FNS_SDLC_Guide 12 24 2013x FNS SDLC Guide

User Manual:

Open the PDF directly: View PDF .
Page Count: 37

United States Department of Agriculture

Food and Nutrition Service



Office of Information Technology

Portfolio Management Division (PMD)



SystemsDevelopmentLifecycleGuide

(SDLCGuide)



September12,2012

SDLC Guide

SDLC Guide September 12, 2012 Page 2

RevisionHistory

Version Date Author Change Description

1.0 09-12-2012 Catherine Howard Created the document

1.1 02-25-2013 Syed Jaffery Updated deliverable list and added

modular/iterative development information.

1.2 03-08-2013 Kevin Russ Updated figure 1 and added stakeholders

1.3 11-06-2013 Kevin Russ Updated Deliverable list and footnotes.

1.4 12-24-2013 Panum Group Updated SDLC High-Level Governance

Diagram

ContactInformation

Area of Concern Contact Person

IT Governance Lead Kevin Russ

SDLC Coordinator Syed Jaffery

ITIRB Coordinator Sunny Dilawari

Portfolio Manager Jacqueline Butler

Program (Project) Management Branch Allison Willcox

SDLC Guide

SDLC Guide March 6, 2013 Page 3

Contents

I.Purpose and Scope ................................................................................................................................. 4

II.SDLC Overview ....................................................................................................................................... 4

Phase 1: Initiation ...................................................................................................................................... 9

Phase 2: Requirements Gathering and Analysis ..................................................................................... 10

Phase 3: Design ...................................................................................................................................... 11

Phase 4: Development ............................................................................................................................ 12

Phase 5: Integration & Testing ................................................................................................................ 13

Phase 6: Implementation ......................................................................................................................... 14

Phase 7: Operations / Maintenance (O&M) ............................................................................................. 15

Phase 8: Disposition ................................................................................................................................ 16

III.Controls / Assumptions ......................................................................................................................... 17

IV.Documentation ...................................................................................................................................... 17

V.Appendix ............................................................................................................................................... 17

A.System Category – Project Sizes ................................................................................................ 17

B.Phase Requirements ................................................................................................................... 17

C.Large Project Process Flow - Example ........................................................................................ 17

D.Phase Gate Reviews ................................................................................................................... 17

E.Stakeholders – Defined ............................................................................................................... 17

F.Working Group Charter ................................................................................................................ 17

G.Executive Group Charter ............................................................................................................. 17

SDLC Guide

SDLC Guide March 6, 2013 Page 4

I. PurposeandScope

This document details USDA FNS’ systems development lifecycle (SDLC). This process is used for all

USDA FNS OIT projects related to information system and application development, developed either

contractually or in-house. The SDLC is applicable across all FNS environments (e.g., workstation, server,

mobile, etc.).

The SDLC is used in conjunction with policy and guidelines for the security SDLC, records management,

and, acquisition and procurement. It is important to note that no system can go live unless it goes through

the security accreditation process. Further, while all Phases of the SDLC are applicable to all software

development projects, the specific steps, participants, and reviews and approvals vary depending upon

project size (as a function of cost). Information on project size as a determinant of SDLC project

categorization is detailed in Appendix A.

II. SDLCOverview

The SDLC guides the process for custom software development projects and requires various documents

and deliverables for each Phase. The system development lifecycle is the IT business process by which the

delivery Phases of custom software development projects is conducted. The SDLC provides a structure

and set of governance for FNS software development efforts. The SDLC provides the guidance required to

ensure predictability and consistency across software development projects There are eight Phases of the

SDLC, beginning with Initiation and ending with Disposition. Each successive Phase of the SDLC

leverages the documentation and knowledge gained from the previous Phases. The FNS SDLC framework

allows for tailoring of the process to include customizing, waiving or combining particular SDLC Phases,

activities, deliverables or project reviews based on your specific project requirements or specific business

needs. Tailoring is completed during the Initiation Phase of the project and is documented in the Project

Process Agreement. Project Managers document the reason why specific Phases, activities, deliverables

or reviews were adjusted. This tailoring approach is useful for iterative, incremental, modular and agile

type development methods. A graphical representation of the process is detailed in Figure 1.



