The IT Software Development Life Cycle (SDLC) is used in project management to develop (or modify existing) information systems or applications.
Regardless of whether you are looking for information on the SDLC process itself, SDLC documentation, SDLC documents / SDLC forms / SDLC templates, if you can spare about 60 minutes (depending on how in-depth you wish to pursue the subject).
This SDLC tutorial will provide you an invaluable overview of the following topics that hopefully will satisfy your needs:
SDLC Overview
SDLC Phases
SDLC Framework
SDLC Documentation Methodology
SDLC Documentation Process
SDLC Documentation Templates / SDLC Documentation Forms
SDLC Models
The SDLC process provides Information Technology (IT) project managers with the tools to help ensure successful implementation of systems or applications that satisfy strategic and business objectives. SDLC documentation provides a mechanism to ensure that executive leadership, functional managers, and users sign-off on the requirements and implementation of the system.
The process provides management with the capability to design, develop, and implement an intended system and ensure that its completed on time delivery and within budget. The software development life cycle process includes multiple phases from the project viability determined in the Concept / Initiation Phase through the Project Closure / Maintenance Phase of the completed system or application.
Many corporations and government agencies have implemented systems development life cycle (SDLC) frameworks that include methods, processes, workflow, documentation, and tools. These SDLC Frameworks help the organization reduce risks and ensure program and project investments are realized within their budget, scope, time and quality constraints.
Project managers have been taught that there are always two lifecycles at play on any project; these are Project and Product-oriented lifecycles. While project lifecycles facilitates management of the project, product lifecycles guide the design, development, testing, deployment and sustainment of the "deliverables" of the project.
Most Information Technology (IT) project managers are familiar with the term Software Development Life Cycle, which is expressed as the SDLC acronym. A software development life cycle is a product-oriented life cycle that is appropriate when the primary deliverable is software.
However, the term systems development life cycle can be applied more universally, not only across projects where software is the primary deliverable, but other types of IT solutions that involve hardware, network, and storage components, or even business or mechanical systems - where software may only be a small part of the overall solution.
An effective Corporate SDLC will also include defined lifecycles and methods, tools and templates for project management. To be effective, project managers still need to understand how to integrate project, product, and systems development lifecycles to ensure a successful project.
From one organization to another, or even project to project, there will be different needs and influencers promoting one development approach over another. Methods and tools among developers can be an emotional subject. That is not a problem, as there is room for multiple adaptions within the SDLC Framework provided in this course.
Nevertheless, the concepts and approaches provided in this overview are sufficient that they can also be applied without further enhancements.
That is not to imply that tailoring a project is not required. All projects are unique by definition, and two of the most important roles a project manager has during project planning are project integration and tailoring - to ensure the right set of work is planned and executed to achieve the authorized scope of work within the specified constraints of the project (e.g. scope, budget, resources, schedule, quality).
With this in mind, the best SDLC approach for any given project has to be based on the project's constraints, the specific method preferences of the development team, the risk tolerance of executive management, and - perhaps most importantly - access to customers and end-users.
---------- End of Chapter 1 ---------
The goals of this SDLC approach are to:
Deliver quality systems that meet or exceed customer expectations when promised and within cost estimates | ||
Provide a framework for developing quality systems using an identifiable, measurable, and repeatable process | ||
Establish a project management structure to ensure that each system development project is effectively managed throughout its life cycle | ||
Identify and assign the roles and responsibilities of all involved parties, including functional and technical managers, throughout the system development life cycle | ||
Ensure that system development requirements are well defined and subsequently satisfied |
The software development life cycle methodology will help to achieve these goals by:
Establishing appropriate levels of management authority to provide timely direction, coordination, control, review, and approval of the system development project | ||
Ensuring project management accountability | ||
Documenting requirements and maintaining traceability of those requirements throughout the development and implementation process | ||
Ensuring that projects are developed within the current and planned information technology infrastructure | ||
Identifying project risks and issues early and manage them before they become problems |
---------- End of Chapter 2 ---------
When large computers (mainframes) were first introduced in the 1970s, the Data Processing group (predecessor to Information Technology) generally reported to the head of the Accounting or Finance Department (Controller or VP-Finance) as virtually all computer work was dedicated towards that effort.
The Data Processing group consisted of a small tight group of programmers who could easily communicate with each other with minimal tools to develop software applications. When new work was required, the programmers ventured upstairs to talk to the users, and they retreated to their cubicles to implement the design or minor modification.
Large financial applications were often developed by third party software companies. In-house programmers were taught how to customize and modify this software. Testing of new designs and changes were often an afterthought simply because programmers preferred to write code and detested testing. “We'll catch a problem if the users scream bloody murder.“ (This attitude is just as prevalent today.)
This worked fairly well initially but as computers evolved, numerous new tools were created for application development and other departments within the companies recognized the value of automating their data. Management methodologies were required to develop and modify applications. In lieu of Data Processing, the term Information Technology (IT) became the buzzword reflecting the broad nature of the scope and purpose of the now enriched computer processing.
The initial concepts of Software Development Lifecycles have been around since the 1960s (Elliot & Strachan & Radford (2004)), and some authors would argue an earlier heritage that goes back to the 1940s to 1950s (Birkbeck, University of London. Comparative Development Methodologies).
