Table of Contents | Forward


The Systems Development Life Cycle

Systems Development Life Cycle (SDLC) emphasizes decision processes that influence system cost and usefulness. These decisions must be based on full consideration of business processes, functional requirements, and economic and technical feasibility in order to produce an effective system. The primary objectives of any SDLC are to deliver quality systems that: 1) meet or exceed customer expectations when promised and within cost estimates, 2) work effectively and efficiently within the current and planned information technology infrastructure, and 3) are inexpensive to maintain and cost-effective to enhance. This SDLC establishes a logical order of events for conducting system development that is controlled, measured, documented, and ultimately improved.

This document does not prescribe a single method applicable without change to every system. Because there is wide variance in the methods, techniques and tools used to support the evolution of systems, and project scopes vary greatly, the SDLC presents guidance for selecting appropriate methods, techniques, and tools based on specific factors.

One methodology does not fit all sizes and types of system development efforts. Therefore, the DOJ SDLC methodology provides for a full sequential SDLC work pattern and for alternative SDLC work patterns. Components involved in smaller projects could use these alternative SDLC work patterns, where the documentation is shortened and even combined. It also provides a work pattern to accommodate the acquisition and implementation of commercial-off-the-shelf (COTS) products.

Purpose, Scope, and Applicability

The SDLC serves as the mechanism to assure that systems under development meet the established requirements and support the Department of Justice (DOJ) mission functions. It provides a structured approach to managing information technology (IT) projects beginning with establishing the justification for initiating a systems development or maintenance effort and concluding with system disposition. Examples of documentation outlines are included in Appendix C.

The primary audience for this guidance are the systems developers, IT project managers, program/account analysts and system owners/users responsible for defining and delivering DOJ systems, their staff, and their support contractors. Specific roles and responsibilities are described throughout each life cycle phase.

Changes to this Document

Any changes to this document should be directed to the Information Management and Security Staff, 601 D Street, NW, Suite 1600, Washington DC 20350, ATTENTION: Becky Nichols.

Record of Change
SDLC Version 2.0


Sections Affected

Updated Table of Contents

Table of Contents

Removed line referencing INS

Added the Record of Changes

Executive Summary

Replaced “benefits” with “objectives” and minor word adjustments


Added the Initiation Phase to the SDLC. This will more closely align the SDLC with the Information Technology Investment Management (ITIM) process Removed reference to IEEE/EIA and ISO requirements

Added audience to section 1.1.3 - Applicability

Replaced two figures on pages 1-3 and 1-4 with updated figure on page 1-3 to include Initiation Phase

Clarified the purpose of each phase

Added the new TRM as a control in section 1.3 Moved and updated the table with planning documents from Chapter 3

Chapter 1: Introduction

Added a description and web address of the ITIM process

Removed section on IRM Planning for Information Systems

Added discussion and web address of the Enterprise Architecture

Removed two paragraphs from the Performance Measurement section and reordered the paragraphs on business process reengineering

Removed section Quality Improvement Process and the Life Cycle and Budget Formulation for Systems Initiatives

Added Systems Security information and web address

Chapter 2: Strategic Planning

Replaced old Chapter 3: Key Support Processes with the Initiation Phase to more closely align the SDLC with the ITIM process

Added a deliverable to the Initiation Phase - concept proposal (new Appendix C-1)

Chapter 3: Initiation Phase

Section 3 of each chapter is changed to read “Deliverables” and section 5 of each chapter is changed to read “Phase Review Activity”

Chapters 3-12

Moved the first two tasks and activities to Chapter 3: Initiation Phase

Renamed the activities 4.1.1 through 4.1.7

Removed the Need Advocate

Replaced the test under section 4.1.2 to better explain the activity

Provided the web address for the Exhibit 300

Enhanced the Project Manager role to clarify that he is responsible for the deliverables and reporting to management

Added Component CIO/ERB to the roles and responsibilities section

Added a reference to the TRM in section 4.3.2

Removed section 4.4.3 Project Approach Decisions

Chapter 4: System Concept Development Phase

Replaced paragraphs in section 5.0

Removed reference to SEI CMM

Added section 5.1.12 - Revise previous documentation

Added clarifying statements to the roles of Project Manager, Contracting Officer and changed Project Decision Maker to CIO/ERB

Realigned the deliverables 5.3.1 through 5.3.8 to match the table of contents

Added Quality Assurance Plan as a deliverable with a template - Appendix C-8

Provided the web address for NIST documents

Chapter 5: Planning Phase

Combined tasks 6.1.1 with 6.1.2 and 6.1.3 with 6.1.4

Added clarifying sentences to tasks 6.1.3, and 6.1.4

Changed name of 6.1.5 to Conduct Functional Review and added clarifying sentences

Replaced paragraph discussing previous documents with simple statement to review and update if necessary.

