Preface. Deputy Assistant. Secretary for Information Systems Date

Transcription

1 Preface The increasingly cmplex nature f infrmatin systems, with crrespnding increases in resurce expenditures, requires the establishment f guidelines. Guidelines ensure that such systems are develped, acquired, evaluated and perated in an efficient manner, within prescribed budget and schedule cnstraints, and respnsive t missin requirements. Accrdingly, the prcedures in this Infrmatin System Life Cycle (ISLC) Manual have been revised t ensure that adequate management and cntrl mechanisms are established during the life f infrmatin systems prjects. This manual applies t all infrmatin systems develped, maintained, enhanced, and dispsed in the Department f the Treasury. The manual is nt intended t be applied retractively t systems already under develpment. The manual is designed t be tailred fr each prject s that an apprpriate set f prducts is prduced. While each phase f the ISLC applies t every prject, the cmpsitin f prducts and activities within a phase will vary depending n the size and cmplexity f the prject and the system's intended users. Infrmatin systems managers generally agree that systems develpment prjects ften are nt cmpleted n time, d nt meet user requirements, and are nt cmpleted within budget. Mst failures are the result f nt understanding that develping systems require a cnsistent management apprach and user invlvement fr structuring and cntrlling the prcess. This dcument prvides such an apprach and is develped t assist infrmatin systems and mre directly, prject managers, in prducing quality systems frm the nset. Infrmatin systems managers are respnsible fr managing the develpment and peratin f infrmatin systems that imprve service delivery t the public, reduce the burden n the public and minimize the cst f Federal prgram administratin. In additin, infrmatin systems managers must ensure that infrmatin systems cmply with regulatins cncerning accessibility fr individuals with disabilities. Infrmatin systems managers must be change agents. They must be able t link systems develpment prjects t the bureau's strategic plan and cre business prcesses. Infrmatin systems managers are charged with having a directin fr change and explit windws f pprtunity t reinfrce change. They ensure that system perfrmance reviews are integrated with planning, that the systems delivered prvide value, and that the system utcmes meet internal and external custmer needs. Secretary fr Infrmatin Systems Date Deputy Assistant

2 Acknwledgement The Office f Deputy Assistant Secretary fr Infrmatin Systems, Office f Infrmatin Resurces Management, wuld like t thank Gerge Williams, Internal Revenue Service, fr his valuable cntributin t this extensive revisin f the Infrmatin System Life Cycle Manual.

3 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) INFORMATION SYSTEM LIFE CYCLE MANUAL TABLE OF CONTENTS Page EXECUTIVE SUMMARY... vii CHAPTER 1. INTRODUCTION AND CONCEPTS A. Backgrund B. Infrmatin System Life Cycle (ISLC) Benefits C. Purpse, Scpe, and Applicability D. Significant Changes E. Dcumentatin F. Data Management G. Cst-Benefit Analysis H. Life Cycle Reviews I. Test Activities J. Quality Assurance K. Cnfiguratin Management L. Privacy Act Cnsideratins M. Security N. Prject Scheduling Techniques STRATEGIC PLANNING FOR INFORMATION SYSTEM A. Strategic Planning B. Perfrmance Measurement C. Business Prcess Reengineering D. Quality Imprvement Prcess and the Life Cycle E. Infrmatin Engineering and Its Impact n ISLC F. IRM Planning fr Infrmatin Systems G. Budget Frmulatin fr Systems Initiatives Table f Cntents

4 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) INFORMATION SYSTEM LIFE CYCLE MANUAL TABLE OF CONTENTS (cnt'd) CHAPTER Page 3. PROJECT CONCEPT DEVELOPMENT A. Infrmatin System Initiative B. Feasibility Study C. Cst-Benefit Analysis D. Prject Management Decisins E. Rles and Respnsibilities F. Estimating Staff Requirements G. Tailring the ISLC Structure H. Managing the Life Cycle I. Managing Risk PLANNING PHASE A. General B. Tasks and Activities C. Rles and Respnsibilities D. Deliverables, Respnsibilities, and Actin E. Issues fr Cnsideratin F. Review Activity G. Dcumentatin REQUIREMENTS DEFINITION PHASE A. General B. Tasks and Activities C. Rles and Respnsibilities D. Deliverables, Respnsibilities, and Actin E. Issues fr Cnsideratin F. Review Activity G. Dcumentatin Table f Cntents

5 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) INFORMATION SYSTEM LIFE CYCLE MANUAL TABLE OF CONTENTS (cnt'd) CHAPTER Page 6. DESIGN PHASE A. General B. Tasks and Activities C. Rles and Respnsibilities D. Deliverables, Respnsibilities, and Actin E. Issues fr Cnsideratins F. Review Activity G. Dcumentatin DEVELOPMENT PHASE A. General B. Tasks and Activities C. Rles and Respnsibilities D. Deliverables, Respnsibilities, and Actin E. Issues fr Cnsideratin F. Review Activity G. Dcumentatin TEST PHASE A. General B. Tasks and Activities C. Rles and Respnsibilities D. Deliverables, Respnsibilities, and Actin E. Issues fr Cnsideratin F. Review Activity G. Dcumentatin IMPLEMENTATION PHASE A. General Table f Cntents