In the earliest days of computer programming, the only models for developing complex things came out of the construction and manufacturing industries. At the time, it seemed logical that the structured approaches used in those industries would equally apply to developing computing systems. As an example, a developer would first need to understand the customer's requirements, then architect and design a solution, then develop the product, and finally test and deploy or turn-over the new product.
This traditional development process logically progressed in a sequential manner from start to finish, with potentially some overlap for planning and preparation between the major phases of the development effort. Truthfully, at least in this author's opinion, the original programming techniques and early programming languages were so complex and difficult to change that these structured and sequential development approaches made a tremendous amount of sense.
In the last 50 years, many other factors affected the IT culture that demanded stringent methodologies. New laws, such as the Sarbanes-Oxley Act of 2002, were created by Congress in response to major corporate and accounting scandals that cost investors billions of dollars. The legislation established new or enhanced standards for all U. S. public company boards, management, and public accounting firms. Previously, auditors were only interested in examining the company’s books.
Now, they literally are involved in every aspect of Information Technology. IT security and compliance with good practices and COBIT (Control Objectives for Information and related Technologies) are now a very serious and almost dominating factor in all IT decision-making. Many companies now spend considerable monies and resources on IT Governance, the catchword for this effort.
Entirely new fields of expertise in project management are now critical in the successful management of Information Technology that embody knowledge of the driving forces responsible for a successful operation.
Over time, different concepts and ideas have emerged on best practice approaches to developing customer focused software, systems and solutions. All have their strengths and weaknesses, and different SDLC approaches may be appropriate, depending on development team training and preferences, access to customers and end-users, and the degree of control the executive management team desires.
It's unrealistic to expect different organizations will have exactly the same structures, processes, activities, roles and responsibilities, and acceptance criteria for managing their development projects. Nevertheless, there are also a lot of commonalities on the type of work that will occur in each SDLC phase, the artifacts that would be used, and how the work can be described, organized and managed.
Most business systems need to change from time to time, and each new change requirement necessitates executive sponsorship, financial and human resources, IT support, and lifecycle management. By definition, no two projects are alike. In short, corporations and other large entities need Software Development Life Cycle approaches that are flexible enough to be used across all types of business, product, systems and services development needs.
Having said this, it is not expected that “one size fits all“ works when implementing an SDLC Framework.
---------- End of Chapter 3 ---------
SDLCforms Waterfall forms consist of the critical project charter, business requirements document, project plan, roles and responsibilities matrix, work breakdown structure (WBS), user acceptance test plan, risk and issues logs, project status report, lessons learned, and dozens more, depending on needs and budgets.
|
Currently various models are used in the SDLC process. These models include, but are not limited to;
Waterfall | ||
Agile | ||
Prototyping | ||
Iterative and Incremental | ||
Rapid Application Development (RAD) | ||
Big Bang |
The best-known and oldest is called the waterfall model. The following is a summary of the phases used in this traditional process:
1. | Project Planning Phase | |
2. | Requirements Definition Phase | |
3. | Design Phase | |
4. | Development Phase | |
5. | Test Phase | |
6. | Installation & Acceptance Phase |
The process moves to the next step after each step is finished, i.e., the output from a specific phase serves as the initial input for the following phase.
See sample diagram below.
Documentation Consultants has upgraded the traditional waterfall model by providing a more finite definition of the process reflecting today’s concerns.
The following is a summary of the phases used in the Documentation Consultants process:
1. | Project Concept / Initiation Phase | |
2. | Project Planning Phase | |
3. | System Requirements Phase | |
4. | System Design & Development Phase | |
5. | Testing & Acceptance Phase | |
6. | Project Monitoring And Control Phase | |
7. | Production Turnover / Deployment Phase | |
8. | Project Closure / Maintenance Phase |
See sample diagram below.
---------- End of Chapter 4 ---------
The eight phases of the Documentation Consultants‚ SDLC process build upon each other. They take the output from the previous phase, add more information, and produce results that are directly traceable to the previous phases.
The project concept / initiation phase provides the high level determination if the project is worthwhile, via a review of the project charter, business case, cost-benefit analysis, and definition of the team to move the project forward. This phase includes the work that is necessary to determine the feasibility of pursuing defined business strategies as funded programs and projects.
The primary scope of work includes developing a business case, conducting a feasibility study, and performing a cost-benefit analysis. Once those activities are complete, and sponsoring executives have reviewed the analysis and made their final decision to proceed, the project manager will begin to form the project team and review and complete the project initiation checklist.
During this strategic assessment phase, businesses executives will review the mission and past strategies to look for areas of improvement, and possibly assess new market, product or service opportunities. However, there's another level of assessment that must occur before investment decisions can be made on which programs and projects to invest in.
These assessments delve deeper to determine organizational capabilities that are required to support the mission of the entity, and then determine the scope of work required to implement these capabilities, plus the feasibility and cost-benefit of investing in developing those capabilities. Such assessments occur during this phase.
Ideally, the concept phase will be conducted in the fiscal year preceding funding and approval of the actual project. The primary deliverable of this phase is the Business Case. Additional analysis performed during this phase include a cost benefit analysis and a feasibility study.
These artifacts and related analysis are necessary for an executive management team to have the data they need to make sound determinations on the risks, Return On Investment (ROI), and benefits of funding proposed project.
