTAN 05 - 061 Quality Assurance Procedural Requirements
EIA649B Standard for CM
ISO 9001 Quality Management Systems - Requirements
ISO 10007 Quality Management Systems – Guidance for CM
ISO 12207 Systems and Software Engineering – Software Life
Cycle Processes
ISO 15288 Systems and Software Engineering – System Life
Cycle Processes
ISO 90003 Software Engineering – Guidelines for the
Application of ISO 9001 to Computer Software
ITIL V3 Information Technology Infrastructure Library
JSP 935 Software Acquisition Management for Defence
Equipment
JSP 945 Part 1 MOD Policy for CM – Directive
JSP 945 Part 2 MOD Policy for CM – Guidance
MAA RA 5301 Air System Configuration Management
MAA RA 5305 In-Service Design Change
STANAG 4427 CM in System Life Cycle Management

40
11. Useful Websites
BSOL British Standards Online
British Standards:
(bsigroup.com)
CQI | IRCA | - Leading Quality since
Chartered Quality Institute:
1919
Home - Commercial Toolkit - KiD - UK
Commercial Managers Toolkit:
MOD
Defence Academy: DAMOD
Defence Quality Assurance Defence Quality Assurance – Field
Field Force (DQAFF): Force (DQA-FF)
publications Archive - European
European Co-operation for
Accreditation (european-
Accreditation:
accreditation.org)
Institute of Process Excellence
Home (ipxhq.com)
(Configuration Management)
International Organisation for ISO - International Organization for
Standardization: Standardization
ISO TC/176/SC2 Home Page: ISO/TC 176/SC 2 - Quality systems
Joint Service Publication
MOD policy for quality (JSP 940) -
(JSP) 940 MOD Policy for
GOV.UK (www.gov.uk)
Quality:
KiD - Configuration What is Configuration Management
Management: (CM) ? - Engineering - KiD - UK MOD
Home - Managing Quality - KiD - UK
Knowledge in Defence (KiD)
MOD
NATO Standards: NSO NSDD (nato.int)
United Kingdom Register of Quality
QA Register:
Assessed Companies
Quality and Configuration
QCM-Pol Helpline
Management Policy Helpline
Strategic Supplier Strategic Supplier Management
Management (SSM): Homepage (sharepoint.com)

41
UK Defence Quality and UK Defence Quality and Configuration
Configuration Management Management Policy (QCM-Pol) -
Policy GOV.UK (www.gov.uk)
UK Defence Standardization
Home (mod.uk)
(Dstan):
United Kingdom Accreditation UKAS - The UK Accreditation Body -
Service: Creating Confidence
Upskilling for Quality and
Training - Managing Quality - KiD - UK
Configuration Management
MOD
(QCM):

12. Abbreviations
ACMP Anti-Counterfeiting Management Plan
AQAP Allied Quality Assurance Publications
BS EN British Standard European Norm
CA Counterfeit Avoidance
CA Configuration Audit
CAMM Counterfeit Avoidance Maturity Model
CAWG Counterfeit Avoidance Working Group
CCM Configuration Change Management
CCT Cross Cutting Themes
CI Configured Items
CM Configuration Management
CMP Configuration Management Plan
CNAD Conference of National Armament Directors
CoC Certificate of Conformity
COTS Commercial Off the Shelf
CQI Chartered Quality Institute
CQR Contract Quality Requirements
CR Contract Requisition
CSA Configuration Status Accounting
CWP Contractor Working Party
Def Stan Defence Standards
DEFCON Defence Conditions
DefNet Defence Network
Defence Funtional Authority for Technology, Quality
DFATQS and Standardisation
DIQF Defence Industry Quality Forum

42
DLOD Defence Line of Development
DMADV Define, Measure, Analyse, Design, Verify
DMAIC Define, Measure, Analyse, Improve, Control
DPQQ Dynamic Pre-Qualification Questionnaire
DQAFF Defence Quality Assurance Field Force
DRIVE Define, Review, Identify, Verify, Execute
DSIG Defence Special Interest Group
DT Delivery Team
FCA Functional Configuration Audit
GQA Government Quality Assurance
GQAP Government Quality Assurance Practitioner
GQAP Government Quality Assurance Plan
GQAR Government Quality Assurance Representative
GQAS Government Quality Assurance Surveillance
IA Implementing Arrangement
IAF International Accreditation Forum
ISM In-Service Submarines
ISO International Organisation for Standardisation
ITT Invitation to Tender
JSP Joint Service Publication
KiD Knowledge in Defence
KPI Key Performance Indicators
LQP Licenced Quality Practitioner
MOD Ministry of Defence
MoU Memorandum of Understanding
NATO North Atlantic Treaty Organisation
NPPT Nuclear Propulsion Project Team
NQAA National Quality Assurance Authority
OCCAR Organisation for Joint Armament Cooperation
PBS Product Breakdown Structure
PCA Physical Configuration Audit
PCAE Pre-Contract Award Evaluation
PDCA Plan, Do, Check, Act
PNO Principle Naval Overseer
PR&A Project Review and Assurance
Pt Part
QA Quality Assurance
QACG Quality Assurance Consultation Group
QAG Quality Assurance Group
QCM Quality and Configuration Management