SDLC Guide

SDLC Guide September 12, 2012 Page 5

Figure 1. FNS SDLC Framework

SDLC Guide

SDLC Guide September 12, 2012 Page 6

The SDLC Phases serve as checkpoints for managing OIT projects from cradle to grave. Benefits of the

SDLC include:

 Improved system integration and alignment to organizational objectives

 Increased compliance with current and planned enterprise architecture

 Improved assurance that systems are maintainable

 Reduced system redundancies and improved cost-effectiveness

 Reduced project “scope creep” through enhanced “up front” needs analysis

 Improved method consistency, repeatability, flexibility, and transparency

 Strengthened controls and accountability

 Enhanced user, manager, and stakeholder involvement

The SDLC encompasses eight Phases: Initiation, Requirements Gathering and Analysis, Design,

Development, Integration and Testing, Implementation, Operations and Maintenance, and Disposition.

Required Phase deliverables, reviews, and approvals can differ depending upon project size1 and

stakeholders2 involved. A comprehensive list of all potential deliverables is detailed in the following table

shown in Figure 2. All deliverables are required for each Phase unless otherwise noted. Specific Phase

requirements by project size are detailed in Appendix B.

Figure 2. List of Deliverables

Phase Deliverables

*Exact deliverables differ depending upon project size criteria Development Notes

1. Initiation  Business Case (FNS758; FNS755)

 Project Management Plan (optional)3

 Acquisition Plan / Strategy

 Acquisition Approval Request

 Alternative Analysis

 Cost Benefit Analysis

 Integrated Project Team Charter (optional)3

 Project Process Agreement (optional)3

 Privacy Threshold Analysis (PTA, optional)3

 Privacy Impact Analysis (optional)

2. Requirements

Gathering and

Analysis

 Privacy Threshold Analysis (PTA)

 Privacy Impact Analysis (PIA)

 System of Records Notices (SORN)

 Electronic Information System Questionnaire for Records

Management Scheduling

Iterative Development

(Optional)

1 Project size is detailed in Appendix A

2 Stakeholders are defined in Appendix D

3 Optional during the initiation phase but required in the requirements gathering and analysis phase

SDLC Guide

SDLC Guide March 6, 2013 Page 7

Phase Deliverables

*Exact deliverables differ depending upon project size criteria Development Notes

 System Requirements Specification (SRS)

 Concept of Operations

 Integrated Project Team Charter

 Project Process Agreement

 Project Management Plan

 Requirements Traceability Matrix

3. Design  Procurement Documents (e.g. Statement of Work (SOW) /

Performance Work Statement (PWS) / Statement of

Objectives (SOO))

 System Design Document

 Configuration Management Plan

 Security Business Impact Assessment

 Security Contingency Plan

 Disaster Recovery Plan

 Domain Name Request

4. Development  Test Plan

5. Integration &

Testing

 Transition Plan

 Operations/Maintenance Manual

 UAT sign-off

 App Scan Results

 Training Manual

 User Manual

 Test Results

 Section 508 VPAT and/or Certification

 Security Risk Assessment Report

 System Security Plan

 Security Assessment Plan (Security Test & Evaluation

Plan)

6. Implementation  Installation Document

 Compliance Certification

 Operations Readiness

 Life Cycle Cost

 Project Closeout

 Performance Measures

 Authority to Operate/Concurrency Review

 Application Guide

 Source Code

7. Operations /

Maintenance

(O&M)

 System Post Implementation Review Report

 Operational Analysis

 Annual Updates Required:

o Systems Security Plan

o Contingency Plan

o Disaster Recovery Plan

o System Risk Management Plan

o Life Cycle Cost

 Authority to Operate (Every 3 Years)

SDLC Guide

SDLC Guide March 6, 2013 Page 8

Phase Deliverables

*Exact deliverables differ depending upon project size criteria Development Notes

8. Disposition  System Disposition Plan

 System Disposition Checklist

 Post-Termination Review Report



SDLC Guide

SDLC Guide March 6, 2013 Page 9

Phase1:Initiation

The purpose of the Initiation Phase is to conduct initial assessment of a potential OIT system/application

development effort. This Phase helps establish a framework for project success, and includes establishing

processes for defining, planning, controlling and communicating about the project.

