The Systems Development Life Cycle
Systems Development Life Cycle (SDLC) emphasizes decision processes that influence system cost and usefulness. These decisions must be based on full consideration of business processes, functional requirements, and economic and technical feasibility in order to produce an effective system. The primary objectives of any SDLC are to deliver quality systems that: 1) meet or exceed customer expectations when promised and within cost estimates, 2) work effectively and efficiently within the current and planned information technology infrastructure, and 3) are inexpensive to maintain and cost-effective to enhance. This SDLC establishes a logical order of events for conducting system development that is controlled, measured, documented, and ultimately improved.
This document does not prescribe a single method applicable without change to every system. Because there is wide variance in the methods, techniques and tools used to support the evolution of systems, and project scopes vary greatly, the SDLC presents guidance for selecting appropriate methods, techniques, and tools based on specific factors.
One methodology does not fit all sizes and types of system development efforts. Therefore, the DOJ SDLC methodology provides for a full sequential SDLC work pattern and for alternative SDLC work patterns. Components involved in smaller projects could use these alternative SDLC work patterns, where the documentation is shortened and even combined. It also provides a work pattern to accommodate the acquisition and implementation of commercial-off-the-shelf (COTS) products.
Purpose, Scope, and Applicability
The SDLC serves as the mechanism to assure that systems under development meet the established requirements and support the Department of Justice (DOJ) mission functions. It provides a structured approach to managing information technology (IT) projects beginning with establishing the justification for initiating a systems development or maintenance effort and concluding with system disposition. Examples of documentation outlines are included in Appendix C.
The primary audience for this guidance are the systems developers, IT project managers, program/account analysts and system owners/users responsible for defining and delivering DOJ systems, their staff, and their support contractors. Specific roles and responsibilities are described throughout each life cycle phase.
Changes to this Document
Any changes to this document should be directed to the Information Management and Security Staff, 601 D Street, NW, Suite 1600, Washington DC 20350, ATTENTION: Becky Nichols.
Change |
Sections Affected |
---|---|
Updated Table of Contents |
Table of Contents |
Removed line referencing INS Added the Record of Changes |
Executive Summary |
Replaced “benefits” with “objectives” and minor word adjustments |
Forward |
Added the Initiation Phase to the SDLC. This will more closely align the SDLC with the Information Technology Investment Management (ITIM) process Removed reference to IEEE/EIA and ISO requirements Added audience to section 1.1.3 - Applicability Replaced two figures on pages 1-3 and 1-4 with updated figure on page 1-3 to include Initiation Phase Clarified the purpose of each phase Added the new TRM as a control in section 1.3 Moved and updated the table with planning documents from Chapter 3 |
Chapter 1: Introduction |
Added a description and web address of the ITIM process Removed section on IRM Planning for Information Systems Added discussion and web address of the Enterprise Architecture Removed two paragraphs from the Performance Measurement section and reordered the paragraphs on business process reengineering Removed section Quality Improvement Process and the Life Cycle and Budget Formulation for Systems Initiatives Added Systems Security information and web address |
Chapter 2: Strategic Planning |
Replaced old Chapter 3: Key Support Processes with the Initiation Phase to more closely align the SDLC with the ITIM process Added a deliverable to the Initiation Phase - concept proposal (new Appendix C-1) |
Chapter 3: Initiation Phase |
Section 3 of each chapter is changed to read “Deliverables” and section 5 of each chapter is changed to read “Phase Review Activity” |
Chapters 3-12 |
Moved the first two tasks and activities to Chapter 3: Initiation Phase Renamed the activities 4.1.1 through 4.1.7 Removed the Need Advocate Replaced the test under section 4.1.2 to better explain the activity Provided the web address for the Exhibit 300 Enhanced the Project Manager role to clarify that he is responsible for the deliverables and reporting to management Added Component CIO/ERB to the roles and responsibilities section Added a reference to the TRM in section 4.3.2 Removed section 4.4.3 Project Approach Decisions |
Chapter 4: System Concept Development Phase |
Replaced paragraphs in section 5.0 Removed reference to SEI CMM Added section 5.1.12 - Revise previous documentation Added clarifying statements to the roles of Project Manager, Contracting Officer and changed Project Decision Maker to CIO/ERB Realigned the deliverables 5.3.1 through 5.3.8 to match the table of contents Added Quality Assurance Plan as a deliverable with a template - Appendix C-8 Provided the web address for NIST documents |
Chapter 5: Planning Phase |
