Professional Documents
Culture Documents
146
1.3 Scope
The scope of this document will be the Minor and Major
Project Lifecycle structures and Maintenance Life Cycle,
and their associated processes. These include:
1. INTRODUCTION
1.1 Background
Organizations perform work to achieve a set of
objectives. Generally, work can be categorized as either
projects or operations. The objectives of projects and
operations are fundamentally different. The purpose of a
project is to attain its objectives and terminate.
Conversely, the objective of ongoing operations is to
sustain the business. Projects are different because the
project concludes when its specific objectives have been
attained, while operations adopt a new set of objectives
and the work continues. Operation work is managed or
supported through planned maintenance or production
support activities. Projects are managed through the
Minor or Major Project Life Cycles and when
appropriate the Program Life Cycle.
Project Management is the discipline of defining and
achieving targets while optimizing the use of resources
(time, money, people, materials, energy, space, etc) over
the course of an endeavor. Using a system of procedures,
practices, technologies and business knowledge, provides
the planning, organizing, staffing, directing, and
controlling necessary to successfully manage the work.
This effort is a roadmap to assist organizations in
successfully delivering in a manner that fits the
Organizations objectives as framed [1] [2] [3] [5] [10].
1.2 Audience
The intended audiences for this Software Development
Lifecycle Standard are Managers of Information
Technology, Project Managers and any resources that
Phases
ETVX Model
Phase Review and Phase Gates
Activities and Deliverables
Recommended Roles & Responsibilities
1.5 Assumptions
The following assumptions apply:
2. RELATED
SUPPORTING
DOCUMENTS
2.1.1
BFS IT MP
2.1.2
2.1.3
2.3.1
Initiation
147
2.3.2
Planning
2.3.3
Execution
2.3.4
2.3.5
Closure
2.4.2
148
3. Work Categorization
Entry Criteria
Tasks
To align with corporate strategies for grouping IT efforts,
BFS IT organization will categorize work requests as
Validation
Program/Project Requests
Exit Criteria
2.4.1
Phase Exit
3.1 Non-Project
Non-Project work is defined as straight forward, static,
low risk, simple, small effort, repetitive type work
requests that impact existing functions, features,
interfaces, applications, products or services in the
current technology framework. It is highly recommended
that Non-Project work involve a limited number of user
areas (internal or external), it resides on a mature
technology platform, involves a mature application or
infrastructure, its repeatable/operational in nature, and
has a small scale of technology resource effort. Each
LOB will further define maintenance work utilizing these
common characteristics. Requests under this category
will follow the Maintenance Lifecycle [6].
Examples of Maintenance Work in the BFS IT sector:
3.2 Project
Project work is defined as a request with a specific
beginning and ending that is to create a unique product or
service that is different from all other products or
services currently provided. The project work stream
outlines structures by which an Information Technology
Project Manager can effectively plan, execute, monitor
and control a project [1] [2]. Requests under this
category may include the follows:
Development Requests (Dev): include new software
development or software upgrade.
Infrastructure Requests (Inf): involve changes to all
environments including integration of new commercial
off-the-shelf software, operating system upgrades,
software / hardware upgrades, installations, support on
servers, network re-configurations etc.
149
3.2.1
3.2.2
3.3 Program
The Program Lifecycle is used to manage a group of
related projects in a coordinated way to obtain benefits
and control not available by managing them individually.
A Program may include elements of related work outside
of the scope of the discrete projects in the program.
Program management is the centralized management and
coordination of a group of projects to achieve the
program strategic objectives and benefits [7].
The Program Lifecycle is a separate topic (not covered in
this journal or paper) which defines high-level activities
that can be applied to all organizations within BFS
industry with the ability to add LOB level activities and
deliverables to meet the needs of that particular business
[1] [2] [5] 7].
4. Related Processes
4.1 Proposed Prioritization Process
Each LOB should reference the proposed BFS IT
Prioritization model below and further define the steps
specifically applicable to their business prioritization
[8][9].
