FNS_SDLC_Guide 12 24 2013x FNS SDLC Guide
User Manual:
Open the PDF directly: View PDF .
Page Count: 37
Download | |
Open PDF In Browser | View PDF |
United States Department of Agriculture Food and Nutrition Service Office of Information Technology Portfolio Management Division (PMD) Systems Development Lifecycle Guide (SDLC Guide) September 12, 2012 SDLC Guide Revision History Version Date Author Change Description 1.0 09-12-2012 Catherine Howard Created the document 1.1 02-25-2013 Syed Jaffery Updated deliverable list and added modular/iterative development information. 1.2 03-08-2013 Kevin Russ Updated figure 1 and added stakeholders 1.3 11-06-2013 Kevin Russ Updated Deliverable list and footnotes. 1.4 12-24-2013 Panum Group Updated SDLC High-Level Governance Diagram Contact Information Area of Concern Contact Person IT Governance Lead Kevin Russ SDLC Coordinator Syed Jaffery ITIRB Coordinator Sunny Dilawari Portfolio Manager Jacqueline Butler Program (Project) Management Branch Allison Willcox SDLC Guide September 12, 2012 Page 2 SDLC Guide Contents I. Purpose and Scope................................................................................................................................. 4 II. SDLC Overview....................................................................................................................................... 4 Phase 1: Initiation ...................................................................................................................................... 9 Phase 2: Requirements Gathering and Analysis ..................................................................................... 10 Phase 3: Design ...................................................................................................................................... 11 Phase 4: Development ............................................................................................................................ 12 Phase 5: Integration & Testing ................................................................................................................ 13 Phase 6: Implementation ......................................................................................................................... 14 Phase 7: Operations / Maintenance (O&M) ............................................................................................. 15 Phase 8: Disposition................................................................................................................................ 16 III. Controls / Assumptions ......................................................................................................................... 17 IV. Documentation ...................................................................................................................................... 17 V. Appendix ............................................................................................................................................... 17 A. System Category – Project Sizes ................................................................................................ 17 B. Phase Requirements ................................................................................................................... 17 C. Large Project Process Flow - Example ........................................................................................ 17 D. Phase Gate Reviews ................................................................................................................... 17 E. Stakeholders – Defined ............................................................................................................... 17 F. Working Group Charter................................................................................................................ 17 G. Executive Group Charter ............................................................................................................. 