Security and Compliance

System Development Lifecycle (SDLC)

Purpose

The purpose of an SDLC methodology is to provide IT Project Managers with the tools to help ensure successful implementation of systems that satisfy University strategic and business objectives. The documentation provides a mechanism to ensure that executive leadership, functional managers and users sign-off on the requirements and implementation of the system. The process provides University Project Managers with the visibility of design, development, and implementation status needed to ensure delivery on time and within budget.

Scope

This Guideline applies to all major application projects, both new applications and upgrades of existing applications.

Goals

The goals of this SDLC approach are to:

  • Deliver quality systems which meet or exceed customer expectations when promised and within cost estimates.
  • Provide a framework for developing quality systems using an identifiable, measurable, and repeatable process.
  • Establish a project management structure to ensure that each system development project is effectively managed throughout its life cycle.
  • Identify and assign the roles and responsibilities of all involved parties, including functional and technical managers, throughout the system development life cycle.
  • Ensure that system development requirements are well defined and subsequently satisfied.

Objectives

The SDLC methodology will help to achieve these goals by:

  • Establishing appropriate levels of management authority to provide timely direction, coordination, control, review, and approval of the system development project.
  • Ensuring project management accountability.
  • Documenting requirements and maintaining trace ability of those requirements throughout the development and implementation process.
  • Ensuring that projects are developed within the current and planned information technology infrastructure.
  • Identifying project risks early

Guidelines and Procedures

A software application typically undergoes several development lifecycles, corresponding to its creation and subsequent upgrades. Each such development lifecycle constitutes a project. Such projects continue until the underlying technology ages to the point where it is no longer economical to invest in upgrades and the application is considered for either continued as-is operation or retirement.

The SDLC Phases

Michigan Tech’s SDLC includes six phases, during which defined work products and documents are created, reviewed, refined, and approved. Not every project will require that the phases be subsequently executed and may be tailored to accommodate the unique aspects of a projects. These phases are described in more detail in the following paragraphs.

Initiation Phase

The Initiation Phase begins when management determines that it is necessary to enhance a business process through the application of information technology. The purposes of the Initiation Phase are to:

  • Identify and validate an opportunity to improve business accomplishments of the University or a deficiency related to a business need
  • Identify significant assumptions and constraints on solutions to that need
  • Recommend the exploration of alternative concepts and methods to satisfy the need.

Feasibility Phase

The Feasibility Phase is the initial investigation, or brief study of the problem to determine whether the systems project should be pursued. A feasibility study established the context through which the project addresses the requirements expressed in Business Case and investigates the practicality of a proposed solution. The feasibility study is used to determine if the project should get the go-ahead. If the project is to proceed, the feasibility study will produce a project plan and budget estimates for the future stages of development.

Requirements Analysis Phase

This phase formally defines the detailed functional user requirements using high-level requirements identified in the Initiation and Feasibility Phases. The requirements are defined in this phase to a  level of detail sufficient for systems design to proceed. They need to be measurable, testable, and relate to the business need or opportunity identified in the Initiation Phase.

The purposes of this phase are to:

  • Complete business process reengineering of the functions to be supported, e.g., verify what information drives the business process, what information is generated, who generates it, where does the information go, and who processes it.
  • Develop detailed data and process models including system inputs and outputs.
  • Develop the test and evaluation requirements that will be used to determine acceptable system performance.

Design Phase

During this phase, the system is designed to satisfy the functional requirements identified in the previous phase. Since problems in the design phase can be very expensive to solve in later stages of the software development, a variety of elements are considered in the design to mitigate risk. These include:

  • Identifying potential risks and defining mitigating design features
  • Performing a security risk assessment
  • Developing a conversion plan to migrate current data to the new system • Determining the operating environment
  • Defining major subsystems and their inputs and outputs
  • Allocating processes to resources

Development Phase

Effective completion of the previous stages is a key factor in the success of the Development phase. The Development phase consists of:

  • Translating the detailed requirements and design into system components
  • Testing individual elements (units) for usability
  • Preparing for integration and testing of the IT system.

Integration, system, security, and user acceptance testing is conducted during this phase as well. The user, with those responsible for quality assurance, validates that the functional requirements are met by the newly developed or modified system.

Implementation Phase

This phase is initiated after the system has been tested and accepted by the user. In this phase, the system is installed to support the intended business functions. System performance is compared to performance objectives established during the planning phase. Implementation includes user notification, user training, installation of hardware, installation of software onto production computers, and integration of the system into daily work processes. This phase continues until the system is operating in production in accordance with the defined user requirements.

Operations and Maintenance

The system operation is ongoing. The system is monitored for continued performance in accordance with user requirements and needed system modifications are incorporated. Operations continue as long as the system responds to the organization’s needs. When modifications are identified, the system may reenter the planning phase.

End of document.

Rev 9/20/16