6 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) INFORMATION SYSTEM LIFE CYCLE MANUAL TABLE OF CONTENTS (cnt'd) CHAPTER Page B. Tasks and Activities C. Rles and Respnsibilities D. Deliverables, Respnsibilities, and Actin E. Issues fr Cnsideratin F. Review Activity G. Dcumentatin OPERATIONS, MAINTENANCE AND DISPOSITION PHASE A. General B. Tasks and Activities C. Rles and Respnsibilities D. Deliverables, Respnsibilities, and Actin E. Issues fr Cnsideratin F. Review Activity G. Dcumentatin APPENDICES APPENDIX A. APPENDIX B. APPENDIX C. APPENDIX D. APPENDIX E. APPENDIX F. SMALL-SCALE DEVELOPMENT EFFORTS PROTOTYPING AUTOMATED TOOLS CAPACITY MANAGEMENT AND PERFORMANCE MEASUREMENT PROGRAM GLOSSARY ACRONYMS 4 Table f Cntents

7 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) APPENDIX G. REFERENCES INFORMATION SYSTEM LIFE CYCLE MANUAL TABLE OF CONTENTS (cnt'd) List f Exhibits ISLC Phases, Reviews, Tests, and Deliverables...Exhibit i-1 Elements f an Effective System...Exhibit 1-1 Infrmatin System Life Cycle Deliverables...Exhibit 1-2 ISLC Reviews and Tests...Exhibit 1-3 Standard PERT Nmenclature...Exhibit 1-4 CPM Chart...Exhibit 1-5 Netwrk Diagram...Exhibit 1-6 Sequence f Events...Exhibit 1-7 Bar (Gantt) Chart fr Single Activities...Exhibit 1-8 Strategic Planning Cmpnents...Exhibit 2-1 Infrmatin Engineering Cmpnents...Exhibit 2-2 Feasibility Study Outline...Exhibit 3-1 Cst-Benefit Analysis Outline...Exhibit 3-2 Prject Cncept Develpment Checklist...Exhibit 3-3 Prject Plan Outline...Exhibit 4-1 Data Management Plan Outline...Exhibit 4-2 Cnfiguratin Management Plan Outline...Exhibit 4-3 Planning Issues Checklist...Exhibit 4-4 Planning Review Checklist...Exhibit 4-5 Functinal Requirements Dcument Outline...Exhibit 5-1 Test Plan Outline...Exhibit 5-2 Quality Assurance Plan Outline...Exhibit 5-3 Cmputer Security Plan...Exhibit 5-4 Requirements Definitin Issues Checklist...Exhibit 5-5 Functinal Requirements Review Checklist...Exhibit 5-6 External Design Dcument Outline...Exhibit 6-1 Internal Design Dcument Outline...Exhibit 6-2 Operatrs Manual Outline...Exhibit 6-3 User Manual Outline...Exhibit 6-4 Training Plan Outline...Exhibit 6-5 Maintenance Manual Outline...Exhibit Table f Cntents

8 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) Cnversin Plan Outline...Exhibit 6-7 Implementatin Plan Outline...Exhibit 6-8 INFORMATION SYSTEM LIFE CYCLE MANUAL TABLE OF CONTENTS (cnt'd) List f Exhibits Design Issues Checklist...Exhibit 6-9 Sftware Requirements Review Checklist...Exhibit 6-10 Final Design Review Checklist...Exhibit 6-11 Develpment Issues Checklist...Exhibit 7-1 Test Readiness Review Checklist...Exhibit 7-2 Test Analysis Reprt Outline...Exhibit 8-1 (Sample) Test Prblem Reprt...Exhibit 8-2 (Sample) Test Analysis Apprval Determinatin...Exhibit 8-3 Test Issues Checklist...Exhibit 8-4 Test Analysis Review Checklist...Exhibit 8-5 Security Certificatin Statement...Exhibit 9-1 Security Accreditatin Statement...Exhibit 9-2 Implementatin Issues Checklist...Exhibit 9-3 Pst-Implementatin Review Outline...Exhibit 10-1 Peridic System Review Reprt Outline...Exhibit 10-2 User Satisfactin Review...Exhibit 10-3 Operatins, Maintenance and Dispsitin Issues Checklist...Exhibit 10-4 Methdlgy fr Small-Scale Develpment Effrts...Exhibit A-1 6 Table f Cntents

9 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) EXECUTIVE SUMMARY A. INTRODUCTION TO THE INFORMATION SYSTEM LIFE CYCLE The Infrmatin System Life Cycle (ISLC) Manual was develped t address infrmatin systems which vary greatly in size, scpe f applicatin, cmplexity f prcessing, technlgies used, and the methdlgies and tls used t supprt the evlutin f systems frm identificatin f a requirement thrugh the peratin and ultimate dispsitin f the system. Such variatin reflects the diversity f Treasury prgrams. This manual presents a structured, disciplined apprach t slving an infrmatin management requirement and fr selecting and using the methds, tls, and techniques apprpriate fr each requirement. The prcedures shuld be mdified apprpriately t cmpensate fr differences in prjects. Sund life cycle management practices include planning and evaluatin in each phase f the infrmatin system life cycle. The apprpriate level f planning and evaluatin is cmmensurate with the cst f the system as well as with the stability and maturity f the technlgy under cnsideratin, hw well defined the users' requirements are, the level f stability f prgram and user requirements, and security cnsideratins. Establishing a clse relatinship with the user rganizatin early in the life cycle is key t successful life cycle management. This Executive Summary prvides an verview f the Department's newly adpted ISLC methdlgy and briefly describes the verall structure f the life cycle. This Summary als highlights certain tpics that are crsscutting in nature. B. KEY DECISIONS The key decisins represent significant issues t be addressed by the prject team during each life cycle activity. Sme decisins will require prgram management apprval. There are three types f decisins: prject apprach, prject executin, and prject cntinuatin. Prject Apprach Decisins. Prject apprach decisins address the rganizatin f the prject, prject scpe, methds and tls t be used, and the selectin f participants fr prject activities such as system acceptance testing, reviews, and apprvals. Prject Executin Decisins. Prject executin decisins address the scpe and specific features f the system. These decisins address prgrammatic, technical, and system supprt related issues. Prject Cntinuatin Decisins. Prject cntinuatin decisins address issues relating t the cntinued need fr the system, the availability f funding, cst versus benefits f the 7 Executive Summary