17 SDLC Guide March 6, 2013 Page 3 SDLC Guide I. Purpose and Scope This document details USDA FNS’ systems development lifecycle (SDLC). This process is used for all USDA FNS OIT projects related to information system and application development, developed either contractually or in-house. The SDLC is applicable across all FNS environments (e.g., workstation, server, mobile, etc.). The SDLC is used in conjunction with policy and guidelines for the security SDLC, records management, and, acquisition and procurement. It is important to note that no system can go live unless it goes through the security accreditation process. Further, while all Phases of the SDLC are applicable to all software development projects, the specific steps, participants, and reviews and approvals vary depending upon project size (as a function of cost). Information on project size as a determinant of SDLC project categorization is detailed in Appendix A. II. SDLC Overview The SDLC guides the process for custom software development projects and requires various documents and deliverables for each Phase. The system development lifecycle is the IT business process by which the delivery Phases of custom software development projects is conducted. The SDLC provides a structure and set of governance for FNS software development efforts. The SDLC provides the guidance required to ensure predictability and consistency across software development projects There are eight Phases of the SDLC, beginning with Initiation and ending with Disposition. Each successive Phase of the SDLC leverages the documentation and knowledge gained from the previous Phases. The FNS SDLC framework allows for tailoring of the process to include customizing, waiving or combining particular SDLC Phases, activities, deliverables or project reviews based on your specific project requirements or specific business needs. Tailoring is completed during the Initiation Phase of the project and is documented in the Project Process Agreement. Project Managers document the reason why specific Phases, activities, deliverables or reviews were adjusted. This tailoring approach is useful for iterative, incremental, modular and agile type development methods. A graphical representation of the process is detailed in Figure 1. SDLC Guide March 6, 2013 Page 4 SDLC Guide Figure 1. FNS SDLC Framework SDLC Guide September 12, 2012 Page 5 SDLC Guide The SDLC Phases serve as checkpoints for managing OIT projects from cradle to grave. Benefits of the SDLC include: Improved system integration and alignment to organizational objectives Increased compliance with current and planned enterprise architecture Improved assurance that systems are maintainable Reduced system redundancies and improved cost-effectiveness Reduced project “scope creep” through enhanced “up front” needs analysis Improved method consistency, repeatability, flexibility, and transparency Strengthened controls and accountability Enhanced user, manager, and stakeholder involvement The SDLC encompasses eight Phases: Initiation, Requirements Gathering and Analysis, Design, Development, Integration and Testing, Implementation, Operations and Maintenance, and Disposition. Required Phase deliverables, reviews, and approvals can differ depending upon project size1 and stakeholders2 involved. A comprehensive list of all potential deliverables is detailed in the following table shown in Figure 2. All deliverables are required for each Phase unless otherwise noted. Specific Phase requirements by project size are detailed in Appendix B. Figure 2. List of Deliverables Phase 1. Initiation 2. Requirements Gathering and Analysis Deliverables *Exact deliverables differ depending upon project size criteria Business Case (FNS758; FNS755) Project Management Plan (optional)3 Acquisition Plan / Strategy Acquisition Approval Request Alternative Analysis Cost Benefit Analysis Integrated Project Team Charter (optional)3 Project Process Agreement (optional)3 Privacy Threshold Analysis (PTA, optional)3 Privacy Impact Analysis (optional) Privacy Threshold Analysis (PTA) Privacy Impact Analysis (PIA) System of Records Notices (SORN) Electronic Information System Questionnaire for Records Management Scheduling Development Notes Iterative Development (Optional) Project size is detailed in Appendix A Stakeholders are defined in Appendix D 3 Optional during the initiation phase but required in the requirements gathering and analysis phase 1 2 SDLC Guide September 12, 2012 Page 6 SDLC Guide Phase 3. Design 4. Development 5. Integration & Testing 6. Implementation 7. Operations / Maintenance (O&M) Deliverables *Exact deliverables differ depending upon project size criteria SDLC Guide Development Notes System Requirements Specification (SRS) Concept of Operations Integrated Project Team Charter Project Process Agreement Project Management Plan Requirements Traceability Matrix Procurement Documents (e.g. Statement of Work (SOW) / Performance Work Statement (PWS) / Statement of Objectives (SOO)) System Design Document Configuration Management Plan Security Business Impact Assessment Security Contingency Plan Disaster Recovery Plan Domain Name Request Test Plan Transition Plan Operations/Maintenance Manual UAT sign-off App Scan Results Training Manual User Manual Test Results Section 508 VPAT and/or Certification Security Risk