43
QDR Quality Deficiency Reports
QDS Quality Development Scheme
QM Quality Management
QMP Quality Management Principles
QMS Quality Management System
QPI Quality Performance Indicators
RCA Root Cause Analysis
SF Stakeholder Forum
SME Subject Matter Expert
SoR Statement of Requirements
SOW Statement of Work
SQuaRE Software Quality Requirements and Evaluation
SSDT Support Solution Development Tool
STANAG NATO Standardisation Agreement
STANREC Standardisation Requirement
TA Tender Assessment
UKAS United Kingdom Accreditation Service

44
Annex A – QA Checklists
A.1 Delivery Team Leader
• Ensure compliance with JSP 940 Part 1: Directive.
• Ensure that JSP 940 Part 2: Guidance, and guidance published on
the KiD, are complied with.
• Delegate authority for quality issues to a competent GQA
Practitioner (GQAP).
• Ensure the team has the necessary resources and competences
to address the application of, and compliance with, acquisition
Quality requirements.
• Ensure compliance to their organisation’s QMS.
• Ensure a Quality Strategy is defined for the portfolio or projects for
which they are accountable.
• Ensure the generation and implementation of quality planning, at
appropriate levels, is conducted by a competent GQAP.
• Ensure that there are appropriate forums in place within the formal
acquisition reporting structure to address acquisition quality and
quality assurance activities. For example, the formation of Quality
Assurance Groups (QAGs).
• Comply with the DFATQS policies for the conduct of Quality
Assurance Surveillance and the use of GQAR by:
- Within the UK, ensure that only authorised MOD GQARs are
tasked to carry out GQAS to assist in the mitigation of risk.
- Outside the UK, ensure that the correct procedures are used to
request GQA to assist with risk mitigation.
• Ensure that any proposed suppliers’ QMS Certification meets the
Appropriate Certification policy, and that appropriate Quality
Assurance Standards and Requirements are included in contracts.
• Exceptionally approve use of suppliers with no certificated QMS.
• Ensure contractual requirements are clearly defined, measurable
and achievable.
• Define clear product acceptance criteria.
• Ensure that corrective and preventive actions are completed in a
timely manner.
• Ensure that unsatisfactory quality trends are monitored, for
example, defects, deficiencies, and other feedback.
• Ensure GQAP activities are addressed.

45
• Ensure that contract related risks are considered during Contract
Requisition process.
• Ensure that all quality assurance contractual requirements are
endorsed by a LQP or and Authorised Signatory prior to
submission.
• Ensure the application of the appropriate protections for the
Defence Inventory for Counterfeit Avoidance.
• Apply the principles of PDCA.

A.2 Authorised QA Signatory

An Authorised Quality Assurance Signatory is an individual who has
been deemed competent to select and endorse Standard Quality
Assurance Contract Requirements for MOD contracts subject to the
relevant delegation of those duties by the Delivery Team Leader or
relevant manager.
• Review the contract Business Case and draft Statement of
Requirement / Statement of Work, inclusive of identified risks.
• Use the Selection Process in JSP 940 Pt 2 Chapter 4 Annex B to
determine the Standard Quality Assurance Contractual
Requirements appropriate for the contract.
• Ensure that the SOR / SOW is updated to include the
recommended Standard Quality Assurance Contractual
Requirements.
• Conduct a review of the contractual terms and conditions to verify
the inclusion of the recommended Standard Quality Assurance
Contractual Requirements.

An authorised QA Signatory is defined in JSP 940, Pt 2 as:

“A MOD Crown Servant who meets one of the following:

1. Holds a Full MOD Quality Licence for GQA

2. Holds a Comprehensive MOD Quality Licence
3. Has completed the Contract Quality Requirements (CQR)
course, has successfully passed the course examination, and
possess a Letter of Authority issued by the Quality and
Configuration Management Policy Licensing Team.”

You can find out more information in Managing Quality, Competence

and Development and Licensing Section on the KiD.

46
A.3 Project GQA Practitioner
• Conduct GQA planning and produce a GQA Plan (GQAP)
appropriate for the acquisition activities to be conducted, in
consultation with the relevant project Subject Matter Experts
(SMEs).
• Input to the project risk identification and assessment process,
including the identification of risks that can be mitigated by
tasking GQAR to conduct GQAS.
• Ensure the appropriate QA Standards and Requirements are
included in the contracts.
• The Project Manager should approach the Project Quality
Assurance Officer (and relevant SME’s) to discuss the
requirements for Counterfeit Avoidance, and the inclusion of Def
Stan 05-135 in the contract.
• Ensure that contract related risks are considered during the
Contract Requisition process.
• Apply the principles of PDCA
• Review and endorse the quality requirements in the Contract
Requisition, for the Request for Quote, prior to submission.
• Accept or reject and manage Deliverable Quality Plans.
• Co-ordinate and monitor all projects related quality assurance
activities, including measurement of contract quality
performance.
• Ensure adherence to a controlled process to manage supplier
concession applications.
• Ensure that corrective and preventive actions are completed in a
timely manner.
• When GQAR activities are to be called up in the contract, agree
the use of GQAR resources with the GQARs concerned prior to
contract let.
• Consult with GQARs to inform on acquisition risks and the need
for GQAS.
• Task an authorised MOD GQAR organisation to carry out risk
based GQAS.
• Provide GQARs with any necessary documentation.