Functional Prioritization:
The Information Technology Client Services Executive /
Management and the Business leaders partner to:
150
Legal,
Compliance,
and
Mandatory
Programs/Projects for each CEO Direct discussed and
Linkage to Organization Vision, Goals and
Objectives confirmed.
Consensus among CEO Directs that these projects
must be completed above all else.
Organizational Level Roadmap created and reviewed
Monthly, with Quarterly updates from each CEO
Direct.
4.3.1
Capitalization Process
Development
of
new
functionality
and
upgrades/enhancements to existing internal use software
that result in additional functionality is considered an
asset to the company. Rather than incur the expense of
developing this functionality in the current period,
Financial Accounting Standards (FAS) allow for the
capitalization of the internally developed software as an
asset, with the expense to be incurred in future periods.
Technology Finance performs a monthly process that
identifies projects that qualify for capitalization and the
dollars associated with capitalized projects are captured
and booked as an asset on the balance sheet. Once the
software is in production the expense associated with the
additional functionality is incurred over a three to five
year period, and write down the value of the asset,
similar to depreciating a piece of hardware. This allows
the company to realize the expense of the asset over the
period of its useful life [9].
4.3.2
151
Evaluate project
Find comparable Project
Assess comparable Project
Evaluate cost of previous project
Apply to new project
Others
o
o
o
PERT
Function Point Analysis
Individual LOB defined methods
Validating an Estimate
It is important that the validity of the estimation (whether
it is cost or hours) be understood.
4.5.1
Requirements Traceability
4.5.2
152
4.6
Risk Management
153
Analyzing
Determine
o Probability of occurrence
o Magnitude of loss or impact of each
identified risk event
o Severity of risk (Severity = Probability X
Impact)
Prioritizing
o Rank those risks that will have an effect on
the project
o Decide which risks are worthy of attention
Quantitative
Objective
Qualitative
Subjective
Prioritize Risks
4.7
Issue Management
154
4.8
Lessons Learned
4.9
155
4.10
SQA Escalations
Escalations provide the structure and methodology
for representatives from the SQA group to validate
adherence to the process and escalate noncompliance issues effectively. Non-Compliance
items identified by the SQA group are first
addressed with the appropriate owners and are
resolved, if possible. For issues not resolved, the
SQA group escalates to an appropriate level of
management
for
resolution.
Appropriate
management owns the responsibility to have
corrective actions in place to resolve the outstanding
issues.
Recourse to Escalation: Escalation notification must be
evaluated to understand the root cause of the escalation.
If appropriate, processes must be reviewed and adjusted
as needed to address any gaps. Alternatively, if the root
cause is lack of training, then mentoring and training to
4.11
Delivery Lifecycle
BFS Industrys Risk and Control Self Assessment /
Operation Risk Policy and Standards require technology
organizations to perform periodic self-assessments based
on the BFS Information Technology Management Policy
(BFS IT MP). BFS IT MP is the BFS standard for
managing information technology. The BFS IT RCSA
Process is based on a standardized Risk and Controls
Framework that identifies both important and less than
important risks, and the associated key and non-key
controls. Controls are periodically assessed and any gaps
are subject to corrective action.
Project Stakeholder(s)
Sponsor
Client Service Manager
4.12
Document Retention
Resource Manager(s)
4.13
Resource Management
156
Project Management
Office
Responsibilities
The individual responsible for managing
the project. The Project Manager (PM)
owns the project plan & schedule and is
directly involved in managing the project's
activities to achieve the project's
objectives. The PM is responsible for
preparing project plans, identifying and
requesting resources from the
Resource/Technical Manager for the
project tasks.
Individuals and organizations that are
actively involved in the project, or whose
interests may be positively or negatively
affected as a result of project execution or
project completion.
The individual or group that provides the
financial resources for the project.
The technology liaison to the Business.
Responsible for ensuring business and
technology alignment and has both,
business technology specific knowledge.
The individual or organization that will
use the projects product.
The Resource/Technical Manager is
responsible for supporting and
maintaining application systems.