Assessment Report System Security Plan Security Assessment Plan (Security Test & Evaluation Plan) Installation Document Compliance Certification Operations Readiness Life Cycle Cost Project Closeout Performance Measures Authority to Operate/Concurrency Review Application Guide Source Code System Post Implementation Review Report Operational Analysis Annual Updates Required: o Systems Security Plan o Contingency Plan o Disaster Recovery Plan o System Risk Management Plan o Life Cycle Cost Authority to Operate (Every 3 Years) March 6, 2013 Page 7 SDLC Guide Phase 8. Disposition SDLC Guide Deliverables *Exact deliverables differ depending upon project size criteria Development Notes System Disposition Plan System Disposition Checklist Post-Termination Review Report March 6, 2013 Page 8 SDLC Guide Phase 1: Initiation The purpose of the Initiation Phase is to conduct initial assessment of a potential OIT system/application development effort. This Phase helps establish a framework for project success, and includes establishing processes for defining, planning, controlling and communicating about the project. Deliverables4 in this Phase include: Business Case (FNS758; FNS755) Project Management Plan (optional)3 Acquisition Plan / Strategy Acquisition Approval Request Alternative Analysis Cost Benefit Analysis Integrated Project Team Charter (optional)3 Security and Privacy Document Project Process Agreement Privacy Impact Analysis (optional)3 Privacy Threshold Analysis (optional)3 Procurement Documents (e.g. Statement of Work (SOW) / Performance Work Statement (PWS) / Statement of Objectives (SOO)) A critical governance body is established in this Phase: the Integrated Project Team (IPT). The IPT should consist of the following core members: Project Lead; Developers; Business Leads; Technical Representative; Security Representative; and COTR. Associate members should include Governance, Network, Telecommunications, Records, O&M, and the Contracting Officer. The IPT is documented in this Phase and functions from Initiation through the Implementation Phase. The Initiation Phase includes activities, reviews and approvals as identified in the below flowchart. 4 3 A comprehensive deliverables list by project size is shown in Appendix B Optional during the initiation phase but required in the requirements gathering and analysis phase SDLC Guide March 6, 2013 Page 9 SDLC Guide Figure 3. Initiation Phase Overview Upon successful completion of the “Approve to Next Phase” step, the project progresses to the Requirements Gathering and Analysis Phase. Phase 2: Requirements Gathering and Analysis This Phase transforms the needs and high-level requirements specified in earlier Phases into unambiguous (measurable and testable), traceable, complete, consistent, and stakeholder-approved requirements. Defining requirements helps ensure development of the required capability on-time and within budget. Deliverables5 in this Phase include: Privacy Threshold Analysis (PTA) Privacy Impact Analysis (PIA) System of Records Notices (SORN) Electronic Information System Questionnaire for Records Management Scheduling System Requirements Specification (SRS) Concept of Operations Requirements Traceability Matrix Project Management Plan Integrated Project Team Charter Note: During this phase, some documents produced using “Agile” methodology may not be completed. The Requirements Gathering and Analysis Phase undergoes activities, reviews and approvals as identified in the below flowchart. 5 A comprehensive deliverables list by project size is shown in Appendix B SDLC Guide March 6, 2013 Page 10 SDLC Guide Figure 4. Requirements Gathering and Analysis Phase Overview Upon successful completion of the “Approve to Next Phase” step, the project progresses to the Design Phase. Phase 3: Design The purpose of the Design Phase is to transform requirements into complete and detailed system design specifications. The physical characteristics of the system are designed during this Phase, the operating environment is established, major subsystems and their inputs and outputs are defined, and processes are allocated to resources. The concept is further developed to describe how the business will operate once the approved project is implemented (i.e. becomes a “system”), and to assess impact on employee and customer privacy. Additionally, security authorization (formally known as certification and accreditation) activities begin with the identification of security requirements and the completion of a high level vulnerability assessment. Deliverables6 in this Phase include: System Design Document Configuration Management Plan Security Business Impact Assessment Security Contingency Plan Disaster Recovery Plan Domain Name Request Note: During this phase, some documents produced using “Agile” methodology may not be completed. The Design Phase undergoes activities, reviews and approvals as identified in the below flowchart. 