Deliverables4 in this Phase include:

 Business Case (FNS758; FNS755)

 Project Management Plan (optional)3

 Acquisition Plan / Strategy

 Acquisition Approval Request

 Alternative Analysis

 Cost Benefit Analysis

 Integrated Project Team Charter (optional)3

 Security and Privacy Document

 Project Process Agreement

 Privacy Impact Analysis (optional)3

 Privacy Threshold Analysis (optional)3

 Procurement Documents (e.g. Statement of Work (SOW) / Performance Work Statement (PWS) /

Statement of Objectives (SOO))

A critical governance body is established in this Phase: the Integrated Project Team (IPT). The IPT should

consist of the following core members: Project Lead; Developers; Business Leads; Technical

Representative; Security Representative; and COTR. Associate members should include Governance,

Network, Telecommunications, Records, O&M, and the Contracting Officer. The IPT is documented in this

Phase and functions from Initiation through the Implementation Phase.

The Initiation Phase includes activities, reviews and approvals as identified in the below flowchart.

4 A comprehensive deliverables list by project size is shown in Appendix B

3 Optional during the initiation phase but required in the requirements gathering and analysis phase

SDLC Guide

SDLC Guide March 6,

2013 Page

Figure 3. Initiation Phase Overview

Upon successful completion of the “Approve to Next Phase” step, the project progresses to the

Requirements Gathering and Analysis Phase.

Phase2:RequirementsGatheringandAnalysis

This Phase transforms the needs and high-level requirements specified in earlier Phases into unambiguous

(measurable and testable), traceable, complete, consistent, and stakeholder-approved requirements.

Defining requirements helps ensure development of the required capability on-time and within budget.

Deliverables

in this Phase include:

 Privacy Threshold Analysis (PTA)

 Privacy Impact Analysis (PIA)

 System of Records Notices (SORN)

 Electronic Information System Questionnaire for Records Management Scheduling

 System Requirements Specification (SRS)

 Concept of Operations

 Requirements Traceability Matrix

 Project Management Plan

 Integrated Project Team Charter

Note: During this phase, some documents produced using “Agile” methodology may not be completed.

The Requirements Gathering and Analysis Phase undergoes activities, reviews and approvals as identified

in the below flowchart.

A comprehensive deliverables list by project size is shown in Appendix B

SDLC Guide

SDLC Guide March 6,

2013 Page

Figure 4. Requirements Gathering and Analysis Phase Overview

Upon successful completion of the “Approve to Next Phase” step, the project progresses to the Design

Phase.

Phase3:Design

The purpose of the Design Phase is to transform requirements into complete and detailed system design

specifications. The physical characteristics of the system are designed during this Phase, the operating

environment is established, major subsystems and their inputs and outputs are defined, and processes are

allocated to resources. The concept is further developed to describe how the business will operate once

the approved project is implemented (i.e. becomes a “system”), and to assess impact on employee and

customer privacy. Additionally, security authorization (formally known as certification and accreditation)

activities begin with the identification of security requirements and the completion of a high level

vulnerability assessment.

Deliverables

in this Phase include:

 System Design Document

 Configuration Management Plan

 Security Business Impact Assessment

 Security Contingency Plan

 Disaster Recovery Plan

 Domain Name Request

Note: During this phase, some documents produced using “Agile” methodology may not be completed.

The Design Phase undergoes activities, reviews and approvals as identified in the below flowchart.

A comprehensive deliverables list by project size is shown in Appendix B

SDLC Guide

SDLC Guide March 6,

2013 Page

Figure 5. Design Phase Overview

Upon successful completion of the “Approve to Next Phase” step, the project progresses to the

Development Phase.

Phase4:Development

The purpose of the Development Phase is to convert the system design prototyped in the Design Phase

into a working system that addresses all documented system requirements. Further, everything requiring

user input or approval must be documented in this Phase.

Deliverables

in this Phase include:

 Test Plan

Note: During this phase, some documents produced using “Agile” methodology may not be completed.

The Development Phase undergoes activities, reviews and approvals as identified in the below flowchart.

Figure 6. Development Phase Overview

Upon successful completion of the “Approve to Next Phase” step, the project progresses to the Integration

& Testing Phase.