The next activity considered should be the development of a business plan, especially where a new commercial offering is contemplated. The business case helps determine whether there is a unique value proposition that justifies investments in the proposed project idea or initiative, before the organization commits significant time, resources and expenditures.
Assuming the business case analysis indicates there is a unique and viable value proposition, the organization still needs to determine if the project is feasible. Business Analysts conducting a feasibility study assess business and technical information, projected costs and benefits, risks, issues and constraints to determine if the project is practical from an economic and technical perspective.
In addition, where alternative solutions are available, the feasibility study will determine which proposed solution best fits the needs of the organization, and documents recommendations made by the business analysts.
In addition, a detailed cost-benefit analysis may be completed in this phase. The purpose of the cost for-benefit analysis is to provide executives and sponsors with the information and metrics they need determine whether the proposed project has sufficient value to justify commitment of time, resources, and funds.
While the feasibility study includes some cost-benefit information, the project cost/benefit analysis is more detailed and focused solely on economic value of the proposed solution.
This is not to imply that all risks are removed by including a concept phase. To the contrary, until a detailed functional and technical requirements analysis has been completed, during the Requirements and Design Phases, it is truly difficult to assess the total scope of work that may be involved in any given project.
Nevertheless, the deliverables of the concept phase, as described in the previous paragraphs, help ensure that everyone involved with the project understands the parameters under which the project can be judged a success.
From a practical perspective, no executive sponsor or customer is going to open up their checkbooks without some sort of limits imposed in terms of budget, time and resources, and expectations set on the deliverable that are required to make the project a success.
Form or Template | Description |
---|---|
Project Initiation Agenda | Provides initial project agenda for a “kick-off“ meeting, whereby key stakeholders and sponsors, and key business and technology members are identified |
Project Charter | Provides the business goals, objectives, scope and management direction for starting the project in the Initiation phase. It sets project expectations and processes to ensure agreement on the project approach |
Business Case Document | Identifies whether there is a potential business value to the proposed project idea or initiative before the organization commits time, resources and expenditures |
Feasibility Study | A study that uses business and technical information and cost data to determine the economic potential and practicality (i.e., feasibility) of a project |
Value Proposition Template | Completing the Value Proposition Template will assist an individual/department determine if there is value in a proposed application, system or product, often provided by an outside vendor or contractor, and help in the final decision making process |
Project or Issue Submission Form | A one-page summary that identifies the proposed project, opportunities, business goal, project scope and issues, and alternatives or recommendations |
Project Cost - Benefit Analysis | Provides information that will be performed in the project, including business objectives and project description, such as completion criteria, risk assessment, constraints, impact analysis, project success measures, critical success factors, project approach, roles and participants |
Project Team Definition | This document identifies the business and technical groups and individuals responsible for the initiation, analysis, development, testing, installation and approval of the project |
Stakeholder Identification List | The Stakeholder Identification List provides the capability to identify the people that could affect or be affected by any project, to analyze stakeholder's expectations and their impact on the project |
Project Resource Plan | This document provides a centralized source for definition of all resources required for a project, including project team size, required resources, facility needs, resource types and sources, project team organization, resource assumptions, risks and mitigations |
Concept Of Operations | The Concept of Operations, or CONOPS, is a Capabilities Needs Assessment investigation to gain a Users' and Stakeholders' perspective on a major change initiative. As such, it is both an analysis and a formal document that describes high-level capabilities requirements that have been identified as necessary to achieve the mission of the IT organization, and its subordinate organizations |
Initiate Project Checklist | This checklist provides sample information to use and verify that major initial project functions and tasks have been completed within the Concept phase in the Project Management Life Cycle |
---------- End of Chapter 5 ---------
The planning phase establishes an initial view of the intended software product that helps establish the basic project structure, feasibility, risks associated with the project, and describe management and technical methodologies.