6 A comprehensive deliverables list by project size is shown in Appendix B SDLC Guide March 6, 2013 Page 11 SDLC Guide Figure 5. Design Phase Overview Upon successful completion of the “Approve to Next Phase” step, the project progresses to the Development Phase. Phase 4: Development The purpose of the Development Phase is to convert the system design prototyped in the Design Phase into a working system that addresses all documented system requirements. Further, everything requiring user input or approval must be documented in this Phase. Deliverables7 in this Phase include: Test Plan Note: During this phase, some documents produced using “Agile” methodology may not be completed. The Development Phase undergoes activities, reviews and approvals as identified in the below flowchart. Figure 6. Development Phase Overview Upon successful completion of the “Approve to Next Phase” step, the project progresses to the Integration & Testing Phase. 7 A comprehensive deliverables list by project size is shown in Appendix B SDLC Guide March 6, 2013 Page 12 SDLC Guide Phase 5: Integration & Testing The purpose of the Integration & Testing Phase is to lay the foundation for a smooth and successful implementation. Key activities in this Phase include: Attaining user input or approval as defined in the prior Phase (Development) Preparing detailed logic specifications for each system module Testing and integrating units into larger components Preparing the technical environment for the system This Phase focuses on achieving proof that the system meets all requirements, functions according to design parameters, and satisfies all business, technical, and management stakeholders. Additionally, prior to installing and operating the system in a production environment, the system must undergo security authorization activities, as necessary. Deliverables8 in this Phase include: Transition Plan Operations/Maintenance Manual UAT sign-off App Scan Results Training Manual User Manual Test Results Section 508 VPAT and/or Certification Security Risk Assessment Report System Security Plan Security Assessment Plan (Security Test & Evaluation Plan) Note: During this phase, some documents produced using “Agile” methodology may not be completed. The Integration & Testing Phase undergoes activities, reviews and approvals as identified in the below flowchart. 8 A comprehensive deliverables list by project size is shown in Appendix B SDLC Guide March 6, 2013 Page 13 SDLC Guide Figure 7. Integration & Testing Phase Overview Upon successful completion of the “Approve to Next Phase” step, the project progresses to the Implementation Phase. Phase 6: Implementation The purpose of the Implementation Phase is to deploy and enable operations of the new information system in the production environment. Successful completion of the Implementation Phase should comprise both system deployment and training on the system. Deliverables9 in this Phase include: Installation Document Compliance Certification Operations Readiness Life Cycle Cost Project Closeout Performance Measures Authority to Operate/Concurrency Review Application Guide Source Code Note: All draft documents produced during previous phases for “Agile” projects must be completed during this phase. The Implementation Phase undergoes activities, reviews and approvals as identified in the below flowchart. 9 A comprehensive deliverables list by project size is shown in Appendix B SDLC Guide March 6, 2013 Page 14 SDLC Guide Figure 8. Implementation Phase Overview Upon successful completion of the “Approve to Next Phase” step, the project progresses to the Operations / Maintenance (O&M) Phase. Phase 7: Operations / Maintenance (O&M) The purpose of the Operations / Maintenance (O&M) Phase is to ensure the information system is fully functional and performs optimally until the system reaches its end of life. The system is monitored for continued performance in accordance with user requirements, and needed system modifications are incorporated. The operational system is periodically assessed through In-Process Reviews to determine how the system can be made more efficient and effective. Operations continue as long as the system can be effectively adapted to respond to an organization’s needs. When modifications or changes are identified as necessary, the system may reenter the planning Phase. Deliverables10 in this Phase include: System Post Implementation Review Report Operational Analysis Annual Updates Required: Systems Security Plan Contingency Plan Disaster Recovery Plan System Risk Management Plan Life Cycle Cost Authority to Operate (Every 3 Years) The O&M Phase undergoes activities, reviews and approvals as identified in the below flowchart. 