A comprehensive deliverables list by project size is shown in Appendix B

SDLC Guide

SDLC Guide March 6, 2013 Page 13

Phase5:Integration&Testing

The purpose of the Integration & Testing Phase is to lay the foundation for a smooth and successful

implementation. Key activities in this Phase include:

 Attaining user input or approval as defined in the prior Phase (Development)

 Preparing detailed logic specifications for each system module

 Testing and integrating units into larger components

 Preparing the technical environment for the system

This Phase focuses on achieving proof that the system meets all requirements, functions according to

design parameters, and satisfies all business, technical, and management stakeholders. Additionally, prior

to installing and operating the system in a production environment, the system must undergo security

authorization activities, as necessary.

Deliverables8 in this Phase include:

 Transition Plan

 Operations/Maintenance Manual

 UAT sign-off

 App Scan Results

 Training Manual

 User Manual

 Test Results

 Section 508 VPAT and/or Certification

 Security Risk Assessment Report

 System Security Plan

 Security Assessment Plan (Security Test & Evaluation Plan)

Note: During this phase, some documents produced using “Agile” methodology may not be completed.

The Integration & Testing Phase undergoes activities, reviews and approvals as identified in the below

flowchart.

8 A comprehensive deliverables list by project size is shown in Appendix B

SDLC Guide

SDLC Guide March 6,

2013 Page

Figure 7. Integration & Testing Phase Overview

Upon successful completion of the “Approve to Next Phase” step, the project progresses to the

Implementation Phase.

Phase6:Implementation

The purpose of the Implementation Phase is to deploy and enable operations of the new information

system in the production environment. Successful completion of the Implementation Phase should

comprise both system deployment and training on the system.

Deliverables

in this Phase include:

 Installation Document

 Compliance Certification

 Operations Readiness

 Life Cycle Cost

 Project Closeout

 Performance Measures

 Authority to Operate/Concurrency Review

 Application Guide

 Source Code

Note: All draft documents produced during previous phases for “Agile” projects must be completed during

this phase.

The Implementation Phase undergoes activities, reviews and approvals as identified in the below flowchart.

A comprehensive deliverables list by project size is shown in Appendix B

SDLC Guide

SDLC Guide March 6,

2013 Page

Figure 8. Implementation Phase Overview

Upon successful completion of the “Approve to Next Phase” step, the project progresses to the Operations

/ Maintenance (O&M) Phase.

Phase7:Operations/Maintenance(O&M)

The purpose of the Operations / Maintenance (O&M) Phase is to ensure the information system is fully

functional and performs optimally until the system reaches its end of life. The system is monitored for

continued performance in accordance with user requirements, and needed system modifications are

incorporated. The operational system is periodically assessed through In-Process Reviews to determine

how the system can be made more efficient and effective. Operations continue as long as the system can

be effectively adapted to respond to an organization’s needs. When modifications or changes are identified

as necessary, the system may reenter the planning Phase.

Deliverables

in this Phase include:

 System Post Implementation Review Report

 Operational Analysis

 Annual Updates Required:

 Systems Security Plan

 Contingency Plan

 Disaster Recovery Plan

 System Risk Management Plan

 Life Cycle Cost

 Authority to Operate (Every 3 Years)

The O&M Phase undergoes activities, reviews and approvals as identified in the below flowchart.

A comprehensive deliverables list by project size is shown in Appendix B

SDLC Guide

SDLC Guide March 6,

2013 Page

Figure 9. Operations / Maintenance Phase Overview

Upon advancement to the “Continue in Phase or Retire” step, the project is determined to continue

operating or advance to the Disposition Phase.

Phase8:Disposition

The purpose of the Disposition Phase is to shut down the operational system in a controlled manner. The

disposition activities allow for the orderly termination of the system and preserve the vital information about

the system so that some or all of the information may be retrieved in the future, if necessary. Particular

emphasis is given to proper preservation of the data processed by the system, so that the data is effectively

migrated to another system or archived in accordance with applicable records management regulations and

policies for potential future access.

Deliverables

in this Phase include:

 System Disposition Plan

 System Disposition Checklist

 Post-Termination Review Report

The Disposition Phase undergoes activities, reviews and approvals as identified in the below flowchart.