10 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) apprach, and ther needed resurces. Sme decisins may be very simple, while thers may require a great deal f effrt; they must all be addressed explicitly t ensure that they are made in a well-reasned manner, rather than being verlked r made by default. Hw well all three types f decisins are made, and the timeliness f decisins, are crucial t the system's ultimate success in meeting the infrmatin management requirements. C. CROSSCUTTING ACTIVITIES There are a number f activities which crsscut the phases f the system life cycle. These activities are addressed and summarized belw. Prject Plan. The prject plan is the crucial dcument f the infrmatin system life cycle. It is first prduced in the planning phase and is updated, expanded, and refined cntinually thrughut the life cycle. The prject plan cvers prject scheduling, staffing, resurces, adjustments t the life cycle structure, selectin f tls and methdlgies, identificatin f applicable reviews and apprvals, cnfiguratin management methds and ther related tpics. The prject plan is subject t apprval by bureau and/r Department prgram management. Prject Reviews/Quality Assurance. Prject reviews and quality assurance (QA) activities are cnducted thrughut the system life cycle t ensure that the system ultimately established is sund prgrammatically, technically, ecnmically, and frm a system management perspective. Reviews and QA activities help t ensure that key issues are identified and addressed apprpriately as early as pssible in the life cycle t avid majr, expensive rewrk during later phases f the prject. Reviews and QA activities prvide feedback t the prject team and als advise prgram management as a prelude t required system apprvals. Specific rganizatins and individuals wh are t participate in prject reviews and QA activities are designated early in the life cycle and are selected t reflect the nature f the infrmatin management requirement based n their functinal, technical, and/r peratinal expertise. Prject Apprvals. Frmal apprvals ccur at designated pints in the life cycle t ensure prgram management supprt f the prject and the resulting system. Cnducting reviews and btaining apprvals is nt the gal f the life cycle prcess, but is a key means t the desired end. Prgram management apprvals are btained in all phases f the life cycle. The specific selectin f rganizatins and individuals t prvide apprvals fr prject activity is tailred t meet the specific characteristics f the infrmatin management requirement and the prpsed slutin. Cnfiguratin Management. Cntinual, cnsistent dcumentatin f the develpment and evlutin f the system is essential t ensure that at all pints in the system life cycle, key 8 Executive Summary

11 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) analyses and decisins are recrded, that the system is accurately described, and that there is cnsensus n what is required and what is delivered. Cnfiguratin management serves t maintain a cntrlled library f life cycle prducts (autmated prducts such as sftware as well as system and user dcumentatin) and t prvide a prcess t recrd cnsideratin and dispsitin f requested mdificatins t the system. (Dcumentatin will als be used fr system maintenance, impact f change analysis, management review and cntrl, system cnversin, and audits.) Data Management. T ensure effective management f Treasury's data, all systems are created and maintained in accrdance with the Department's data management plicies and practices. Life cycle activities are carried ut cnsistent with the existing and planned data management envirnment, and data management cncerns are addressed during all activities f the life cycle. Methdlgies and Tls. T the extent practical, all systems created and maintained by the Department must utilize state-f-the art develpment methdlgies (r mdels) and mdern systems develpment (and maintenance) tls. Methdlgies and tls must be identified early in the life cycle t ensure cnsistency acrss life cycle activities. Hwever, methdlgies and tls cannt replace the applicatin f systems life cycle management. Fr example, prttyping may be used as a methd fr perfrming design r develpment tasks; but the prttype des nt substitute fr dcumentatin and reviews prescribed by the life cycle guidance. Use f expert system develpment tls may require that sme activities be perfrmed in a different sequence, but again, such tls merely supprt and d nt replace the need fr dcumentatin and reviews as prescribed by the life cycle management mdel. Cst-Benefit Analysis. Cst-benefit analysis is a vital management tl fr linking functin and budget. The analysis is used t supprt investments in infrmatin technlgy. A preliminary assessment f csts and benefits is made during the strategic planning prcess and is refined and updated as apprpriate thrughut the remainder f the life cycle. At each phase infrmatin is gathered and decisins are made that enable the prject team t make increasingly accurate prjectins f the ttal csts and benefits f the system ver its prjected life. Subsequently, the cst-benefit analysis is updated at the end f each phase. The cst-benefit analysis infrmatin is used t determine bth the establishment and the cntinuatin f a prject. 9 Executive Summary