10 A comprehensive deliverables list by project size is shown in Appendix B SDLC Guide March 6, 2013 Page 15 SDLC Guide Figure 9. Operations / Maintenance Phase Overview Upon advancement to the “Continue in Phase or Retire” step, the project is determined to continue operating or advance to the Disposition Phase. Phase 8: Disposition The purpose of the Disposition Phase is to shut down the operational system in a controlled manner. The disposition activities allow for the orderly termination of the system and preserve the vital information about the system so that some or all of the information may be retrieved in the future, if necessary. Particular emphasis is given to proper preservation of the data processed by the system, so that the data is effectively migrated to another system or archived in accordance with applicable records management regulations and policies for potential future access. Deliverables11 in this Phase include: System Disposition Plan System Disposition Checklist Post-Termination Review Report The Disposition Phase undergoes activities, reviews and approvals as identified in the below flowchart. Figure 10. Disposition Phase Overview 11 A comprehensive deliverables list by project size is shown in Appendix B SDLC Guide March 6, 2013 Page 16 SDLC Guide Upon successful completion of the “Retire System / Application” step, the system is discontinued from service. III. Controls / Assumptions This SDLC calls for a series of comprehensive management controls. These include: IV. Lifecycle management should be used to ensure a structured approach to information systems development and operation. Configuration management should occur in order to assist with reporting and decision-making. Each project must have an accountable sponsor. A single project manager must be appointed for each system project. A comprehensive project management plan is required for each system project. Data Management and security must be emphasized throughout the lifecycle. A project may not proceed until resource availability is assured. Documentation This lifecycle methodology specifies which documentation shall be generated during each Phase. Some documentation remains unchanged throughout the systems lifecycle while others evolve or are revised to reflect results from analyses performed in later Phases. Each of the documents produced are collected and stored per OIT policy. V. Appendix A. System Category – Project Sizes B. Phase Requirements C. Large Project Process Flow - Example D. Phase Gate Reviews E. Stakeholders – Defined F. Working Group Charter G. Executive Group Charter SDLC Guide March 6, 2013 Page 17 SDLC Guide Appendix A: System Category – Project Sizes Select from following categories to determine a project’s appropriate SDLC process: i. Small Project a. Expected cost is less than $25,000 b. Risk and complexity are low c. An individual unit is involved d. Expected duration is less than 4 months ii. Medium Project a. Expected cost is $25,000 to $500,000 b. Project Management methodology is required c. Complexity is medium to high d. Multiple people/departments are involved e. Expected duration is less than a year iii. Large Project a. Expected cost is greater than $500,000 b. Full Project Management methodology is required c. Expense, risk, or complexity are high d. Large number of people/departments are involved e. Anticipated lifecycle is long SDLC Guide March 6, 2013 Page 18 SDLC Guide Appendix B: Phase Requirements Phase I - Initiation Phase I - Initiation Inputs Outputs / Deliverables N/A Project Size (Checkmark Denotes required) Outputs / Deliverables Small Business Case: FNS758 Medium Business Case: FNS755 Project Management Plan (optional)12 Acquisition Plan / Strategy Acquisition Approval Request Alternative Analysis Cost Benefit Analysis Integrated Project Team Charter (optional)12 Procurement Documents, such as Statement of Work (SOW)/ Performance Work Statement (PWS) / Statement of Objectives (SOO) 12 Large Optional during the initiation phase but required in the requirements gathering and analysis phase SDLC Guide March 6, 2013 Page 19 SDLC Guide Continuation: Initiation Phase Project Size (Checkmark Denotes required) Outputs / Deliverables Outputs / Deliverables Small Project Process Agreement Privacy Impact Analysis (Optional)13 Privacy