Responsible for ensuring changes to
systems comply with applicable
architecture and coding standards. The
Resource/Technical Manager owns the
resources and is responsible for managing
resource schedules, responding to resource
requests from the PM and assigning staff
to project activities.
The Project Management Office (PMO) in
a business or professional enterprise is the
department or group that defines and
maintains the standards of process,
generally related to project management,
within the organization. The PMO strives
to standardize and introduce economies of
repetition in the execution of projects. The
PMO is the source of documentation,
guidance and metrics on the practice of
project management and execution.
The group that is performing the work of
the project.
Phase
Overview
of this phase validates requirements
have been met and implementation
approval obtained. Each LOB must
establish responsibility for sign-off
approval on each request based on a
review of the deliverables and testing
results.
5. Maintenance Lifecycle
5.1
Purpose
5.2
Phase Overview
Phase
Initiation
Overview
The purpose of the Initiation Phase is
to define and document the scope
and objectives of the work and to
ensure that the work is classified for
the
appropriate
lifecycle
and
authorized to move forward.
ETVX: Phase Review
Work prioritization is incorporated into
the authorization process.
The
outcome of the prioritization process
will be a prioritized/ranked list of work
requests. Criteria for this process are
defined at the LOB level.
Construction
Validation
157
Implementation
5.3
Maintenance Requirements
5.4
Initiation Phase
5.4.1
Purpose
5.4.2
Entry Criteria
Criteria
5.4.3
Tasks
See Table 3.
158
Exit Criteria
5.4.4
Deliverable
R/C
Action
Technology Assessment
5.4.5
Exit Criteria
Deliverable
R/C
5.6
5.5
Construction Phase
5.5.1
Purpose
5.5.2
Validation Phase
5.6.1
Purpose
5.6.2
Entry Criteria
Criteria
Technology Assessment
Code (and/or other work products)
Unit Test Results
Entry Criteria
5.6.3
Tasks
Criteria
See Table 5
Work Request Validated
Work Request Categorized/ Prioritized
5.5.3
Tasks
5.6.4
5.5.4
5.6.5
Exit Criteria
Action
Deliverable
R/C
5.7
6.2
Implementation Phase
Phase Overview
Purpose
Overview
Phase
5.7.1
ETVX
5.7.2
Entry Criteria
Criteria
Initiation
5.7.3
Tasks
Definition
See Table 6
5.7.4
Action
Documentation complete and work closed out.
Validation
R/C
Construction
Exit Criteria
Deliverable
6.1
Implement-ation
5.7.5
159
6.3
Project Requirements
6.4
6.4.5
160
Deliverable
Dev
Inf
Initial E0 Estimate
Approved
Objectives
Project
Scope
&
Initiation Phase
6.4.1
Purpose
6.4.2
Entry Criteria
Criteria
Business Need - A business problem or initiative that requires
project management methodology.
Business case, alignment with business goals and strategy,
problem statement, business risk analysis, cross functional
impacts, and priority criteria.
6.5
Definition Phase
Purpose
Definition is the process of quantifying performance and
interface requirements through an analysis of all of the
client requirements. This phase includes the assessment
of the current environment and the development of the
specific business requirements that will fulfill the needs
of the business stakeholders.
During this phase, business requirements are approved.
Both a Technology Assessment and an Export
Compliance review are conducted to identify project
risks early on. In addition, the Information Security
Requirements (ISR) is initiated and questionnaires are
completed to ensure adherence with the BFS IT MP and
BFS Information Security Standards (CISS). It is
important to maintain cross team communication to
ensure all key organization and stakeholder requests are
considered.
ETVX
6.5.1
Entry Criteria
Criteria
6.4.3
Tasks
See Table 8
6.4.4
Action
Definition of what is to be accomplished has been
documented
Review of preliminary project plan
6.5.2
Tasks
See Table 9
6.5.3
161
Criteria
Acknowledgment
Assessment
6.5.4
of
Preliminary
Information
Security
Deliverable
Dev
Inf
Acknowledgement
Assessment
Action
Acknowledgment of
Assessment
Export Compliance
Acknowledgement
of
Preliminary
Information Security Assessment
6.6.3
Tasks
See Table 10
of
Technology
6.6.4
6.6.5
6.6
Construction Phase
6.6.1
Purpose
6.6.2
Entry Criteria
Deliverable
Dev
Inf
Technical Design
NA
Construction
Questionnaire
Information
Security
6.7
Validation Phase
6.7.1
Purpose
6.7.2
Entry Criteria
Criteria
Product readiness Completed construction, peer reviews,
unit testing.