12 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) D. KEY PRINCIPLES This manual refines traditinal infrmatin system life cycle management appraches t reflect the fllwing principles which the Department views as the fundatin fr life cycle management. Life Cycle Management Shuld Be Used t Ensure a Structured Apprach t Infrmatin Systems Develpment and Operatin. This ISLC manual describes an verall structured apprach t infrmatin management. Primary emphasis is placed n the infrmatin and systems decisins t be made and the prper timing f decisins. The manual prvides a flexible framewrk fr appraching a variety f systems prjects. The framewrk enables infrmatin systems prjects t cmbine activities, prcesses, and prducts as apprpriate, and t select the tls and methdlgies best suited t the unique needs f each prject. Each System Prject Must Have an Accuntable Spnsring Organizatin. T help ensure effective planning, management, and cmmitment t infrmatin systems, each prject must have a clearly identified spnsr (champin). The spnsr serves in a leadership rle, prviding guidance t the prject team and securing frm senir management the required reviews and apprvals at specific pints in the life cycle. A Single Prject Manager Must be Appinted fr Each System Prject. The prject manager has respnsibility fr the success f the prject and wrks thrugh a prject team and ther supprting rganizatin structures, (e.g., wrking grups, user grups) t accmplish the bjectives f the prject. Regardless f his/her rganizatinal affiliatin, the prject manager is accuntable and is respnsible fr ensuring that prject activities and decisins cnsider the needs f all rganizatins which will be impacted by the system. The prject manager develps the prject charter t define and clarify lines f authrity and respnsibilities with the steering cmmittee and prject spnsr. A Cmprehensive Prject Plan is Required fr Each System Prject. The prject plan is a pivtal element in the successful slutin f an infrmatin management requirement. The prject plan must describe hw each life cycle phase will be accmplished t suit the specific characteristics f the prject. The plan is used t prvide directin t the many activities f the life cycle and must be refined and expanded thrughut the life cycle. Specific Individuals Must be Assigned t Perfrm Key Rles Thrughut the Life Cycle. Certain rles are cnsidered vital t a successful system prject and at least ne individual must be designated as respnsible fr each key rle. Assignments may be made n a full r part time basis as apprpriate. Key rles include prgram/functinal management, quality assurance, security, telecmmunicatins management, data administratin, data base administratin, and cnfiguratin management. Fr mst prjects, mre than ne individual shuld represent the actual r ptential users f the system (i.e., prgram staff) and shuld be designated by the 10 Executive Summary

13 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) prgram manager f the spnsring prgram and rganizatin. Obtaining the Participatin f Skilled Individuals is Vital t the Success f the System Prject. The skills f the individuals participating in a system prject are the single mst significant factr t ensuring the success f the prject. The ISLC manual is nt intended as a substitute fr infrmatin management skills r experience. While many f the skills required fr a system prject are discussed in later chapters, the required skill cmbinatin will vary accrding t the prject. All individuals participating in a system develpment prject are encuraged t btain assistance frm experienced infrmatin management prfessinals. Cmplete and Accurate Dcumentatin f Activity Results and Decisins fr Each Phase f the Life Cycle is Essential. Effective cmmunicatins and crdinatin f activities thrughut the life cycle depends n the cmplete and accurate dcumentatin f decisins and the events leading up t decisins. Undcumented r prly dcumented events and decisins can cause significant cnfusin r wasted effrts and can intensify the impact f turnver f prject management staff. Activities shuld nt be cnsidered cmplete, nr decisins made, until there is tangible dcumentatin f the activity r decisin. Data Management Must be Emphasized Thrughut the Life Cycle. The Department cnsiders the data prcessed by systems t be an extremely valuable resurce. Accurate data is critical t supprt rganizatinal missins. The large vlumes f data handled by Department systems as well as the increasing trend tward sharing data acrss systems and prgrams, underscres the imprtance f data quality. Systems life cycle activities stress the need fr clear definitin f data and the design and implementatin f autmated and manual prcesses t ensure effective data management. Each System Prject Must Underg Frmal Reviews and Apprvals. T ensure that systems effectively address the targeted infrmatin requirement, each infrmatin systems prject is subject t frmal review and apprval. The reviews must be cnducted by skilled prfessinals, examining tangible prducts frm a prgrammatic, technical, ecnmic, and prject management perspective. Reviews assist the prject team as well as thse wh prvide the required prject apprvals. Apprvals are prvided by the suitable level f prgram management, and certify its cntinued cmmitment f the prject scpe, directin, and resurce requirements in view f knwn risks and/r uncertainties. Cnsultatin with Oversight Organizatins Aids the Success f a System Prject. A number f Departmental versight bdies as well as rganizatins external t the Department have respnsibility fr ensuring that infrmatin systems activities are perfrmed in accrdance with federal guidance and standards and use available resurces effectively. Each prject team shuld wrk with these rganizatins, as apprpriate, and encurage their participatin and supprt in the life cycle as early as pssible t identify and reslve ptential issues r sensitivities 11 Executive Summary

14 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) t avid majr disruptin f the prject. A System Prject May Nt Prceed Until Resurce Availability is Assured. Beginning with the apprval f the prject, the cntinuatin f a system prject is cntingent n a clear cmmitment frm the spnsring prgram management. This cmmitment is embdied in the assurance that the necessary resurces will be available, nt fr the next activity nly, but as required fr the remainder f the life cycle. E. INFORMATION SYSTEM LIFE CYCLE MODEL The full life cycle mdel is divided int seven phases; sme prjects may require merging sme f the seven phases; and nt every prject will require that the phases be sequentially executed. Hwever, the phases are interdependent. Depending upn the size and cmplexity f the prject, phases may be cmbined r may verlap. Decisins reached and deliverables cmpleted in the phases are required in subsequent phases t cmplete successful prject develpment. The life cycle phases are described in the paragraphs belw and displayed in Exhibit 1. A small-scale develpment effrt is described in Appendix A fr prjects nt requiring significant resurces. Prject Cncept Develpment. Prject cncept develpment actually starts the life cycle when a need t develp r significantly change a system is identified. Once a system requirement is identified and dcumented, it must be reviewed fr feasibility and apprpriateness. The requirement may invlve develpment f a new system r mdificatin f an existing system. The necessary apprvals and funding is needed prir t mving t the planning phase. Sme bureaus cnsider prject cncept develpment a distinct phase which may be beneficial t their specific needs. Planning Phase. The planning phase begins after the prject has been apprved by an executive level steering cmmittee and resurces have been allcated t the prject. The prject plan identifies the apprach t satisfying the requirement and includes the discussin f methds, tls, tasks, resurce requirements and prject schedules. Requirements Definitin Phase. Functinal user requirements are frmally defined and delineate the requirements in terms f data, system perfrmance, security, and maintainability requirements fr the system. All requirements are defined t a level f detail sufficient fr systems design t prceed. Design Phase. The external physical characteristics f the system are designed during this phase. The perating envirnment is established, majr subsystems and their inputs and utputs are defined, and prcesses are allcated t resurces. Everything requiring user input r apprval 12 Executive Summary