Threshold Analysis (Optional)13 Stakeholders 13 Medium Large Project Sponsor Office of Information Technology Project Manager (OIT PM) Subject Matter Experts (SME's) Integrated Project Team(IPT) Optional during the initiation phase but required in the requirements gathering and analysis phase SDLC Guide March 6, 2013 Page 20 SDLC Guide Phase II - Requirements Gathering and Analysis Inputs Business Case Project Plan Project Size(Checkmark Denotes required) Outputs / Deliverables Outputs / Deliverables Small Medium Large Privacy Threshold Analysis (PTA) Privacy Impact Analysis (PIA) System of Records Notices (SORN) Electronic Information System Questionnaire for Records Management Scheduling High-Level System Requirements Specification (SRS) System Requirements Specification (SRS) Stakeholders 14 Concept of Operations14 Requirements Traceability Matrix Integrated Project Team Charter Project Management Plan Project Sponsor SME's Business Analyst Integrated Project Team (IPT) Concept of Operations is optional for large projects. SDLC Guide March 6, 2013 Page 21 SDLC Guide Phase II - Requirements Gathering and Analysis SDLC Guide OIT PM March 6, 2013 Page 22 SDLC Guide Phase III - Design Phase III - Design Inputs Business Case Project Plan System Requirements Document (SRS) Outputs / Deliverables Project Size (Checkmark Denotes required) Outputs / Deliverables Small System Design Document Configuration Management Plan15 Stakeholders 15 16 Medium Security Business Impact Assessment16 Security Contingency Plan16 Disaster Recovery Plan Domain Name Request Project Sponsor SME's OIT PM Business Analyst Large Network Managers Developers End Users Integrated Project Team (IPT) Configuration Management Plan is optional for small projects. As required by Information Security Office(ISO) SDLC Guide March 6, 2013 Page 23 SDLC Guide Phase IV - Development Phase IV - Development Inputs System Requirements Document (SRS) System Design Document Outputs/ Deliverables Outputs/ Deliverables Project Size (Checkmark Denotes required) Small Test Plan Stakeholders SDLC Guide Medium Large OIT PM Business Analyst Developers Testers Integrated Project Team (IPT) March 6, 2013 Page 24 SDLC Guide Phase V – Integration and Testing Phase V - Integration and Testing Input System Requirements Document (SRS) System Design Document Project Plan Test Plan Project Size (Checkmark Denotes required) Outputs / Deliverables Outputs / Deliverables Small Transition Plan Operations/Maintenance Manual UAT sign-off App Scan Results Training Manual User Manual Test Results Section 508 VPAT and/or Certification Stakeholders 17 Medium Security Risk Assessment Report17 System Security Plan17 Security Assessment Plan (Security Test & Evaluation Plan)17 OIT PM Business Analyst Developers Large SME's OIT PM Testers Integrated Project Team (IPT) As required by Information Security Office(ISO) SDLC Guide March 6, 2013 Page 25 SDLC Guide Phase VI – Implementation Phase VI – Implementation Inputs Outputs / Deliverables Project Plan System Requirements Document (SRS) System Design Document Test Plan Project Size (Checkmark Denotes required) Outputs / Deliverables Small Medium Large Installation Document18 Compliance Certification Operations Readiness Lifecycle Cost Project Closeout Performance Measures Authority to Operate/Concurrency Review19 Application Guide20 Source Code Installation document is optional for small projects. As required by Information Security Office (ISO) 20 Application guide is optional for medium and large projects. 18 19 SDLC Guide March 6, 2013 Page 26 SDLC Guide Phase Stakeholders SDLC Guide VI – Implementation OIT PM Business Analyst Project Sponsor SME's Network Managers March 6, 2013 Developers Contractors Integrated Project Team (IPT) IT Governance Branch (ITGB) Page 27 SDLC Guide Phase VII – Operations/Maintenance Phase VII – Operations/Maintenance Inputs Project Plan System Requirements Document (SRS) System Design Document Test Plan Test Results Installation Document Application Guide Outputs / Deliverables Output / Deliverables Project Size (Checkmark Denotes required) Small System Post Implementation Review Report Operational Analysis Stakeholders 21 Annual Updates Required: Systems Security Plan21 Contingency Plan21 Disaster Recovery Plan System Risk Management Plan21 Lifecycle Cost Authority to Operate (Every 3 Years) Medium Large ITGB O&MB As required by Information Security Office(ISO) SDLC Guide March 6, 2013 Page 28 SDLC Guide Phase VIII – Disposition Phase VIII – Disposition Inputs Project Plan System Requirements Document (SRS) System Design Document Test Plan Test Results Installation Document Application Guide