Professional Documents
Culture Documents
Todays Agenda
Defining SDLC
Defining SDLC
The System Development Life Cycle (SDLC) is
the entire systems process from identifying a
need through the final implementation of a
solution.
SDLC is one of the best places for an auditor
- and yet one of the least audited.
Defining SDLC
Successful SDLC projects are measured three
ways:
Defining SDLC
Project
Initiation
Business
Requirements
Definition
Technical
Requirements
Definition
Software
Selection /
Coding
Testing
Data
Conversion
Training and
Documentation
Final
Implementation
Project Initiation
Project champion determined.
Project charter developed.
High level timelines and budgets determined.
Project team assigned; roles and
responsibilities established.
Project monitoring and accounting set up.
10
Quality Product
Appropriate stakeholders are represented.
Security requirements are defined.
Automated and manual controls are considered.
11
12
13
Quality Product
Technical requirements support the business
requirements.
Members of all impacted technical units represented.
Technology assumptions are properly validated
through internal experience or external site visits.
Links to existing applications are defined and
controlled (e.g., control totals)
14
15
Software Selection/Coding
Request for Proposal created.
Vendor and software selection criteria
established.
Contract terms established.
Programming teams assigned for coding and
modification.
Software loaded in test environment.
16
17
18
Testing
Unit testing completed for each system
element.
Integrated testing completed for each system
module.
System testing completed for overall system
and related interfaces.
Stress testing completed for online
performance and data storage/retrieval.
End user testing completed.
19
20
21
Data Conversion
Data from the old system(s) is properly
cleansed prior to conversion.
Converted data is evaluated to ensure it is
accurate and complete.
22
24
25
Quality Product
Training addresses both system usage and business
process.
Training includes all affected parties.
Training is provided close enough to implementation
to allow participants best retention.
Documentation (online and paper) is organized in a
way to be useful to users and operators.
26
27
Final Implementation
Final system running in the production
environment.
New hardware, networking, etc. comes
online.
Business processes change over to
accommodate new system.
28
29
30
Whats Next?
Post-Implementation Review
Lessons Learned
Final Reporting
31
Questions?