15 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) must be dcumented and reviewed by the user. The internal physical characteristics f the system are specified and a detailed design is prepared. Subsystems defined during the external design are used t create a detailed structure f the system. Each subsystem is partitined int ne r mre design units r mdules. Detailed lgic specificatins are prepared fr each mdule. Develpment Phase. The detailed specificatins prduced during internal design are translated t executable sftware. Sftware is unit tested, integrated, and retested in a systematic manner. Hardware is assembled and tested. Test Phase. The user, with the quality assurance rganizatin, validates that the functinal requirements as defined in the functinal requirements dcument are satisfied by the develped r mdified system. Implementatin Phase. The system r system mdificatins are installed and made peratinal in a prductin envirnment. The phase is initiated after the system has been tested and accepted by the user. The phase cntinues until the system is perating in prductin in accrdance with the defined user requirements. Operatins, Maintenance and Dispsitin Phase. The system peratin is nging. The system is mnitred fr cntinued perfrmance in accrdance with user requirements, and needed system mdificatins are incrprated. Operatins cntinue as lng as the system can be effectively adapted t respnd t an rganizatin's needs. When mdificatins are necessary, the system reenters the planning phase. The dispsitin activities ensure the rderly terminatin f the system and preserve the vital infrmatin abut the system s that sme r all f the infrmatin may be reactivated in the future if necessary. Particular emphasis is given t prper preservatin f the data prcessed by the system, s that the data is effectively migrated t anther system r archived in accrdance with applicable recrds management regulatins and plicies, fr ptential future access. 13 Executive Summary

16 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) 14 Executive Summary

17 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) 15 Executive Summary

18 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) CHAPTER 1. INTRODUCTION AND CONCEPTS A. BACKGROUND This chapter prvides backgrund infrmatin and an verview f specific life cycle cncepts that are critical in the life cycle management prcess. The cncepts exist thrughut the life cycle fr every system and are addressed in multiple phases. The cncepts serve as the fundatin fr the life cycle management apprach and are discussed in greater detail in the remaining chapters f this guidance dcument. The Department f the Treasury spends billins f dllars each year n the acquisitin, design, develpment, implementatin and maintenance f infrmatin systems vital t missin prgrams and administrative functins. The need fr safe, secure, and reliable system slutins is heightened by the increasing dependence n cmputer systems and technlgy t: prvide services and develp prducts; administer daily activities; and perfrm shrt and lng term management functins. In additin, t ensure privacy and security when develping infrmatin systems, establish unifrm privacy and prtectin practices and develp acceptable implementatin strategies fr these practices. Management f the resurces essential t effective system infrmatin is becming increasingly cmplex since the rapid advances in infrmatin technlgy in recent years have dramatically increased cmputer capacity, the range f technlgies available, and user accessibility. The elements needed t ensure effective systems are shwn in Exhibit 1-1. There has been a prliferatin f systems develpment effrts by a brad range f users with varying levels f sphisticatin in making develpment decisins and cnducting develpment effrts. The result has been twfld: A wide range f hardware/sftware ptins fr implementatin f any specific system cncept r design and the cnsequent difficulty f finding resurces that can evaluate and apply the diversity f tday's technlgy; and An increasing number f systems develpment effrts by Treasury emplyees at many rganizatinal levels, wh because f access t their wn equipment and ther resurces, develp their wn systems independently f system staffs. Intrductin 1-1 Chapter 1

19 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) Exhibit 1-1: Elements f an Effective System The infrmatin system life cycle prcess describes a brad and diverse set f activities fr addressing infrmatin systems requirements. The activities f the life cycle range frm defining the requirements and selecting the slutin, t develping, perating, and maintaining the slutin. This manual is structured t prvide a fair degree f flexibility in Intrductin 1-2 Chapter 1