This phase is where you will utilize the various tools to provide detailed planning over the life of the project to achieve the following objectives:
Initially, before any detailed planning commences, the Program Management Office (PMO) must verify that mechanisms (such as accounting and procurement data) are in place to provide the data you will need to accurately collect and display data in the project | ||||||||
Establish and document a project organization chart defining the names of the project managers, sponsors, stakeholders, business analysts, testers, and affiliated organizations, so everyone clearly understands who the players are on the project | ||||||||
Define the roles and responsibilities of these individuals so it is clear as to everyone's role. Once those roles are defined, create a required approvals matrix of the key project activities | ||||||||
Fill in development and project estimating worksheets to determine costs. Review those costs to calculate and verify how much of those monies will be expended in capital or expense, as determined by regulatory taxing agency requirements and internal policies | ||||||||
Establish a configuration management plan to manage the project baseline | ||||||||
If necessary, prepare a procurement plan for any software, hardware or outside services that will be required in the project | ||||||||
Prepare a statement of work defining the business objectives | ||||||||
Prepare work breakdown structure (WBS) components in 3 steps:
|
||||||||
Prepare a risk analysis plan defining the process for identifying and resolving risks. Incorporate a risk information data collection form so that once risks are identified each risk can subsequently be quantified, analyzed and resolved | ||||||||
Prepare a project plan to establish project control by defining the sequence, estimated schedule and responsibilities for implementing each task |
Form or Template | Description |
---|---|
Project Management Office (PMO) Checklist | The Project Management Office Checklist provides the capability to determine if the Information Technology (IT) Program Management Office (PMO) has provided the functions and tools to achieve a successful environment in support of both executive management and the project managers responsible for individual IT projects |
Statement of Work | Provides information that will be performed in the project, including business objectives and project description, such as completion criteria, risk assessment, constraints, impact analysis, project success measures, critical success factors, project approach, roles and participants |
Project Approval Document | This document formalizes approval for the project by all contributors |
Cost Estimating Worksheet | This Excel spreadsheet provides the opportunity to estimate and budget various IT costs |
Development Estimating Worksheet | This Excel spreadsheet provides the opportunity to estimate development costs for prototyping, user interfaces / reports / databases / tables, objects and integration/jobs |
Project Capital vs. Expense Costs | This Excel spreadsheet provides the opportunity to estimate various capital and expense costs for a project including IT resources, external professional services, hardware, communications, software licenses and supplies |
Configuration Management Plan | The Configuration Management (CM) Plan informs project stakeholders about how CM is used to manage the project, what tools are used, and how they will be implemented to achieve project success |
Risk Information Data Collection Form | During the course of a project, potential risks can be identified by a myriad of sources. The Project Risk Information Data Collection Form's purpose is to provide a vehicle for capturing detail information on any of those risks for analysis and evaluation |
Risk Analysis Plan | Provides a medium to record a risk analysis of the project, and is used to keep track of potential risks that may jeopardize the project's success or completion date |
Procurement Plan | Provides procedures and information to acquire hardware, software, vendors, or other needed items. It assists in determining what to acquire, when and how |
Project Organization Chart | Know who the key "decision makers" are on your project via a Visio graphical diagram naming the PMO personnel, sponsors, stakeholders and business analysts including the collaborating organizations such as infrastructure, design, quality assurance, etc. |
Roles and Responsibilities Matrix | Displays key project activities and details the responsibilities for each individual or role across every functional department |
Required Approvals Matrix | Provides a matrix of key project activities (e.g., functions, tasks, documents or phases), and who is responsible for approving them |
Activity Worksheet in Work Breakdown Structure Dictionary Form | The WBS Activity Worksheet is made available to Subject Matter Experts (SMEs) to define the scope of work required for each activity and task within the work breakdown structure. For the entries made in this worksheet, accurate and activity and task descriptions can be compiled and tracked for variance during the course of a project |
Work Breakdown Structure Resource Planning Template | The Work Breakdown Structure Resource Planning Template provides a matrix of WBS tasks with the estimated duration of each task in hours with % of time required by the various skill sets to contribute to the tasks, summarized by total hours required for those skill sets |
Work Breakdown Structure | Provides a work breakdown structure table that includes the tasks to be completed within a small project in lieu of a more formal Project Plan |
COBIT Checklist and Review | The Sarbanes-Oxley Act, including COBIT Checklist and Review, provides for a standardized structure for Information Technology (IT) governance, accounting controls and compliance. COBIT Control Objectives focus on specific, detailed objectives related with each IT process |
Request For Information | A Request for Information (RFI) is used to solicit information from qualified vendors on the products and services they recommend addressing your business problem or functionality |
Root Cause Analysis | Identifies the root cause of a problem and the recommendations for a solution, including the date the problem was encountered, summary of the problem, duration of the problem, impacted business units and applications, and the recommended action and follow-up |
Project Plan | This MS Project document establishes both project execution and project control. It shows when and how a project's objectives are to be achieved by depicting the status of the major products, milestones, activities and resources required on the project |
List of Opportunities Summary | Provides a master list communication tool that summarizes project opportunities, including opportunity description, priority, target date for delivery and owner |
---------- End of Chapter 6 ---------
This phase starts with gathering the high-level requirements and refining them according to project goals.
These requirements define the major functions of the intended application or system. Major functions include critical processes to be managed, including mission critical inputs, outputs, and reports.
The Requirements Definition Phase of the SDLC includes the scope of work necessary to define, analyze and document business and end-user requirements. When developing under a structured type of SDLC, requirements may be further refined within Functional and Non-Functional Requirements documents.
System requirements definition or analysis phase requires deeper thought, when compared to the feasibility studies and cost benefit analysis efforts described in the concept phase, in terms of understanding the capabilities, features and functions end-users will need to support the business enterprise.
The requirements phase is typically divided into two distinct activities: requirements gathering and requirements analysis. In addition, depending on the type of product under development, these two activities are required across business, end-user, functional, and technical needs.
But there's much more to requirements than these rather straightforward activities. Often times, in order to derive the needs of the organization it's useful to first document how things are currently done today. This type of requirements analysis is referred to as the current state or "as is" assessment. The as is assessment helps the business analyst not only document how things are currently done, but also delve deeper into understanding how and where things are not working very well.
Next, the business analyst(s) will work with stakeholders, end-users and customers to-determine what capabilities they require to be more effective in the work or activities they perform, and will therefore seek feedback on how things could be done better in the future. This type of analysis provides a description of the future state, and is often described as a "to be" assessment. This type of analysis can also be called a capabilities needs assessment.
Once the as is assessment and to be analysis are complete, the business analyst will turn their attention to developing a "gap analysis." This is an important step that determines the magnitude of change that is required to move the "system" from how things are done today to how they need to be done in the future. Here we are intensely using the term the system again because the scope of change management any or all the enablers of the business.
