SA-19(2) — Configuration Control for Component Service and Repair

Maintain configuration control over components when they are sent out for service or repair. A component that leaves your facility for repair could be tampered with or swapped during the repair process.

Example 1: Before sending equipment for service, record the component's serial number, firmware version, and configuration. When it returns, verify these match. If the firmware version has changed, investigate before redeploying. Maintain a chain of custody log for all equipment sent for external repair.

Example 2: For critical components, prefer on-site repair by cleared or vetted technicians over sending equipment off-site. If off-site repair is necessary, use only manufacturer-authorized service centers and require the service center to document all changes made during repair.