20 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) addressing thse infrmatin systems requirements. New prject managers, in particular, shuld cnsult with their infrmatin resurces management (IRM) prgram fficials r Senir IRM Officials fr guidance in mdifying the life cycle t the needs f specific prjects. B. INFORMATION SYSTEM LIFE CYCLE (ISLC) BENEFITS Infrmatin system life cycle management represents the accumulatin f many years f experience by infrmatin systems prfessinals, and many lessns learned. This manual was develped by building n thse experiences, taking advantage f ther rganizatins' experience and resulting guidance as well as experiences specific t Treasury. The manual is intended t help ensure that each infrmatin system prject is successful. Specific benefits include: Ensuring full cnsideratin f the Treasury prgram envirnment, and assciated system and data requirements, frm prject initiatin thrugh the entire life f the system; Prviding early identificatin f technical and management issues t avid investments f resurces in impractical r infeasible system features; Prviding an early view f resurce needs (including resurces needed fr cntinued peratins) t ensure that decisins regarding system capabilities cnsider the full cst f these capabilities, and refining this view thrughut the life cycle; Fstering realistic expectatins by the user cmmunity (prgram managers and their staff) f what the system will and will nt accmplish; Prviding a balanced cnsideratin f the prgrammatic, technical, management, and cst aspects f prpsed system mdificatins; Encuraging peridic evaluatins t identify systems which may n lnger efficiently and effectively supprt prgram needs r cnsume disprprtinate resurces; Prviding clear measures f prgress and status t enable effective crrective actin if needed; and Prviding much f the infrmatin needed t supprt infrmatin resurces Intrductin 1-3 Chapter 1

21 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) management planning and the develpment f budget requests. This ISLC methdlgy prvides a structured apprach t infrmatin systems prjects. The methdlgy addresses the develpment and the nging peratin f infrmatin systems and it describes the prgressin f the life cycle thrugh varius activities and prcesses as well as addressing the relatinships amng the activities and prcesses. This ISLC manual has been revised t address use f a wide range f technlgies, including cmputer-aided sftware engineering (CASE) and ther autmated tls. Systems that supprt the Department's prgrams vary greatly in size, scpe, cmplexity, and technlgies. There is wide variance in the methdlgies and tls used t supprt the evlutin f the systems frm initial prblem statement thrugh the peratin and ultimate terminatin f the system. Such variatin reflects the diversity f the Department's prgrams. Therefre, this guidance dcument des nt prescribe a single methd applicable withut change t every system. Rather, it presents a structured, disciplined apprach t systems prjects and t selecting and using apprpriate methds, tls, and techniques. C. PURPOSE, SCOPE, AND APPLICABILITY The purpse f this manual is t explain the imprtance f life cycle management t all ptential participants in the infrmatin system life cycle and describe the prgressin f the life cycle appraches thrugh individual phases. This manual utlines the verall Department f the Treasury guidelines fr the ISLC methdlgy and prvides directin n its use and applicability. This manual applies t all Treasury and cntractr persnnel wh are develping, acquiring r managing new systems r making majr enhancements t existing systems. Adherence by system users and all levels f Treasury management acrss all functinal areas is required t implement effective infrmatin systems. D. SIGNIFICANT CHANGES Much has changed in the infrmatin systems area since the last life cycle guidance was published. These changes are reflected by an increasingly prgram-based apprach t justifying and evaluating infrmatin systems. As a result, significant changes in this manual are driven by Federal Infrmatin Resurces Management Regulatins (FIRMR) Intrductin 1-4 Chapter 1

22 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) revisin, General Accunting Office (GAO) reprts n systems develpment, Office f Management and Budget (OMB) revised circulars and publicatins, Ttal Quality Management (TQM) initiatives, Treasury's revised guidance dcuments, and the recent GSA's Infrmatin Resurces Prcurement and Management Review (IRPMR) f Treasury's Infrmatin Resurces Management (IRM) prgram. The fllwing are ntable changes driving this revisin. Prpsed investments in infrmatin systems shuld maximize return n investment which include imprving delivery f services t the public, reducing infrmatin cllectin burden n the public, and increasing the efficiency f Federal prgram administratin. Prpsed infrmatin systems must be linked t the achievement f agency/bureau missin. Infrmatin system must cnsider the needs fr accmmdatins f accessibility fr individuals with disabilities t the extent that needs fr such access exist. The issuance f the Cmputer Security Act requires cmputer security plans fr infrmatin systems prcessing sensitive but unclassified infrmatin. OMB has changed the discunt rate fr Federal Infrmatin Prcessing (FIP) resurces which is used in calculating cst-benefit analyses. The new OMB's discunt rate guidelines shuld be used in perfrming cst-benefit analyses. The discunt rate will be updated annually by OMB at the time f the President's budget submissin t Cngress. The gvernmentwide emphasis n reinventing gvernment, perfrmance measures, benefits, quality imprvement, business prcess reengineering, strategic business planning, prttyping, and infrmatin engineering has increased. The fllwing majr changes are incrprated int this revisin. The revised manual prvides descriptins f reviews fr each life cycle phase as a means t reassess the cntinuatin f the prject when cmparing the benefits t be derived t the cst. The revised manual prvides "issues checklists" t identify activities r cncerns cmmnly fund in an ISLC phase. The issues checklists serve as planning and Intrductin 1-5 Chapter 1