As an example, a new business requirements may drive changes in the software that facilitates the business process. However, the software itself can drive changes to the business process, either by providing performance support to the end-users, making the process more efficient, adding new capabilities, and/or providing information more readily than was available before.
The business requirements for the implementation of new features and functions may require changes to the underlying IT infrastructure, including servers, networks, storage devices, etc. Since we are changing business processes the skills and roles of our people may have to change. And, of course, it's possible that new equipment and technologies are also involved to implement the new business requirements.
In short, what may have initially seemed as a relatively simple business requirement can evolve into quite a complex system indeed.
Professional project managers will see this kind of complex project dynamics if they spent any time in IT at all. As a real-world example, this author has managed a project where there were eight seemingly simple business sponsor requirements (e.g. Customer) - each requirement described in one or two paragraphs - drove no less than 70 work orders of new features and functions that had to be implemented in the existing software.
The complexity of the system led to evaluation and procurement of new software testing and performance tools, as manual methods became increasingly slow and expensive. New servers had to be procured and deployed, and no less than four business processes and their related procedures had to be updated to accommodate the new business changes.
And of course, the systems documentation and user guides also had to be updated, plus new training aids and wikis to support the overall deployment had to be developed and deployed.
Form or Template | Description |
---|---|
Managing Scope and Requirements | Provides a checklist of numerous topics to help manage the scope and requirements for a project. The list works to gain customer agreement and scope creep that pushes out project completion and project costs |
Business Requirements Document | Defines the general business requirements for the project. Identifies business and end user requirements, problems or issues, project information, process information, and training and documentation requirements |
Business Requirements Presentation To Stakeholders | This document provides a PowerPoint presentation "shell" to incorporate and review the project business requirements with the stakeholders and business units sponsoring the project |
Functional Requirements Document | Defines the functional requirements for the project including the different levels of business and end user requirements, and the functional areas of the business processes |
Software Architecture Plan | This document provides a comprehensive architectural overview of the system, using a number of different architectural views to depict different aspects of the system. It is intended to capture and convey the significant architectural decisions which have been made on the system |
Use Case Template | Defines the business requirements for the project using a use case methodology, and includes problems or issues to be resolved, objectives or goals, solution to be implemented, and why the solution is being implemented |
Requirements Inspection Checklist | Provides a sample quality assurance document to verify at a glance that major requirements functions and tasks have been completed |
Requirements Traceability Matrix | A method that is used to verify the association between the requirements shown in the Requirements / Specifications and other project documents, including design and testing documentation. Testing ensures that the requirements have been implemented correctly based on the design and Requirements Traceability Matrix |
Requirements Changes Impact Analysis | Provides detailed information to perform an impact analysis of requirement changes, including proposed change implications, system components and elements affected by the change, and estimated schedule and cost impacts |
Training Plan | Supports the use and maintenance of the specific system or application, and includes information about training courses and the tools and techniques that will be used |
Service Level Agreement Template | Formalizes an arrangement between your company and the client to deliver specific support services, at specific levels of support, and at an agreed-upon cost |
---------- End of Chapter 7 ---------
The design phase starts with approved requirements as its initial input. Design elements are built for each requirement or requirement set. Design elements describe the software functions and features in detail. It usually includes functional diagrams, screen layouts, business rules, business process diagrams, and an entity-relationship diagram with a full data dictionary.
Design elements describe the software in sufficient detail that the developer can build the software with minimal additional input.
The technical specialists begin to translate the requirements into specific design solutions that will create the systems, features, and functions that are necessary to achieve the business and functional requirements. In the previous requirements definition phase, the focus was on defining specific capabilities desired by and in support of the organization, and its customers and end-users.
In the system design phase the attention turns to defining systems and technical requirements.
This is also the phase where prototyping is likely to occur, as a prototype can serve as a bridge between requirements, design and development. A prototype can be as simple as a mockup of the proposed screen layouts, while a more complex prototype may have selected business rules instantiated as work flows within the application with active fields to capture and show data or information.
Once the project is approved and properly planned, for a fairly large project, requirements gathering, analysis and documentation can take 6 to 8 weeks to complete. In addition, the Design Phase can also take 6 to 8 week to complete, with perhaps a couple of weeks in overlap between the Requirements and Design Phases.
What this means is the first 10 to 12 weeks of the project will be spent on requirements and design related activities before development can start. Add in another 2 to 4 weeks for initial project planning, and development should not be expected to start until 12 to 14 weeks into the project.
Short changing these activities in a Structured, Waterfall approach to development will almost always lead to Scope Creep, as the project team will not have taken sufficient time to fully gather, analysis, document and vet their findings. Scope creep is where the project expands beyond the approved budget and schedules - not a good thing to have happen.