Combined tasks 6.1.1 with 6.1.2 and 6.1.3 with 6.1.4 Added clarifying sentences to tasks 6.1.3, and 6.1.4 Changed name of 6.1.5 to Conduct Functional Review and added clarifying sentences Replaced paragraph discussing previous documents with simple statement to review and update if necessary. Enhanced role of Project Manager and Contracting Officer Added Technical Review Board to roles and responsibilities Moved bullets under 6.3.1 to 6.1.2 Added the Privacy Act Assessment (PIA) as a deliverable and provided web address for the guide Combined 6.3.5 with 6.3.4 under Privacy Act Notice/Privacy Impact Assessment |
Chapter 6: Requirements Analysis Phase |
Removed three activities 7.1.3, 7.1.7 and 7.1.10 and renumbered activities Clarified what environment is under 7.1.1 Added paragraphs from chapter 8 under section 7.1.2 Clarified what a preliminary design review accomplishes Clarified section 7.1.8 Simplified the section on revising previous documentation Changed Final Design Review to Critical Design Review and clarified its meaning Enhanced Project Manager and Contracting Officer roles. Provided reference to appendix for all deliverables Added the Security Risk Assessment as a deliverable in this phase. Although the tasks and activities mentioned doing this, a deliverable was not put in section 7.3 - Appendix C-17 Removed the Contingency Plan from this phase and put it in the Development Phase. Simplified the Phase Review Activity by removing sections 7.5.1 and 7.5.2 |
Chapter 7: Design Phase |
Renamed the tasks with a verb and noun and renumbered Moved the Requirements tasks (8.1.2 and 8.1.4) to chapter 6 and the Design tasks (8.1.3, 8.1.5 and 8.1.6) to chapter 7 Added sentence at end of section 8.0 Removed section 8.1.1 Added activity to revise previous documentation Enhanced role of Project Manager, Contracting Officer Added role of Developer Realigned the deliverables to match table of contents Moved Contingency Plan from Design Phase Moved the Test Analysis Report from this phase to Integration and Test Phase Removed 8.3.6 Periodic Progress Reports from a deliverable |
Chapter 8: Development Phase |
Removed sentences from section 9.0 Renamed activities with verb and noun Added “Conduct Integration Tests” to the activities Enhanced roles of Project Manager, Project Team, and Contracting Officer Added role of User Added Test Analysis Report from Development Phase Provided web address for documentation relating to C&A of IT systems |
Chapter 9: Integration and Test Phase |
Clarified that C&A should be complete prior to implementation - removed sentence from section 10.0 and activity 10.1.5 Renamed activities with verb and noun Enhanced roles of Project Manager and Contracting Officer Replaced paragraph describing PIR - section 10.3.4 Replaced paragraph under section 10.4 Simplified section 10.5 - Phase Review Activity |
Chapter 10: Implementation Phase |
Renamed activities with verb and noun Removed several roles that were not discussed in this chapter: Vendor Support; Help Desk and COTR. Added Contracting Officer and role The two deliverables are reports in this chapter Added another issue on security re-certification - section 11.4.3 Simplified section 11.5 - Phase Review Activity Renamed the Periodic System Review with In-Process Review (IPR) to more closely align with the ITIM process. |
Chapter 11: Operations and Maintenance Phase |
Changed the name of activity 12.1.7 to “Conduct Post-Termination Review Report) Removed several roles that were not discussed in this chapter: Manager of Application; Technical Support; Users Services; Operations; Program Manager/Analysts; and Customers Enhanced role of Project Manager |
Chapter 12: Disposition Phase |
Renumbered the Appendices |
All Appendices C |
Added Concept Proposal template and outline |
Appendix C-1 |
Replaced System Boundary Document with example from the Patent and Trade Office (PTO) Added System Boundary Document Outline |
Appendix C-2 |
Simplified this appendix by removing sections 1.4; 1.5; 1.6; 1.7 and section 2.0 Added more examples of assumptions and conditions Added architecture paragraph 1.6 under Feasible Alternatives Removed old section 4.1.1 and 4.1.2 Added clarifying sentence for using NPV under section 4.2 Added discussion of comparison tools to rank alternatives under section 6.0 Removed old section 7.3 - conclusion Made References and Documentation an appendix Made Glossary and Acronyms an appendix |
Appendix C-3 |
Added web address for acquisition regulations |
Appendix C-6 |
Clarified what CM is under Introduction Added section 4.2 on Review and Control Boards under section 2.0 Clarified what is meant by Configuration Baseline Management under section 3.5 Added more in-depth discussion of Configuration Control - section 4.0 Clarified how to document changes under section 4.1 Clarified Configuration Status Accounting under section 5.0 Explained Configuration Audits under section 6.0 |
Appendix C-7 |
Updated System Security Plan template and outline |
Appendix C-10 |
Simplified Introduction under section 1.0 |
Appendix C-14 |
Normalized name of Test and Evaluation Plan to TEMP throughout document Added responsibilities under section 6.0 |
Appendix C -15 |
Renamed Post-Implementation Review Report to Post-Implementation Review |
Appendix C-34 |
Renamed the Periodic System Review Report to the In-Process Review Report. |
Appendix C-35 |
Renamed User Satisfaction Review to User Satisfaction Review Report |
Appendix C-36 |