Outputs / Deliverables Project Size (Checkmark Denotes required) Outputs / Deliverables Small System Disposition Plan System Disposition Checklist Post Termination Review Report Stakeholders SDLC Guide Medium Large ITGB O&MB March 6, 2013 Page 29 SDLC Guide Appendix C –Project Process Flow - Example SDLC Project Manager/ Lead Oversight Phase approval and management of process Business Case Processing Categorize, Review, and Approve Requirement ITIRB Approval? Yes No Integrated Project Team established ADB PMB ITGB & ITIRB Phase Review and Checklist Management SDLC Steering Committee Initiation, submit Business Case IPT Customer FNS/OIT/PMD – SDLC Project Process Flow Decision to retire system In house Design and Development Integration and Testing Design and Development Integration and Testing O&MB Vendor Contractor Support SDLC Guide Keep informed of requirements March 6, 2013 Maintain (Ongoing) End Disposition Page 30 SDLC Guide Appendix D – Phase Gate Reviews Phase Gate Reviews underlie the SDLC methodology from project management and governance perspectives. The SDLC, divided into Phases, requires satisfying Phase Gate requirements (see Appendix B for more detail) in order to advance along the lifecycle process. A high-level overview of the Phase Gate Review process (i.e. High-Level SDLC Governance) is shown below. SDLC Guide September 12, 2012 Page 31 SDLC Guide SDLC Guide September 12, 2012 Page 32 SDLC Guide Appendix E – Stakeholders Defined Stakeholders will vary depending on project size and needs. The Project Lead plays a key role in determining stakeholders. An overview of stakeholders that may be involved in the SDLC is listed below. Business Analyst Contractors Developers End Users ICCB: Integrated Configuration Control Board IPT: Integrated Project Team ISO: Information Security Office ITGB: IT Governance Branch Network Managers O&MB: Operations and Maintenance Branch OIT PM: Office of Information Technology Project Manager Project Sponsor SDLC Steering Committee: PMD Managers SME’s: Subject Matter Experts Testers TRB: Technical Review Board (OIT Managers) SDLC Guide September 12, 2012 Page 33 SDLC Guide Appendix F - Working Group Charter Introduction This document establishes the purpose, organizational structure, roles, responsibilities, activities, and meeting expectations of the SDLC Working Group at the US Department of Agriculture (USDA) Food and Nutrition Service (FNS), Office of Information Technology (OIT) Portfolio Management Division (PMD). Purpose of the Working Group The Working Group is the entity responsible for developing the SDLC framework and guidance at FNS. The Working Group is critical to an effective SDLC in that it has the responsibility to: (1) create and finalize the SDLC Phases and framework,; (2) determine the documentation required for each of the SDLC Phases, (3) recommend the SDLC governance (gate reviews) and handoffs, and (4) recommend improvements to the overall SDLC. An effective SDLC helps ensure the development of quality systems that meet users needs in an efficient manner. Organizational Structure of the Working Group The SDLC Working Group consists of one member from each of PMD’s Branches and one member each from the Technology Division and the Information Security Office. The composition of the Working Group is subject to change to meet evolving organizational needs. The group functions in a collaborative, teamoriented manner aimed to collectively overcome issues and make improvements to the SDLC. The table below outlines the composition of the Working Group. Organizational Role Working Group Role Application Development Branch (ADB) Working Group Member Advocate for ADB Program Management Branch (PMB) Working Group Member Advocate for PMB Operations & Maintenance Branch (O&MB) Working Group Member Advocate for O&MB IT Governance Branch (ITGB) Working Group Member Advocate for ITGB Technology Division (TD) Working Group Member Advocate for TD Information Security Office (IS) Working Group Member Advocate for ISO SDLC Program Manager* Guidance and Oversight Advocate for SDLC Governance SDLC Guide March 6, 2013 Responsibility Page 34 SDLC Guide * The SDLC Program Manager is not an official, voting member of the Working Group but provides guidance and oversight as the group deems necessary. The SDLC Program Manager has not yet been appointed. Activities of the Working Group In support of achieving its objectives, the Working Group undertakes the following activities: Objective 1. Create SDLC framework Activities Review and finalize SDLC Phases Review and finalize SDLC framework, including ISO, Acquisition and Records Management integration. Review