23 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) validatin tls. By checking the list f questins at the end f each phase, majr issues are addressed as part f the discussin f the activities fr each phase. The revised manual prvides descriptins f deliverables t aid in the develpment f the deliverables. The revised manual includes an infrmatin engineering prcess mdel t present similarities and adaptability in the standard life cycle methdlgy. The revised manual eliminates the phase-stage-task structure. This ISLC guidance addresses the phase-task apprach. If a prject is mre manageable by breaking it dwn, the ptin t include stages is apprpriate. Subtasks can als be added if cmpleting the activities can be accmplished with ease. The revised manual incrprates guidance fr a capacity management and perfrmance measurement prgram frmerly in TD 81-07, "Infrmatin Systems Capacity Management and Perfrmance Measurement." The acquisitin guidelines are remved frm this manual. Acquisitin prcedures are in TD P 83-01, "Guidelines fr Acquisitin f Federal Infrmatin Prcessing Resurces." E. DOCUMENTATION The life cycle dcumentatin is an integral part f the infrmatin system develpment prcess, nt as an end in itself. The life cycle methdlgy specifies which dcumentatin will be generated during each phase. Sme analytic methdlgies r tls prvide dcumentatin r ther utput crrespnding t all r part f a life cycle prduct. In these cases, these utputs can be used t satisfy the crrespnding dcumentatin requirements. Many f the prducts may serve as the basis fr the departmental infrmatin cllectin requirements, e.g., Infrmatin Systems Plans, security plan, systems f recrds ntificatin, reprts n excess persnal prperty, equipment inventries, IRM reviews, and cst-benefit analysis. (See the Office f Infrmatin Resurces Management fr mre infrmatin f specific requirements.) The ISLC dcumentatin is typically referred t as "deliverables." Deliverables are cllected at the end f each phase and stred in the prject file. Very few f these deliverables remain unchanged thrughut the system life cycle. Sme deliverables evlve cntinuusly during the life cycle and thers are revised t reflect the results f analyses Intrductin 1-6 Chapter 1

24 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) perfrmed in later phases. Examples f deliverables are displayed in Exhibit 1-2, Infrmatin System Life Cycle Deliverables. Deliverables are typically categrized int tw majr types - prcess and prduct. Depending n the size, scpe, and cmplexity f the system develpment effrt, ther types f deliverables may be added, e.g., technical. 1. Prcess dcumentatin is necessary t cmmunicate status and directin. By reviewing this dcumentatin, users are able t determine if their needs are being understd and addressed and management is able t verify if apprpriate prgress is being made during the develpment prcess. Examples include: (1) All prject plans; (2) Prject review reprts; (3) Schedules and budgets; and (4) Supprting materials. Prcess dcumentatin addresses the actins required fr develping, implementing, and maintaining the system, i.e., the prcedures, timelines, and funds required fr accmplishing results. Prcess dcumentatin is nt maintained, i.e., kept current subsequent t implementatin; hwever, it shuld be retained fr evaluatin and general reference. Refer t each phase fr additinal prcess dcumentatin. 2. Prduct dcumentatin will survive the infrmatin system develpment prcess. That is, it will be retained and maintained in a current cnditin subsequent t implementatin in rder t cmmunicate hw the system perates t peple wh may nt have been a part f the system develpment prcess. These peple are users, reviewers, system peratrs, maintenance peratrs, and prgrammer analysts. Sme examples f prduct dcumentatin include, but is nt limited t: Intrductin 1-7 Chapter 1

25 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) Intrductin 1-8 Chapter 1

26 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) (1) User manual; (2) Operatrs manual; (3) Maintenance manual; (4) Test plan; and (5) Cnversin plan. Prduct dcumentatin addresses the system itself - what it is, hw it is perated, hw t maintain it, etc. The dcuments describe, in nn-technical terms, hw the system prcesses data. These dcuments are maintained subsequent t installatin. Mdificatins t the system as they ccur are apprpriately reflected in the dcuments; new versins f the dcuments are distributed peridically. Each phase generates a list f deliverables fr dcumentatin f that phase. F. DATA MANAGEMENT The Department's life cycle management apprach emphasizes management f data resurces. Because f the large vlumes f data handled by Treasury's systems and the increasing trend tward sharing data acrss systems and prgrams, a data management apprach is required when develping infrmatin systems. The data related activities, prducts, and decisins which must be addressed during the system life cycle cnstitute the data management apprach. The apprach als includes the degree f rigr t be fllwed when perfrming these activities and the level f frmality t be used when dcumenting data related life cycle prducts and decisins. Implementing a data management apprach is key t the prject's success. If the apprach des nt address data dictinary issues as part f a large, high impact prject, the risk f time and cst verruns fr the prject will be increased, as will maintenance csts fr the cmpleted system and its data. One criterin which stands ut as a majr factr in determining the data management apprach is the degree f data sharing. Data sharing includes use f ne infrmatin system's data by a secnd system, and using the same data by multiple functins using a single infrmatin system. If data sharing is extensive, a rigrus and frmal data management apprach shuld be used. Fllwing this type f apprach will minimize unexpected, adverse impacts upn the system and the prgrams it will supprt. The benefits f data management include: Ensuring that data cllected and disseminated meet prgrammatic requirements Intrductin 1-9 Chapter 1

27 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) fully, including requirements fr accuracy and timeliness; Imprving management decisin-making by prviding better access t mre accurate and timely data; Increasing prductivity in the infrmaitn cllectin and prcessing activities as the understanding and use f available data increases; Ensuring that existing data can be shared t the maximum practicable extent, aviding the cst f redundant data cllectin and strage; and Reducing the cst f system maintenance and the time needed t mdify implemented systems by designing mre stable and flexible databases. Several imprtant aspects f data management are described belw. 1. A data management plan is required fr each system prject. Like the prject plan, the data management plan is an imprtant life cycle prduct. It is intrduced in the planning phase, and is updated, expanded, and refined cntinually thrughut the life cycle. 2. A data dictinary is mandatry fr every system. A data dictinary must be prepared fr every system t clearly cmmunicate the attributes f the data prcessed by the system t system users and ther individuals with an interest in the system data. 3. Data administratin cncerns cut acrss multiple systems. Fr each prject, data administratin fcuses n the relatinship f the prject t ther prjects and systems that prcess cmmn data. Data administratin addresses data definitins, data standards, mechanisms t ensure cnsistency f data acrss systems, data quality cntrl prcedures, and related issues that frequently cut acrss prject and system bundaries. G. COST-BENEFIT ANALYSIS The cst-benefit analysis is a vital management tl fr linking functin and budget. The cst-benefit analysis must be updated as apprpriate thrughut the infrmatin system life cycle and the level f detail shuld be cmmensurate t the size f the investment. Intrductin 1-10 Chapter 1