Figure 10. Disposition Phase Overview

A comprehensive deliverables list by project size is shown in Appendix B

SDLC Guide

SDLC Guide March 6, 2013 Page 17

Upon successful completion of the “Retire System / Application” step, the system is discontinued from

service.

III. Controls/Assumptions

This SDLC calls for a series of comprehensive management controls. These include:

 Lifecycle management should be used to ensure a structured approach to information systems

development and operation.

 Configuration management should occur in order to assist with reporting and decision-making.

 Each project must have an accountable sponsor.

 A single project manager must be appointed for each system project.

 A comprehensive project management plan is required for each system project.

 Data Management and security must be emphasized throughout the lifecycle.

 A project may not proceed until resource availability is assured.

IV. Documentation

This lifecycle methodology specifies which documentation shall be generated during each Phase. Some

documentation remains unchanged throughout the systems lifecycle while others evolve or are revised to

reflect results from analyses performed in later Phases. Each of the documents produced are collected and

stored per OIT policy.

V. Appendix

A. System Category – Project Sizes

B. Phase Requirements

C. Large Project Process Flow - Example

D. Phase Gate Reviews

E. Stakeholders – Defined

F. Working Group Charter

G. Executive Group Charter

SDLC Guide

SDLC Guide March 6, 2013 Page 18

Appendix A: System Category – Project Sizes

Select from following categories to determine a project’s appropriate SDLC process:

i. Small Project

a. Expected cost is less than $25,000

b. Risk and complexity are low

c. An individual unit is involved

d. Expected duration is less than 4 months

ii. Medium Project

a. Expected cost is $25,000 to $500,000

b. Project Management methodology is required

c. Complexity is medium to high

d. Multiple people/departments are involved

e. Expected duration is less than a year

iii. Large Project

a. Expected cost is greater than $500,000

b. Full Project Management methodology is required

c. Expense, risk, or complexity are high

d. Large number of people/departments are involved

e. Anticipated lifecycle is long

SDLC Guide

SDLC Guide March 6, 2013 Page 19

Appendix B: Phase Requirements

Phase I - Initiation

Inputs  N/A

Outputs /

Deliverables Outputs / Deliverables

Project Size

(Checkmark Denotes required)

Small Medium Large

Business Case: FNS758 

 

Business Case: FNS755  

Project Management Plan (optional)12   

Acquisition Plan / Strategy   

Acquisition Approval Request  

Alternative Analysis 

Cost Benefit Analysis  

Integrated Project Team Charter

(optional)12   

Procurement Documents, such as

Statement of Work (SOW)/

Performance Work Statement (PWS)

/ Statement of Objectives (SOO)

  

12 Optional during the initiation phase but required in the requirements gathering and analysis phase

SDLC Guide

SDLC Guide March 6, 2013 Page 20

Continuation: Initiation Phase

Outputs /

Deliverables Outputs / Deliverables

Project Size

(Checkmark Denotes required)

Small Medium Large

Project Process Agreement   

Privacy Impact Analysis (Optional)13   

Privacy Threshold Analysis

(Optional)13   

Stakeholders  Project Sponsor

 Office of Information Technology Project Manager (OIT PM)

 Subject Matter Experts (SME's)

 Integrated Project Team(IPT)

13 Optional during the initiation phase but required in the requirements gathering and analysis phase

SDLC Guide

SDLC Guide March 6, 2013 Page 21

Phase II - Requirements Gathering and Analysis

Inputs  Business Case

 Project Plan

Outputs /

Deliverables Outputs / Deliverables

Project Size(Checkmark Denotes required)

Small Medium Large

Privacy Threshold Analysis (PTA)   

Privacy Impact Analysis (PIA)   

System of Records Notices (SORN)   

Electronic Information System Questionnaire

for Records Management Scheduling   

High-Level System Requirements

Specification (SRS)   

System Requirements Specification (SRS)  

Concept of Operations14   

Requirements Traceability Matrix   

Integrated Project Team Charter   

Project Management Plan   

Stakeholders  Project Sponsor

 SME's



Business Analyst

 Integrated Project Team (IPT)