Enhanced role of Project Manager and Contracting Officer

Added Technical Review Board to roles and responsibilities

Moved bullets under 6.3.1 to 6.1.2

Added the Privacy Act Assessment (PIA) as a deliverable and provided web address for the guide

Combined 6.3.5 with 6.3.4 under Privacy Act Notice/Privacy Impact Assessment

Chapter 6: Requirements Analysis Phase

Removed three activities 7.1.3, 7.1.7 and 7.1.10 and renumbered activities

Clarified what environment is under 7.1.1

Added paragraphs from chapter 8 under section 7.1.2

Clarified what a preliminary design review accomplishes

Clarified section 7.1.8

Simplified the section on revising previous documentation

Changed Final Design Review to Critical Design Review and clarified its meaning

Enhanced Project Manager and Contracting Officer roles.

Provided reference to appendix for all deliverables

Added the Security Risk Assessment as a deliverable in this phase. Although the tasks and activities mentioned doing this, a deliverable was not put in section 7.3 - Appendix C-17

Removed the Contingency Plan from this phase and put it in the Development Phase.

Simplified the Phase Review Activity by removing sections 7.5.1 and 7.5.2

Chapter 7: Design Phase

Renamed the tasks with a verb and noun and renumbered

Moved the Requirements tasks (8.1.2 and 8.1.4) to chapter 6 and the Design tasks (8.1.3, 8.1.5 and 8.1.6) to chapter 7

Added sentence at end of section 8.0

Removed section 8.1.1

Added activity to revise previous documentation

Enhanced role of Project Manager, Contracting Officer

Added role of Developer

Realigned the deliverables to match table of contents

Moved Contingency Plan from Design Phase

Moved the Test Analysis Report from this phase to Integration and Test Phase

Removed 8.3.6 Periodic Progress Reports from a deliverable

Chapter 8: Development Phase

Removed sentences from section 9.0

Renamed activities with verb and noun

Added “Conduct Integration Tests” to the activities

Enhanced roles of Project Manager, Project Team, and Contracting Officer

Added role of User

Added Test Analysis Report from Development Phase

Provided web address for documentation relating to C&A of IT systems

Chapter 9: Integration and Test Phase

Clarified that C&A should be complete prior to implementation - removed sentence from section 10.0 and activity 10.1.5

Renamed activities with verb and noun

Enhanced roles of Project Manager and Contracting Officer

Replaced paragraph describing PIR - section 10.3.4

Replaced paragraph under section 10.4

Simplified section 10.5 - Phase Review Activity

Chapter 10: Implementation Phase

Renamed activities with verb and noun

Removed several roles that were not discussed in this chapter: Vendor Support; Help Desk and COTR.

Added Contracting Officer and role

The two deliverables are reports in this chapter

Added another issue on security re-certification - section 11.4.3

Simplified section 11.5 - Phase Review Activity

Renamed the Periodic System Review with In-Process Review (IPR) to more closely align with the ITIM process.

Chapter 11: Operations and Maintenance Phase

Changed the name of activity 12.1.7 to “Conduct Post-Termination Review Report)

Removed several roles that were not discussed in this chapter: Manager of Application; Technical Support; Users Services; Operations; Program Manager/Analysts; and Customers

Enhanced role of Project Manager

Chapter 12: Disposition Phase

Renumbered the Appendices

All Appendices C

Added Concept Proposal template and outline

Appendix C-1

Replaced System Boundary Document with example from the Patent and Trade Office (PTO)

Added System Boundary Document Outline

Appendix C-2

Simplified this appendix by removing sections 1.4; 1.5; 1.6; 1.7 and section 2.0

Added more examples of assumptions and conditions

Added architecture paragraph 1.6 under Feasible Alternatives

Removed old section 4.1.1 and 4.1.2

Added clarifying sentence for using NPV under section 4.2

Added discussion of comparison tools to rank alternatives under section 6.0

Removed old section 7.3 - conclusion

Made References and Documentation an appendix

Made Glossary and Acronyms an appendix

Appendix C-3

Added web address for acquisition regulations

Appendix C-6

Clarified what CM is under Introduction

Added section 4.2 on Review and Control Boards under section 2.0

Clarified what is meant by Configuration Baseline Management under section 3.5

Added more in-depth discussion of Configuration Control - section 4.0

Clarified how to document changes under section 4.1

Clarified Configuration Status Accounting under section 5.0

Explained Configuration Audits under section 6.0

Appendix C-7

Updated System Security Plan template and outline

Appendix C-10

Simplified Introduction under section 1.0

Appendix C-14

Normalized name of Test and Evaluation Plan to TEMP throughout document

Added responsibilities under section 6.0

Appendix C -15

Renamed Post-Implementation Review Report to Post-Implementation Review

Appendix C-34

Renamed the Periodic System Review Report to the In-Process Review Report.

Appendix C-35

Renamed User Satisfaction Review to User Satisfaction Review Report

Appendix C-36

Table of Contents | Forward