28 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) When the infrmatin system prvides services t the public, bureau managers shuld quantify the perfrmance f the infrmatin system thrugh systematic measurement f utputs. In cnducting cst-benefit analyses t supprt nging management versight, agencies shuld seek t maximize return n investment ver the infrmatin system life cycle by establishing and evaluating systematic perfrmance measures. These perfrmance measures shuld include: the effectiveness f prgram delivery; efficiency f prgram administratin; and reductin in burden, including infrmatin cllectin, impsed n the public. The revised cst-benefit analysis at each phase f the infrmatin system life cycle prvides up-t-date infrmatin t ensure the cntinued viability f an infrmatin system prir t and during implementatin. Reasns fr updating a cst-benefit analysis may include such factrs as significant changes in prjected csts and benefits, majr changes in requirements (including legislative r regulatry changes), r empirical data based n perfrmance measurement gained thrugh prttype r pilt experience. H. LIFE CYCLE REVIEWS The life cycle review prcess cnsists f a series f reviews cnducted in each phase (Exhibit 1-3) t ensure that each phase f the prject is cmpleted successfully. This prcess ensures that all prducts created during the life cycle meet functinal and perfrmance requirements as utlined in all requirements dcumentatin. The requirements fr hlding specific reviews are determined by the system size and cmplexity and by management directin. The cmpletin f a phase represents a lgical pint at which reviews shuld ccur. The purpse f reviews are: (l) T ensure that prject directin and gals remain cnsistent with rganizatin strategic plan and gals; (2) T prvide an pprtunity t terminate prjects which fail t demnstrate an adequate return n investment; (3) T measure the nging prgress (i.e., budget, schedule and deliverables) and identify ptential prblems fr crrective actins; and Intrductin 1-11 Chapter 1

29 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) (4) T apprve phase results and authrize further wrk. Planning Phase Requirements Definitin Phase Design Phase Develpment Phase Test Phase Implementatin Phase Operatins, Maintenance and Dispsitin Phase Planning Review Functinal Requirements Review Sftware Requirements Review Preliminary Design Review Final Design Review Test Readiness Review Test Analysis Review Revalidatin Review Pst- Implementatin Review Peridic System Review Unit/Mdule Test Subsystem Integratin Test System Qualificatin Test System Acceptance Test Security Test Exhibit 1-3: ISLC Reviews and Tests Remember each purpse during the review prcess and achieve each purpse befre terminating the review. The apprpriate persnnel fr the review team is defined in the prject plan. Review team members can include the system develper, prject user, data administratr, database administratr, quality assurance manager, security manager, telecmmunicatins manager, and cnfiguratin manager, as apprpriate. In general, senir management invlvement is greatest in the earlier phases f systems develpment effrts. This invlvement declines in the later, mre technical phases r less critical prjects invlving fewer resurces. The issues checklist in each phase prvides useful infrmatin t assist the review team. A review checklist fr each phase is als prvided and may be useful when cnducting reviews. These checklists may be mdified as apprpriate fr the systems develpment effrt. I. TEST ACTIVITIES The gal f testing is t cnfirm that bth individual system mdules and the entire system Intrductin 1-12 Chapter 1

30 Infrmatin System Life Cycle Manual TD P (V 2.0 July 1994) are executed in accrdance with the functinal requirements and technical specificatin. The fllwing types f test activities are identified mre specifically in the testing phase f the life cycle and are included in the test plan and test analysis. 1. Unit/Mdule Testing is perfrmed in the develpment phase by the system develpment team. It cnsists f mdule/prgram level testing by validating the mdule's lgic, adherence t functinal requirements, and adherence t technical specificatins. 2. Subsystem Integratin Testing is cnducted in the develpment phase by the system develpment team. It tests the system's integrated grupings f sftware units and mdules, therwise knwn as subsystems. 3. System Qualificatin Testing is an independent test, ften verseen by an rganizatin that did nt develp the system, using a hardware/sftware platfrm that mirrrs the prpsed prductin envirnment and ccurring in a cntrlled envirnment. This test is a cmprehensive verificatin and validatin prcess cnducted t ensure that all capabilities and requirements f the system are exercised befre the system is delivered t the user acceptance test team. System dcuments and training plans are tested fr accuracy, validity, cmpleteness, and useability. During this test, the sftware perfrmance, respnse time, and ability t perate under stressed cnditins will be tested. 4. System Acceptance Testing is cnducted by the user, testing every system feature fr crrectness and cnfrmance t requirements. This test may r may nt be cnducted using the prpsed prductin platfrm. System interperability, all dcumentatin, system reliability, and the level t which the system meets user requirements will be evaluated. Recvery and restart prcedures may be evaluated. 5. Security Testing is perfrmed in the peratinal/prductin envirnment. Security testing evaluates cmpliance with security and data integrity guidelines, and it addresses security backup, recvery, and audit trails. It ensures that all security measures have been prperly implemented in the perating envirnment and are effective t satisfy security requirements. It addresses all aspects f security t include internal cntrls, hardware, sftware and cmmunicatins security cntrls, physical and envirnmental security, and administrative prcedural security requirements. J. QUALITY ASSURANCE Quality assurance places emphasis n identifying and recrding design and prgramming Intrductin 1-13 Chapter 1