Development Life Cycle Policy

Version: 1.00Issue Date: 8/11/2015

This Development Life Cycle Policy ensures that applications, systems, and services are properly designed to meet the business need.

1.0 Overview

This Development Life Cycle Policy will help ensure that applications, systems, and services meet the business need by requiring formal development life cycle processes.

2.0 Purpose

This Development Life Cycle Policy requires that formal development life cycle processes exist and are enforced which ensure the proper design of applications, systems, and services to meet the business need.

3.0 Scope

This Development Life Cycle Policy applies to all applications, systems, and services created by or provided by the organization and its contractors.

4.0 Development Life Cycle Process Benefits

  • Ensures a project management structure exists which will ensure each project is managed properly considering the entire life cycle.
  • Provides a mechanism to be sure requirements are well defined and met.
  • Roles and responsibilities are identified and communicated.
  • Provides a structural process which is identifiable, measurable, and repeatable which ensures that applications, services, and systems are secure and meet quality guidelines.
  • The process helps provide applications, services, and systems to meet or exceed expectations within time and cost estimates.

5.0 Development Life Cycle Requirements

  • All project requirements including policies, laws, and functionality must be identified and documented before the design begins.
  • The design must be periodically reviewed to ensure that the project requirements are being met by the design.
  • Project management must be set up so timely coordination, direction, review and approvals to the project may be performed.
  • Project risks must be identified early in the project life cycle and these risks must be managed to make the project succeed.
  • The project must be developed using current approved technologies or technologies that will be approved.

6.0 Development Life Cycle Phases

Phases may be done somewhat differently from project to project depending on the type of the project. Some projects may allow work to be done on more than one phase at a time. The project phases may be tailored to the needs of the project but the requirements of this policy must be met. Several software project life cycles include a few more or less phases such as verification, specification, analysis, and documentation. Some of these activities may be covered in other parts of the project life cycle. For example, documentation should be done during the entire life cycle so I would not consider it as it's own separate life cycle but it is important to specify what documentation should be complete and what sign offs should be done during each phase. The phases are:

  1. Planning and Initiation - The planning phase is where responsibilities are and roles are determined. Project goals are specified and project stakeholders are identified. Project deliverables and basic project requirements should be defined including documentation to be created. The project risk should be evaluated and mitigated where possible or the risk should be accepted by the stakeholders. An initial budget should be created. Major phases of the project should be identified and scheduled. A project feasibility study should be performed which will help determine whether the project benefits outweight the project costs. A statement of work which defines the business case for the project, the scope of the project, and what should be accomplished should be created.
  2. Analysis and Requirements Definition - Requirements are further determined and documented. The technical team should work with the customers during this part of the project life cycle to get complete business requirements. Some technical requirements, based on business requirements, should be determined. During this phase or the next phase a specific description of the software to be written (specification) should be created. Resource planning (determination of required labor and equipment) should be performed during this phase and the project schedule should be outlined.
  3. Design - Provide a design document showing how the design is planned. During this cycle the designers determine the structure of the code, how it will work, and the main modules. Some experts categorize this part of the cycle into various sub phases such as a functional design, then a system design.
  4. Construction or coding - The code is written according to the design document. Several software reviews should be done during the coding phase.
  5. Testing - A test plan is required, and one or more test results reports should be created as software is tested.
  6. Implementation - The customer manuals are created and delivered with the software.
  7. Maintenance - Includes any software repairs or modifications to add capabilities or change program operation. Also includes monitoring, and updating servers to keep operating system vulnerabilities patched and system errors corrected. The maintenance cycle must be planned from the time of project inception. If the resources do not exist to maintain the systems and software after the project is in production, the effort will be a failure.

It is critical that security and customers be involved during each project phase.

7.0 SDLC Requirements

8.0 Planning Phase

9.0 Analysis Phase

10.0 Design Phase

11.0 Construction Phase

12.0 Test Phase

13.0 Implementation Phase

14.0 Maintenance Phase

15.0 Environments

16.0 Version Control

  • Code library management software must be used to maintain version control, log creation and modification dates of software code, and provide an audit trail for program code changes.

17.0 Enforcement

Since following the Development Life Cycle Policy is important to meet the business needs of the organization, employees that purposely violate this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.

18.0 Other Policies

  • Change control policy
  • Quality Policy

19.0 Additional Requirements

  • Test Standards
  • Quality standards
  • Development standards
  • Training standards
  • Project management methodology
  • Project management methodology training Project office must be created
  • Documentation standards
  • User manual standards