framework and determine required documents for SDLC Phase Determine project/systems levels (small, medium or large, etc) Finalize required SDLC deliverables by project level Review SDLC templates and finalize 3. Recommend SDLC governance Determine SDLC Phase gate reviews, including checklist for each of the gate/Phase reviews 4. SDLC On-going Improvements Recommend improvement areas to guidance, performance, standards and procedures to the executive committee 2. Finalize SDLC documents Working Group Meeting Expectations Regular touch-points are critical for Working Group success. The Working Group will meet bi-weekly unless otherwise determined by the SDLC Program Manager or SDLC Lead. The Working Group will also meet should urgent needs arise, as determined by the SDLC Program Manager or SDLC Lead. After accomplishing objectives 1 – 3, the Working Group will meet on an ad-hoc basis. SDLC Guide March 6, 2013 Page 35 SDLC Guide Appendix G. Executive Group Charter Introduction This document establishes the purpose, organizational structure, roles, responsibilities, activities, and meeting expectations of the SDLC Executive Committee at the US Department of Agriculture (USDA) Food and Nutrition Service (FNS), Office of Information Technology (OIT) Portfolio Management Division (PMD). Purpose of the Executive Committee The Executive Committee is the entity responsible for SDLC stewardship at FNS. The Executive Committee is critical to an effective SDLC in that it has the authority to: (1) oversee and make adjustments the SDLC and CONOPS process / methodology; (2) oversee and adjust the SDLC supporting guidelines, procedures, and standards; and (3) advocate the SDLC at FNS. An effective SDLC helps ensure the development of quality systems that meet users needs in an efficient manner. Organizational Structure of the Executive Committee The SDLC Executive Committee consists of PMD’s Director, Branch Chiefs, and the SDLC Program Manager. The composition of the Executive Committee is subject to change to meet evolving organizational needs. The group functions in a collaborative, team-oriented manner aimed to collectively overcome issues and make improvements to the SDLC and CONOPS. The table below outlines the composition of the Executive Committee. Organizational Role Executive Committee Role Responsibility PMD Director Executive Committee Director Authority on final decisions Application Development Branch Chief Executive Committee Member Advocate for ADB Program Management Branch Chief Executive Committee Member Advocate for PMB Operations & Maintenance Branch Chief Executive Committee Member Advocate for O&MB IT Governance Branch Chief Executive Committee Member Advocate for ITGB Activities of the Executive Committee In support of achieving its objectives, the Executive Committee undertakes the following activities: SDLC Guide March 6, 2013 Page 36 SDLC Guide Objective Activities Oversee and adjust the SDLC process / methodology Oversee and adjust guidelines, procedures, and standards Advocate the SDLC at FNS Analyze SDLC performance measures Determine SDLC issues Identify issue prioritization and mitigation strategies Initiate performance improvement strategies Define project management roles / responsibilities, as needed Review emerging trends and best practices Refine SDLC goals, objectives and values, as necessary Update the SDLC, as needed Communicate updates to external stakeholders, as necessary Assess needs related to guidance, procedures, and standards Authorize and modify SDLC guidelines, procedures, and standards (such as Control Gate materials), as needed Develop, implement, and monitor a SDLC communications, learning, and knowledgesharing plan Executive Committee Meeting Expectations Regular touch-points are critical for Executive Committee success. The Executive Committee will meet quarterly unless otherwise determined by the Executive Committee Director. The Executive Committee will also meet should urgent needs arise, as determined by the Executive Committee Director. SDLC Guide March 6, 2013 Page 37
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.5 Linearized : Yes Author : sjaffery Create Date : 2014:01:27 13:09:35-05:00 Modify Date : 2014:01:27 13:09:35-05:00 XMP Toolkit : Adobe XMP Core 5.2-c001 63.139439, 2010/09/27-13:37:26 Format : application/pdf Creator : sjaffery Title : Microsoft Word - FNS_SDLC_Guide-12-24-2013.docx Creator Tool : PScript5.dll Version 5.2.2 Producer : Acrobat Distiller 10.1.9 (Windows) Document ID : uuid:8f6a9582-0ebc-4247-afca-acaea1ebe209 Instance ID : uuid:26c070f7-fdd7-475f-be21-60b1383aef72 Page Count : 37EXIF Metadata provided by EXIF.tools