14 Concept of Operations is optional for large projects.

SDLC Guide

SDLC Guide March 6, 2013 Page 22

Phase II - Requirements Gathering and Analysis

 OIT PM

SDLC Guide

SDLC Guide March 6, 2013 Page 23

Phase III - Design

Inputs  Business Case

 Project Plan

 System Requirements Document (SRS)

Outputs /

Deliverables Outputs / Deliverables

Project Size

(Checkmark Denotes required)

Small Medium Large

System Design Document   

Configuration Management Plan15   

Security Business Impact Assessment16  

Security Contingency Plan16  

Disaster Recovery Plan  

Domain Name Request  

Stakeholders

 Project Sponsor

 SME's

 OIT PM

 Business Analyst



Network Managers

 Developers

 End Users

 Integrated Project Team (IPT)

15 Configuration Management Plan is optional for small projects.

16 As required by Information Security Office(ISO)

SDLC Guide

SDLC Guide March 6, 2013 Page 24

Phase IV - Development

Inputs  System Requirements Document (SRS)

 System Design Document

Outputs/

Deliverables Outputs/ Deliverables Project Size

(Checkmark Denotes required)

Small Medium Large

Test Plan   

Stakeholders  OIT PM

 Business Analyst

 Developers

 Testers

 Integrated Project Team (IPT)

SDLC Guide

SDLC Guide March 6, 2013 Page 25

Phase V – Integration and Testing

Phase V - Integration and Testing

Input  System Requirements Document (SRS)

 System Design Document

 Project Plan

 Test Plan

Outputs /

Deliverables Outputs / Deliverables

Project Size (Checkmark Denotes required)

Small Medium Large

Transition Plan   

Operations/Maintenance Manual   

UAT sign-off   

App Scan Results   

Training Manual   

User Manual   

Test Results   

Section 508 VPAT and/or Certification   

Security Risk Assessment Report17  

System Security Plan17  

Security Assessment Plan (Security Test &

Evaluation Plan)17  

Stakeholders  OIT PM

 Business Analyst

 Developers



SME's

 OIT PM

 Testers

 Integrated Project Team (IPT)

17 As required by Information Security Office(ISO)

SDLC Guide

SDLC Guide March 6, 2013 Page 26

Phase VI – Implementation

Inputs  Project Plan

 System Requirements Document (SRS)

 System Design Document

 Test Plan

Outputs /

Deliverables Outputs / Deliverables

Project Size

(Checkmark Denotes required)

Small Medium Large

Installation Document18   

Compliance Certification  

Operations Readiness 

 

Lifecycle Cost 

 

Project Closeout 

 

Performance Measures  

Authority to Operate/Concurrency

Review19  

Application Guide20   

Source Code   

18 Installation document is optional for small projects.

19 As required by Information Security Office (ISO)

20 Application guide is optional for medium and large projects.

SDLC Guide

SDLC Guide March 6, 2013 Page 27

Phase VI – Implementation

Stakeholders  OIT PM

 Business Analyst

 Project Sponsor

 SME's

 Network Managers



Developers

 Contractors

 Integrated Project Team (IPT)

 IT Governance Branch (ITGB)

SDLC Guide

SDLC Guide March 6, 2013 Page 28

Phase VII – Operations/Maintenance

Inputs  Project Plan

 System Requirements Document (SRS)

 System Design Document

 Test Plan

 Test Results

 Installation Document

 Application Guide

Outputs /

Deliverables Output / Deliverables

Project Size

(Checkmark Denotes required)

Small Medium Large

System Post Implementation Review Report  

Operational Analysis   

Annual Updates Required:

 Systems Security Plan21

 Contingency Plan21

 Disaster Recovery Plan

 System Risk Management Plan21

 Lifecycle Cost

 

Authority to Operate (Every 3 Years)  

Stakeholders

 ITGB

 O&MB

21 As required by Information Security Office(ISO)

SDLC Guide

SDLC Guide March 6, 2013 Page 29

Phase VIII – Disposition

Inputs  Project Plan

 System Requirements Document (SRS)

 System Design Document

 Test Plan

 Test Results

 Installation Document

 Application Guide

Outputs /

Deliverables Outputs / Deliverables

Project Size

(Checkmark Denotes required)

Small Medium Large

System Disposition Plan 

 