Form or Template | Description |
---|---|
System Requirements Specifications | Provides more details to the project's high level requirements, including detailed information so that the system can be built to satisfy the system requirements and quality. It includes product/functional requirements, user characteristics, operating environment, security and regulatory specifications, disaster recovery and data specifications |
Analysis and Design Document | Provides detailed information to perform and analysis and design of a system, including topics of current and future software architecture processes, interfaces, data flow, infrastructures, components, integration, and security |
Application Development Project List | Provides a list of 50+ tasks that need to be considered within an application development project |
Technical Requirements Document | Defines the technical requirements for the project to a sufficient level of detail to develop a system design and to allow testers to test the system |
Database Design Document | The Database Design Document maps the logical data model to the target database management system with consideration to the system's performance requirements. The Database Design converts logical or conceptual data constructs to physical storage constructs (e.g., tables, files) of the target Database Management System (DBMS) |
Website Planning Checklist | Provides a checklist of numerous topics to consider when designing and developing a new website |
User Interface Design Template | Provides a template for structured approach to fill in detailed business and technical information for design and development of a user interface (i.e., a screen) |
Report Design Template | Provides numerous topics to fill in detailed business and technical information for the design and development of a report |
Code Review Checklist | Provides numerous topics to fill in detailed business and technical information for the design and development of a report |
Conversion Plan | Describes the strategies involved in the conversion of a system or application |
---------- End of Chapter 8 ---------
Software features and functions are tested during the test phase, generally in a separate test environment. There are various types of tests (e.g., unit, integration, system, stress), but all test cases are run to verify the correctness and completeness of the software. Successful test execution validates the efficiency and effectiveness of the requirements and design.
The testing phase actually overlaps with requirements, design and development phases. It's critical that the test plan, test scenarios and test cases reflect all the business, end-user, customer, and architecture and design requirements - as defined within the Requirements traceability matrix (RTM). There are many types of testing that may have to be included in the overall test plan.
For example, there is at least one self-proclaimed expert who states there are at least 100 different types of software tests that can be conducted. Over the course of your project management careers you may be exposed to any number of these testing requirements.
The Testing Phase of the SDLC includes the scope of work necessary to analyze and document testing requirements to ensure the solution will implement desired capabilities and perform in accordance with all customer, business, and end-user requirements.
End-users will test and validate conformance of the user interfaces, screens, data fields, data flows, and reports that enable the business processes and/ or user functionality. Technical testers will ensure the underlying hardware, software, network, database, work flow, and security components conform to architectural, design and performance requirements.
Independent Software Quality Assurance (QA) tests will confirm the development team has followed the organization's quality processes and procedures, and that the solution meets established quality metrics. Another independent group will conduct additional tests to verify the solution meets requirements, and validates the system meets the customer's needs.
Defects and bugs that are uncovered during testing will be documented and prioritized. All critical defects will be fixed prior to going into production.
Form or Template | Description |
---|---|
Documentation Quality Assurance (QA) Checklist | Provides the capability to perform a documentation quality assurance review prior to delivery and implementation |
Building Test Scenarios | Testing scenarios are hypothetical stories used to assist an individual to think through a complex problem or system. Scenarios are useful for surfacing requirements-related controversies, and to relate to those documented requirements |
Test Plan | This document provides a central artifact to govern the strategic approach of the test effort; it defines the general approach to be employed when testing the software and when evaluating the results of that testing. Planning documents will refer to the test strategy regarding the governing of detailed testing work |
System Quality Assurance Checklist | Verifies that various project management, methodology, testing, configuration management, and documentation and records management principles and standards have been applied to a project |
Website Testing Summary Template | Provides summary information and checklists for web quality assurance testing. Each checklist table provides questions or statements for which the tester responds with a Yes/No answer and respective comments where applicable. Completion of the checklists will help ensure the applications, functions, or features meet adequate quality assurance before being moved to production for end-user utilization |
System Test Plan | Documents all system requirements denoted in the requirements, specifications, and design documentation to plan and execute unit, system and integration tests that ensure a high level of compliance |
User Acceptance Test Plan (UAT) | Provides management an overview of the system, applications, functions and features that are to be tested in the UAT process. The plan and tests provide guidance to the management, staff and business owners that the application works as expected |
Testing Bug Report | This report provides the ability to record details about an individual testing bug detected during unit, system, integration and user acceptance testing, including the bug name, area description, bug description, severity, status, priority, tester name, date tested, environment, test manager and tester names, method of testing, and who the bug was assigned to |
Testing Bug List | This list provides a status of all bugs detected during unit, system, integration and user acceptance testing, by defining the test case ID, bug name, bug description, severity, status, date tested, and type of testing method utilized |
Regression Testing Plan | Provides general information about systems or applications that require regression testing, including why testing is required, functional business areas affected and testing timeline |
Project Acceptance Document | The document formalizes acceptance of the project, and describes the products and services the customer received |
---------- End of Chapter 9 ---------
The project monitoring and control phase is where you become the watchdog over the project via data that is collected from project, technical, and frequent status meetings, including the identification of risks, issues and action items that may be identified as the project evolves.
It is important to accurately keep record of changes that have occurred to the baseline over the life of the project. These changes will be very important when you are assessing what modifications to your processes, in conjunction with lessons learned sessions with stakeholders, are required to improve subsequent projects.