Quality Test Plans and Scripts Test plan and scripts built
against the BRD, functional and technical design.
Configuration Management (s) Configuration records
exist for migrating code into the testing environment.
6.7.3
Tasks
See Table 11
6.7.4
Deliverable
Dev
Inf
Test Results
Approved
Record
Management
Configuration
6.8
Implementation Phase
6.8.1
Purpose
6.8.2
Entry Criteria
Criteria
Validation Phase Gate Pass
6.8.3
See Table 12
162
6.8.4
Tasks
Action
6.7.5
6.8.5
163
Deliverable
Dev
Inf
NA
Definition
Design
Purpose
7.2
Phase Overview
Phase
Overview
Initiation
Construction
Validation
Implementation
Post
Implementation
Project Requirements
7.4
7.4.1
7.3
Initiation Phase
7.3.1
Purpose
7.3.2
164
Definition Phase
Purpose
7.4.2
Entry Criteria
Criteria
Approved scope and objectives
E0 Estimate
Entry Criteria
See Table 14
7.3.3
7.4.3
Action
Definition of what is to be accomplished has been
documented
Cost/Benefit analysis
Tasks
See Table 15
7.4.4
7.3.4
Deliverable
Dev
Inf
7.4.5
7.5.4
165
Action
Deliverable
Dev
Inf
Technology Assessment
Acknowledgement
of
Preliminary
Information Security Questionnaire
E1 Estimate,
7.5.5
Deliverable
Dev
Inf
Technical Design
Approved E2 Estimates
Approved CEP
Design
Information
Questionnaire
Security
7.5
Design Phase
7.5.1
Purpose
7.5.2
Entry Criteria
7.6
Construction Phase
7.6.1
Purpose
Criteria
Definition Phase Gate Pass
Approved Business Requirements Document (BRD)
Completed Technology Assessments
Acknowledgment of Export Compliance Document
Acknowledgment of Preliminary Information Security
Questionnaire (ISQ)
7.5.3
Tasks
See Table 16
7.6.2
Entry Criteria
Criteria
Functional Specification
Technical Design
System Test Plans
Coding and Infrastructure Standards are available
7.6.3
Tasks
See Table 17
7.6.4
166
Criteria
Action
7.7.3
Tasks
See Table 18
7.6.5
7.7.4
Deliverable
Dev
Inf
Construction
Questionnaire
Information
Security
Configuration Management
Testing
NA
Validate Operational
applicable.
R
Handoff
Documentation,
if
Validate Configuration
available
Management
Records
are
7.7
Validation Phase
Ensure Business Operational Readiness.
7.7.1
Purpose
7.7.2
Entry Criteria
7.7.5
Deliverable
Dev
Inf
Test Results
Configuration Management
Production
Record -
Validation
Assessment
Information
Security
7.8
7.9.3
Implementation Phase
7.8.1
Tasks
See Table 20
Purpose
7.9.4
Action
Ensure production defects are prioritized, fixed and/or
transferred to production support.
Ensure Lessons Learned is summarized.