System Disposition Checklist 

 

Post Termination Review Report 

 

Stakeholders  ITGB

 O&MB

SDLC Guide

SDLC Guide March 6, 2013 Page 30

Appendix C –Project Process Flow - Example

FNS/OIT/PMD – SDLC Project Process Flow

IPTO&MB PMBVendor ITGB &

ITIRB

SDLC

Steering

Committee

ADB Customer

SDLC

Project

Manager/

Lead

Initiation, submit

Business Case

Categorize,

Review, and

Approve

Requirement

End

Business

Case

Processing

Maintain

(Ongoing)

Phase Review and

Checklist

Management

Integrated

Project Team

established

ITIRB

Approval?

Design and

Development

Oversight

Design and

Development

Keep

informed of

requirements

Integration

and Testing

Phase approval

and management

of process

Disposition

Yes

Contractor Support

Integration

and Testing

In house Decision to

retire system

SDLC Guide

SDLC Guide September 12, 2012 Page 31

Appendix D – Phase Gate Reviews

Phase Gate Reviews underlie the SDLC methodology from project management and governance

perspectives. The SDLC, divided into Phases, requires satisfying Phase Gate requirements (see Appendix

B for more detail) in order to advance along the lifecycle process. A high-level overview of the Phase Gate

Review process (i.e. High-Level SDLC Governance) is shown below.

SDLC Guide

SDLC Guide September 12, 2012 Page 32

SDLC Guide

SDLC Guide September 12, 2012 Page 33

Appendix E – Stakeholders Defined

Stakeholders will vary depending on project size and needs. The Project Lead plays a key role in

determining stakeholders. An overview of stakeholders that may be involved in the SDLC is listed below.

 Business Analyst

 Contractors

 Developers

 End Users

 ICCB: Integrated Configuration Control Board

 IPT: Integrated Project Team

 ISO: Information Security Office

 ITGB: IT Governance Branch

 Network Managers

 O&MB: Operations and Maintenance Branch

 OIT PM: Office of Information Technology Project Manager

 Project Sponsor

 SDLC Steering Committee: PMD Managers

 SME’s: Subject Matter Experts

 Testers

 TRB: Technical Review Board (OIT Managers)

SDLC Guide

SDLC Guide March 6, 2013 Page 34

Appendix F - Working Group Charter

Introduction

This document establishes the purpose, organizational structure, roles, responsibilities, activities, and

meeting expectations of the SDLC Working Group at the US Department of Agriculture (USDA) Food and

Nutrition Service (FNS), Office of Information Technology (OIT) Portfolio Management Division (PMD).

Purpose of the Working Group

The Working Group is the entity responsible for developing the SDLC framework and guidance at FNS.

The Working Group is critical to an effective SDLC in that it has the responsibility to: (1) create and finalize

the SDLC Phases and framework,; (2) determine the documentation required for each of the SDLC

Phases, (3) recommend the SDLC governance (gate reviews) and handoffs, and (4) recommend

improvements to the overall SDLC. An effective SDLC helps ensure the development of quality systems

that meet users needs in an efficient manner.

Organizational Structure of the Working Group

The SDLC Working Group consists of one member from each of PMD’s Branches and one member each

from the Technology Division and the Information Security Office. The composition of the Working Group is

subject to change to meet evolving organizational needs. The group functions in a collaborative, team-

oriented manner aimed to collectively overcome issues and make improvements to the SDLC. The table

below outlines the composition of the Working Group.

Organizational Role Working Group Role Responsibility

Application Development

Branch (ADB)

Working Group Member  Advocate for ADB

Program Management

Branch (PMB)

Working Group Member  Advocate for PMB

Operations & Maintenance

Branch (O&MB)

Working Group Member  Advocate for O&MB

IT Governance Branch

(ITGB)

Working Group Member  Advocate for ITGB

Technology Division (TD) Working Group Member  Advocate for TD

Information Security Office

(IS)

Working Group Member  Advocate for ISO

SDLC Program Manager* Guidance and Oversight  Advocate for SDLC Governance

SDLC Guide

SDLC Guide March 6, 2013 Page 35

* The SDLC Program Manager is not an official, voting member of the Working Group but provides

guidance and oversight as the group deems necessary. The SDLC Program Manager has not yet been

appointed.