Tools that should be utilized and continually updated include:
The risks, issues and action item status will all be displayed in a project status report to ensure that all stakeholders are continually aware of the status of these items | ||
A Change Management Log to record those changes | ||
An Action Item Status containing action items that you will most likely assign and track in your frequent status meetings. This continuous status will afford you the opportunity to keep your foot on the neck of individuals to ensure they complete these action items accurately and in a timely manner | ||
Record risks in a Risk Management Log capturing the risk, impact on the project, probability of occurrence, timeline, the response and action completed to resolve any risks before they become a threat to completion of the project within budget and schedule | ||
Issues are one of the most critical aspects accounting for project failure. First of all, utilize a form to collect pertinent data on any potential issue, and then add all issues to a issue management log to ascertain the status of any issue at a glance | ||
Keeping track of project milestones is another critical factor. Identify all project milestones in a project milestone status form, and continually update same with any changes to that baseline, including the milestone/task status | ||
Whenever the project Manager or technical managers hold meetings, the minutes of these meetings should be
documented in a meeting summary for wide dissemination
|
Form or Template | Description |
---|---|
Action Item Status | This document provides that status of all project action items, including the item number and description, the assigned, due and resolved dates, the owner, priority and the current status of the item |
Risk Management Register | The Risk Management Register is a management tool that identifies, assesses, and records recommended actions that management must take to alleviate the risk potential down to acceptable levels |
Issue Identification and Resolution | This document is used to individually identify/document each issue that may impact a project, and identify who created and resolved the issue, the type of issue, potential alternatives and recommendations, provide an estimate of the resources, man hours and costs, and management actions that were taken to resolve the issue |
Issues Management Log | The Issues Management Log provides the ability to initially identify the issue, how the issue is assessed by the project team, and what the response / actions are to resolve the issue |
Project Milestone Status Form | This document provides a vehicle for capturing the latest status of due date, completion date, and the milestone/task status (in-process, completed or delinquent), milestones, goals, or tasks including the milestone/task description, person responsible for that milestone/task |
COBIT Objectives And Audit Activity Report | The Sarbanes-Oxley Act, including COBIT Checklist and Review, provides for a standardized structure for Information Technology (IT) governance, accounting controls and compliance. COBIT Control Objectives focus on specific, detailed objectives related with each IT process |
Project Status Report | Summarizes the project status, including project activity, information about the project, problems or delays, issues, planned activities for next period, and deliverables description and status |
Meeting Summary | The Meeting Summary documents meeting date and time, participants, meeting minutes, conclusions and action item tracking |
---------- End of Chapter 10 ---------
This phase provides for production installation and customer acceptance of the software, and requires that all test cases were run to verify the successful software execution, correctness, and completeness.
The Production Turnover/ Deployment Phase of the SDLC includes the scope of work necessary to deploy the final solution into its target production environments plus create guides for installation, system administration, system operations and end-user functionality.
In addition, a detailed plan needs to be created for implementing the solution across the organization. The Production Implementation Plan is especially important when the solution will be deployed across a number of environments that are maintained by different organizations.
In addition, a production turnover approval process is required to ensure the receiving organizations have agreed the solution is operating as intended, that their sustainment organizations are trained and ready to assume responsibility for maintaining the solutions, that their help desk organizations are properly trained and ready to support end-users, and formal acknowledgment that the customers or end-user organizations have assumed full control over the solutions.
This approval may not come until after a warranty period has expired to ensure the sustainment and supporting organizations have had adequate time for knowledge transfer, and that no critical bugs show up in the deployed solution.
This phase includes activities spanning deployment of the solution and production turnover to the support and product sustainment groups. Deployment typically involves installation and configuration of software on centralized servers that can be accessed by end-users across the corporate networks or via Internet access. However, today software is also deployed as a component of standalone products, equipment or systems.
In those cases, deployment will also include the activities to ship the product out to customers and inter-users, plus assembly of the final solution, where required.
The folks who manage the production environment and sustain the deployed solution are not usually the development folks who were maintaining the engineering and test environments or the software during the development and testing phases. In the production turnover phase, various "Guides" are developed and provided to the production support team to help them understand how to install, maintain, backup and recover the system.
The production support staff also have to be trained fully before they can install and manage the new software or system. In addition, for business-critical applications, it's important that every step involved in standing up the new system, migrating production data, testing the new system, and bringing down the old system are planned, approved and managed carefully.
The consequences of a failure at this stage are the shutdown of critical business processes that are enabled by the system, and resulting disruption to the business as a whole. Finally, inter-users must also be trained on both the new system or system enhancements and any changes to the affected business processes.
Form or Template | Description |
---|---|
Process Guide | Provides information about a system, application or process instructions, procedures, and process flows, which are shown in step-by-step text format as well as visual graphics |
Installation Planning Guide | Provides information for the installation of the system, application or data, including installation strategy, planning and risk factors, and security |
Software User Guide | Provides training or reference information for using the system, product, application or data. The Guide explains the major components, benefits, access information, and navigation instructions |
System Administration Guide | Provides procedures and information to administer and maintain a system, product or application, and includes an overview, data assets, processing, server and database administration, and backup instructions |
Operations Guide | Provides procedures and information to run a system, product or application. It includes scheduled operations, unique tasks, troubleshooting, auditing, and best practices |
Production Implementation Plan | Provides the last step in formal approval and implementation of the project. It identifies the objectives, impacted devices, production delivery steps, technical support information, hardware and software components, testing and acceptance, rollback/contingency plan, and required training and documentation |
Production Turnover Approval | Provides a process that ensures changes to the production environment are planned, approved, tested, executed, and reviewed in a systematic efficient and controlled manner |
---------- End of Chapter 11 ---------
This phase provides for the business and technical personnel to evaluate how well the project was executed, and to quickly request minor changes once the production baseline has been established.