ETVX
7.8.2
167
Entry Criteria
Criteria
Validation Phase Gate Pass
7.8.3
7.9.5
Tasks
See Table 19
7.8.4
Action
has
occurred
per
Deliverable
Configuration Management Record(s) Production
Dev
Inf
R
Post-Implementation Phase
7.9.1
Purpose
7.9.2
Dev
Inf
NA
8. Appendix
8.1
7.9
Deliverable
7.8.5
Exit Criteria
Entry Criteria
Criteria
Implementation into a Production environment
Glossary
8.2
Acronym
Acronym
BAU
BRD
CCB
CEO
CEP
BFS ISS
BFS IT MP
168
ETVX
FAS
IDLC
ISQ
ISR
LOB
Definition
Business As Usual
Business Requirement Document
Change Control Board
Chief Executive Officer
Capital Expenditure Policy
Banking & Financial Services Information
Security Standards
Banking & Financial Services Information
Technology Management Policy
Entry Tasks Validation and Verification eXit
Financial Accounting Standards
Infrastructure Delivery Lifecycle
Information Security Questionnaire
Information Security Review
Line of Business
BFS IT
NBT
PCM
PERT
PM
RCSA
RM
SDLC
SIT
SOW
SQA
SQM
UAT
8.3
Acknowledgement:
References
169
Planning
Schedule
Resource Mgt Team
Roles/Responsibilities
Communications
Operational
Readiness
Information
Engineering Life Cycle
identified
Monitor and
Control
Execution
Risk Management
Progress Management
Management of Change
Management Reviews
Close
Post-Implementation
Archival
Figure 1
Table 1
Estimation Type
Variance
E0
Order of magnitude
-25/+50%
E1
Budget
-10% / +25%
E2
Definitive
-5% / +10%
Phase
Initiation
Based on
Analogy / Comparison parametric
(cost factors)
Expert Judgment
Definition
Design
170
Program
Non-Project
Project
Maintenance
Minor
Major
Small
Medium / Large
Multiple Projects
Low
Low / Medium
Medium / High
High
Re-engineering, re-architecting,
multiple conversions
Strategic
Importance
Operational
Renewal
Phase Gates
Release
Structure*
Examples
Scale
Breadth
Complexity
Technology
Governance
& Oversight
Figure 3
Table 2
Infrastructure
Initiation
Technology Assessment
Implementation
Specification
Construction Activities
Configuration Management
Record - Testing
Approval to implement
Configuration Management
Record - Production
Construction
Validation
Development
Phase
171
172
Table 3
Activity
Purpose
Dev
Inf
Authorize Work
Request
Ensure that:
Categorize/Prioritize
Work Request
Evaluate the request based on the critical nature of both the change and the
system to which the change is requested.
Regulatory penalties
System integrity
Table 4
Activity
Purpose
Technology
Assessment
Dev
Inf
Create Initiation
Estimate (E0)
Conduct Preliminary
Information Security
Assessment
Develop
Specifications
The specifications are used to document the overall solution design. It should
provide details for and/or consider the following:
Requirements/Analysis
Conduct
Construction
Activities
Conduct Unit
Testing
Tests may be carried out by the individual who made the modification(s) or by
other resources to ensure the modification(s) is consistent with the
specifications. Any discovered defects are addressed and re-tested.
Build Configuration
Management
Records
NA
173
Table 5
Activity
Purpose
Dev
Inf
Prepare a System Test Plan and System Test Script(s). Execute the
test(s) following the Test Script(s) and maintain a record of the results.
Conduct Validation
Information Security
Assessment
Finalize Configuration
Management Records
Obtain approvals
Table 6
Activity
Purpose
Dev
Inf
Implement Changes
Monitor usage and performance of the work products. Ensure the work
products are fully functional and provide results as intended in the
production environment.
Date and mark the Work Request as complete. Ensure all logs are
closed and supporting documentation is stored in the specified
maintenance knowledge base.
174
Definition
Initiation
Construction
Validation
Feasibility Assessment
Technology Assessment
Technical Design
R
C
Test Results
Implementatio
n
Infrastructure
Development
Phase
Table 7
R
C
NA .
Post-Implementation Defect
Fix/Test/Implement
175
Table 8
Activity
Create
Scope
Objectives
and
Purpose
Dev
Inf
Defines the reason for the project, objectives and scope of the project.