Activities of the Working Group

In support of achieving its objectives, the Working Group undertakes the following activities:

Objective Activities

1. Create SDLC framework  Review and finalize SDLC Phases

 Review and finalize SDLC framework,

including ISO, Acquisition and Records

Management integration.

2. Finalize SDLC documents  Review framework and determine required

documents for SDLC Phase

 Determine project/systems levels (small,

medium or large, etc)

 Finalize required SDLC deliverables by

project level

 Review SDLC templates and finalize

3. Recommend SDLC governance  Determine SDLC Phase gate reviews,

including checklist for each of the

gate/Phase reviews

4. SDLC On-going Improvements  Recommend improvement areas to

guidance, performance, standards and

procedures to the executive committee

Working Group Meeting Expectations

Regular touch-points are critical for Working Group success. The Working Group will meet bi-weekly

unless otherwise determined by the SDLC Program Manager or SDLC Lead. The Working Group will also

meet should urgent needs arise, as determined by the SDLC Program Manager or SDLC Lead. After

accomplishing objectives 1 – 3, the Working Group will meet on an ad-hoc basis.

SDLC Guide

SDLC Guide March 6, 2013 Page 36

Appendix G. Executive Group Charter

Introduction

This document establishes the purpose, organizational structure, roles, responsibilities, activities, and

meeting expectations of the SDLC Executive Committee at the US Department of Agriculture (USDA) Food

and Nutrition Service (FNS), Office of Information Technology (OIT) Portfolio Management Division (PMD).

Purpose of the Executive Committee

The Executive Committee is the entity responsible for SDLC stewardship at FNS. The Executive

Committee is critical to an effective SDLC in that it has the authority to: (1) oversee and make adjustments

the SDLC and CONOPS process / methodology; (2) oversee and adjust the SDLC supporting guidelines,

procedures, and standards; and (3) advocate the SDLC at FNS. An effective SDLC helps ensure the

development of quality systems that meet users needs in an efficient manner.

Organizational Structure of the Executive Committee

The SDLC Executive Committee consists of PMD’s Director, Branch Chiefs, and the SDLC Program

Manager. The composition of the Executive Committee is subject to change to meet evolving

organizational needs. The group functions in a collaborative, team-oriented manner aimed to collectively

overcome issues and make improvements to the SDLC and CONOPS. The table below outlines the

composition of the Executive Committee.

Organizational Role Executive Committee Role Responsibility

PMD Director Executive Committee Director  Authority on final decisions

Application Development

Branch Chief

Executive Committee Member  Advocate for ADB

Program Management

Branch Chief

Executive Committee Member  Advocate for PMB

Operations & Maintenance

Branch Chief

Executive Committee Member  Advocate for O&MB

IT Governance Branch

Chief

Executive Committee Member  Advocate for ITGB

Activities of the Executive Committee

In support of achieving its objectives, the Executive Committee undertakes the following activities:

SDLC Guide

SDLC Guide March 6, 2013 Page 37

Objective Activities

Oversee and adjust the SDLC process /

methodology

 Analyze SDLC performance measures

 Determine SDLC issues

 Identify issue prioritization and mitigation

strategies

 Initiate performance improvement strategies

 Define project management roles /

responsibilities, as needed

 Review emerging trends and best practices

 Refine SDLC goals, objectives and values,

as necessary

 Update the SDLC, as needed

 Communicate updates to external

stakeholders, as necessary

Oversee and adjust guidelines, procedures, and

standards

 Assess needs related to guidance,

procedures, and standards

 Authorize and modify SDLC guidelines,

procedures, and standards (such as Control

Gate materials), as needed

Advocate the SDLC at FNS  Develop, implement, and monitor a SDLC

communications, learning, and knowledge-

sharing plan

Executive Committee Meeting Expectations

Regular touch-points are critical for Executive Committee success. The Executive Committee will meet

quarterly unless otherwise determined by the Executive Committee Director. The Executive Committee will

also meet should urgent needs arise, as determined by the Executive Committee Director.

FNS_SDLC_Guide 12 24 2013x FNS SDLC Guide

Navigation menu

Versions of this User Manual:

Views

Navigation