This final phase of the systems development life cycle is required to achieve the following objectives:
Effectively transition the solution to the receiving organization | |
Ensure the organization has a record of all critical design, development, production support, Infrastructure, and security data on all components of the solution | |
Track and ensure knowledge has been effectively transferred to all sustainment and support personnel as well as end-users | |
Obtain formal acceptance of the system from the customer | |
Capture both project and product oriented lessons learned during the project | |
Implement a process to capture new customer's desired enhancements | |
Implement an effective Disaster Recovery Program | |
Implement a process to retire the solution when the system no longer meets organizational needs |
Form or Template | Description |
---|---|
Lessons Learned Template | The Lessons Learned Template provides an opportunity for reflection after a project has been completed. It is highly beneficial to record what worked well with the project and where improvements can be made |
Transition Out Plan | The Transition Out Plan is used to describe how project deliverables will be brought to full operational status, and integrated into ongoing operations and subsequently maintained. Its purpose is to ensure that these deliverables will be used effectively to produce the requisite Business Value after project completion |
Post Project Survey Questionnaire | During the Project Closure / Maintenance phase of a project, the Project Management Office (PMO) conducts a survey to gather feedback on the project to improve performance on subsequent projects. This survey will assist the PMO in gathering project sponsors and team member's thoughts and perspectives on the project. This questionnaire is often used in conjunction with the Post Project Review in summarizing findings |
Post Project Review | Upon completion of a project, good practice is to assess how you did on the project, in conjunction with a Lesson Learned Report. General questions are asked of the stakeholders and to determine how well you performed against the project schedule and budget. This survey will assist the PMO in gathering project sponsors and team members' thoughts and perspectives on the project |
Modification/Change Control Request | Used to review system / application modification requests to evaluate and approve technically sound and secure changes to the production environment and to limit potential impact to business capabilities and/or IT operational capacity, architecture, infrastructure, compliance and schedules |
Disaster Recovery Plan Information | Documents a disaster recovery plan as part of an overall contingency plan to complete that restoration task and keep the company running. A disaster recovery plan is required for any publicly traded company and companies that need to minimize loss under which the company site is unable to function under standard daily business procedures |
Certificate Of Compliance And Acceptance Of Deliverable | This Certificate of Compliance is generally used to accept and validate project deliverables provided by outside contractors and developers in accordance with a task order or purchase order, but can be used in any situation where you wish to review the status of deliverables by internal organizations on a given project |
Request For New Application / Enhancement | This document permits a business unit, other departments or auditors to initiate the process of requesting a new application or an enhancement to an existing application |
Product Retirement Plan | Provides detailed instructions for retirement of a system or application, and describes how the hardware, software, data, and documentation associated with the application will be detached from production and archived or migrated |
Global Application Support Summary |
The Global Application Support Summary provides a vehicle to record critical design, development,
production support, Infrastructure, and security data on all applications
The information recorded herein is used to update any IT applications defining your application environment |
Developer Knowledge Transfer Report | The Developer Knowledge Transfer Report provides a vehicle for conveying details about a system or application for production support developers |
---------- End of Chapter 12 ---------
The Sarbanes-Oxley (SOX) Act of 2002 established new accountability standards for corporate boards and auditors. It came as a result of large corporate financial scandals. SOX demanded stringent methodologies in response to major corporate and accounting scandals that cost investors billions of dollars. All publicly-traded companies are now required to submit an annual report of the effectiveness of their internal accounting controls to the SEC. SOX is all about corporate governance and financial disclosure. Provisions of the Sarbanes Oxley Act (SOX) detail criminal and civil penalties for noncompliance.
The Sarbanes-Oxley Act, including COBIT (Control Objectives for Information and Related Technology), provide for a standardized framework for Information Technology (IT) governance, accounting controls, and compliance.
COBIT provides management and business process owners with an Information Technology governance model that helps in understanding and managing the risks associated with IT. COBIT helps bridge the gaps between business risks, control needs, and technical issues. It is a control model to meet the needs of IT governance and ensure the integrity of information and information systems.
COBIT Control Objectives focuses on specific, detailed control objectives associated with each IT process. For each of the 34 IT processes of the Framework, there are from three to 30 detailed control objectives. Control Objectives align the overall Framework with detailed control objectives from 36 primary sources comprising standards and regulations relating to IT. It contains statements of the desired results or purposes to be achieved by implementing specific control procedures within an IT activity and, thereby, provides a clear policy and good practice for IT control throughout the industry and worldwide.
Control Objectives provide a working, desktop document for these individuals. Precise and clear definitions of a minimum set of controls to ensure effectiveness, efficiency, and economy of resource utilization are identified. For each process, detailed control objectives are identified as the minimum controls needed to be in place. There are 300+ detailed control objectives that provide an overview of the domain / process / control objective relationships.
Public companies need to review, analyze, prepare, and enforce their COBIT documentation on a regular basis. A COBIT checklist available from Documentation Consultants should be used to initiate the process.
Documentation in the SDLC process is often considered a necessary evil, but if given proper management support can be a blessing in disguise for follow-on work supported by infrastructure and production support groups, and is especially valuable to both new users and development personnel to quickly get up to speed on a project. The number of forms is relative to the demands of the business user, management, IT development, testers, auditors, and regulatory compliance to ensure the application or system is needed, affordable, and built efficiently and effectively to the satisfaction of all concerned.
---------- End of Tutorial ---------