Recommended items to be included in the Scope
- Business Case
- Benefits
- Problem Statement
- Goal Statement
- High-level Project Statement of Scope
- Project Assumptions and Limitations
Perform
Assessment
Feasibility
Identify how project aligns with business strategy and goals and assign
priority and ranking accordingly
Project Planning
Table 9
Activity
Purpose
Dev
Inf
Conduct Technology
Assessment
Complete Export
Compliance Assessment
176
Table 10
Activity
Purpose
Dev
Inf
NA
NA
Validate Construction
Information Security
Assessment
Create Configuration
Management Records
NA
Table 12
Activity
Purpose
Dev
Inf
Implement Changes
Monitor usage and performance of the work products. Ensure the work
products are fully functional and provide results as intended in the
production environment.
Summarize
Learned
Lessons
Initiation
Start
177
Definition
Construction
Validation
Implementation
Define
Requirements
(optional)
Define Technical
Design
(Conditional)
Execute Tests:
System / UAT /
Regression
Implement
Changes
Define
Implementation
Plan
Validate Changes
& Processing
Develop /
Construct & Unit
Test
Approve to
Implement
Transition to BAU /
close-out Project
Authorized Work
Request
Categorize Work
Request
YIELD
ETVX
ETVX
ETVX
End
Build Configuration
Mgmt Records
YIELD
ETVX
Figure 4
Initiation
Definition
Design
Construction
Validation
Implementation
PostImplementation
Define
Requirements
Define Technical
Requirements
Develop /
Construct & Unit
Test
Execute Tests:
System / UAT /
Regression
Implement
Changes
Conduct Lessons
Learned
Build Configuration
Mgmt Records
Define
Implementation &
COB Plans
Validate Changes
& Processing
Transition to BAU /
close-out Project
ETVX
ETVX
Start
Authorized Work
Request
YIELD
YIELD
ETVX
YIELD
ETVX
ETVX
Approve to
Implement
YIELD
ETVX
Figure 5
End
178
Table 11
Activity
Purpose
Dev
Inf
NA
Validate Information
Security Assessment
Sponsors Approval to
Implement
Conduct Technology
Operational Handoff
Build Configuration
Management Records
Infrastructure
Development
Feasibility Assessment
i
n
i
t
Initiation
Phase
Table 13
NA
Technology Assessment
Implementa
tion
Validation
Construction
Design
Technical Design
PostImpleme
ntation
179
NA
Test Results
180
Table 14
Criteria
Business Need - A business problem or initiative that requires project management methodology.
Business case, alignment with business goals and strategy, problem statement, business risk analysis, cross functional impacts,
and priority criteria.
Tasks Activity
Purpose
Dev
Inf
Defines the reason for the project, objectives and scope of the project.
Initial review to determine if the benefits to be obtained from the project will outweigh the
costs incurred from it or by not doing it. E0 level effort/cost estimate.
Perform Feasibility
Assessment
Initial review to determine feasibility of the request. Scope should include determining if
the risks that will be taken while executing the project are within acceptable tolerance
levels and can be appropriately mitigated to ensure project success.
Perform prioritization
and ranking
Identify how project aligns with business strategy and goals and assign priority and
ranking accordingly.
Project Planning
Table 15
Activity
Purpose
Dev
Inf
NA
Ensures that the detail tasks for the next phase are planned and
resourced.
181
Activity
Purpose
Dev
Inf
Table 16
Activity
Purpose
Dev
Inf
NA
NA
All
related
project
processes
and
supporting
documentation are inclusive within this activity (i.e.
Communication Management, Risk Management, Issue
Management, Change Management, Human Resource
Management and Cost Management).
Table 19
Activity
Purpose
Dev
Inf
Implement Changes
182
Table 17
Activity
Purpose
Dev
Inf
Validate Construction
Information Security
Assessment.
Define test scripts that will be used for validation for System
Integration Testing (SIT) and Quality Assurance (QA).
NA
Table 20
Activity
Purpose
Dev
Inf
Production Defect
Management
NA
Summarized Lessons
Learned
Table 18
Activity
Purpose
Dev
Inf
183
Activity
Purpose
Dev
Inf
NA
Sponsors Approval to
Implement
Conduct Technology
Operational Handoff
Create Configuration
Management documentation.