47
 • Liaise with GQARs to:
- Assess supplier’s capabilities.
- Agree surveillance plans.
- Assess whether GQA at sub-suppliers is required.
- Advise of any risks not to be discussed with suppliers.
• Act upon GQAR reports as necessary.
• Where resolution of quality related contractual issues cannot be
agreed, escalation action in accordance with the Partnering
Approach for Improving Quality as defined in JSP 940 Part 2
Chapter 4, Section 4.5 should be considered.
• Report on acquisition quality assurance to the appropriate
forums.
• Maintain the required level of competence to fulfil the role of a
GQA Practitioner.

You can find out more information in Managing Quality, Competence

and Development and Licensing Section on the KiD.

A.4 Government Quality Assurance Representatives

(GQARs)
• Apply the Principles of PDCA
• Prepare surveillance plans that address the task and perceived
risk(s), and then agree the plan with the tasking organisation.
• Discuss risks with suppliers and advise of any sub-delegated
surveillance activities at sub-suppliers.
• Delegate surveillance activities to other GQAR organisations as
necessary.
• Perform GQAS in accordance with the agreed surveillance plan
and raise Observation and/or Quality Deficiency Reports (QDRs)
as necessary; discuss findings with the tasking organisation and
the supplier as appropriate.
• Copy QDRs to other affected MOD projects (informing the
supplier of distribution).
• Monitor suppliers’ response to QDR ensuring appropriate
containment action is put in place. Provide surveillance reports
to the tasking organisations and refer QDRs that indicate
problems with the 3rd party quality management system
certification process to QCM Policy to assist with third party
improvement activities.

48
 • Advise tasking organisations of any additional risks identified,
and with the agreement of the tasking organisation, amend
surveillance plans if necessary.
• Ensure that corrective and preventive actions are completed in a
timely manner.
• On request, lead an In-Depth Audit to address significant quality
related problems and seek rapid corrective action of the root
causes. Unresolved issues to be reported to QCM Policy.
• Maintain records of surveillance activities for 6-years after
contract closure unless stipulated otherwise.
• Monitor supplier performance and where appropriate escalate
concerns to the authority.

A.5 Delivery Team Members

• Think quality all the time, it is a habit not an act!
• Strive for continual improvement of project processes and
delivered product and/or service quality.
• Be aware of and comply with the acquisition quality plan.
• Co-operate and engage with those conducting quality assurance
related tasks.
• Ensure that quality assurance requirements are addresses in all
contracts placed.
• Comply with internal quality requirements.
• Ensure that corrective and preventive actions are completed in a
timely manner.
• Apply the principles of PDCA.

49
Annex B - CM Checklist
A full CM checklist can be found within the CM Plan template in the
‘Guide to Engineering Activities and Reviews’ (GEAR).
• The CM strategy has been defined and communicated
throughout the Delivery Team
• A competent CM practitioner has been appointed.
• CM planning is being undertaken by the DT, with CM
requirements being identified.
• Project and Supplier CM risks are defined in the Project Risk
Register by the DT, with linkage to project risks from the
Supplier’s risk management.
• Processes critical to project success have been identified, are
being monitored, and results used to influence continual
improvement.
• Commercial Strategy for contract placement is identified.
• The RCA invokes Def Stan 05-057
• Contract Notice details supplier certification requirements.
• Proposed Supply Chain has been received and assurance
activities identified.
• CM resources required to support CM surveillance are available,
with CM Surveillance Plan(s) and reporting agreed with the DT
• A maturity assessment of Supplier processes, critical to project
success, has been undertaken.
• Supplier has provided suitable evidence that the CM skills and
competence needed to fulfil contract requirements are available.
• Supplier has provided proposals for the effective control of sub-
contractors.
• Supplier has provided evidence of robust controls for the flow-
down of contractual requirements to sub-contractors.

50
Need help or advice?

QCM-Policy Helpline: https://forms.office.com/e/W14PwDDv9W

Email: [email protected]

Address:
Quality and Configuration Management Policy
Spruce 2c, #1260
MOD Abbey Wood
Bristol
BS34 8JH

Do you have some feedback or a suggestion, alternatively would

you like to be added to the Quality and Configuration Management
Policy stakeholders list?
Please contact the Quality and Configuration Management Policy team.
For more detailed information please see:
Knowledge in Defence (KiD) website, JSP 940, and 945 MOD Quality
Policy.

Images from: www.defenceimages.mod.uk

© Crown Copyright
Issued in Feb 2024

51