Objective

The objective of this Software Development Life Cycle (SDLC) policy is to establish a standardized and comprehensive process for the development, implementation, and maintenance of both vendor purchased and internally developed applications at Rockhurst University. This policy encompasses various stages of the SDLC, including preliminary analysis, risk identification and mitigation, systems analysis, general design, detail design, development, quality assurance and acceptance testing, implementation, and post-implementation maintenance and review. Additionally, the policy emphasizes the importance of vendor patch currency to ensure the latest security measures and application efficiencies are maintained.

Preliminary Analysis or Feasibility Study

  1. Before considering the purchase or development of any application, a thorough preliminary analysis or feasibility study will be conducted to assess the viability, requirements, and potential risks associated with the application.
  2. The analysis will include an evaluation of the existing systems, the identification of specific needs, an assessment of potential alternatives (including both vendor solutions and internal development), and consideration of resource availability and technology feasibility.

Risk Identification and Mitigation

  1. A comprehensive risk identification process will be conducted for both vendor purchased and internally developed applications.
  2. Risks will be categorized and assessed for their potential impact on the project's timeline, cost, security, and quality.
  3. Appropriate risk mitigation strategies will be developed and implemented to minimize the impact of identified risks throughout the SDLC.

Systems Analysis

  1. The systems analysis phase will involve a detailed requirements gathering and analysis process to determine the functional and non-functional requirements of the application.
  2. Clear documentation of the requirements, including use cases, system diagrams, and user stories, will be prepared to facilitate understanding and communication.

General Design

  1. The general design phase will focus on creating a high-level architectural design of the application, considering both vendor solutions and internally developed applications.
  2. The design will encompass components, modules, interfaces, and data flow diagrams, providing a blueprint for the development team.

Detail Design

  1. The detail design phase will involve a comprehensive design of each component and module identified in the general design phase.
  2. Detailed technical specifications, database schema, class diagrams, and other design artifacts will be created to guide the development process.

Development

  1. The development phase will involve coding, unit testing, and integration of the application components, whether vendor purchased or internally developed.
  2. Development will adhere to coding standards, version control practices, and best programming practices to ensure code quality and maintainability.

Quality Assurance and Acceptance Testing

  1. A dedicated quality assurance team will conduct rigorous testing to ensure the application meets the specified requirements and quality standards.
  2. Different types of testing, including functional, performance, security, and usability testing, will be performed.
  3. Acceptance testing will involve collaboration with end-users and stakeholders to validate the application's functionality and usability.

Implementation

  1. The implementation phase will involve the deployment of the application into the production environment, whether it is a vendor solution or an internally developed application.
  2. A well-defined deployment plan, including rollback procedures and contingency plans, will be prepared and executed.

Post-Implementation Maintenance and Review

  1. After implementation, a post-implementation review will be conducted to assess the effectiveness and efficiency of the application.
  2. Ongoing maintenance and support activities will be carried out to address bugs, implement enhancements, and ensure the stability and performance of the application.

Application Currency

  1. Rockhurst University recognizes the critical importance of maintaining up-to-date software versions and security patches for both vendor purchased and internally developed applications.
  2. An established process will be in place to regularly monitor and evaluate vendor updates, security bulletins, and patches.
  3. Patches will be promptly tested, applied, and deployed to ensure the latest security measures and application efficiencies are maintained.
  4. For vendor purchased applications, Rockhurst University will establish a communication channel with vendors to receive timely notifications about patch releases and security updates.
  5. For internally developed applications, a designated team or individual will be responsible for monitoring and applying patches in a timely manner.
  6. Patches will be tested in a controlled environment before deployment to production systems to mitigate any potential negative impacts.
  7. Documentation will be maintained to track the patching process, including patch application dates, testing results, and any associated issues or resolutions.

Policy Compliance and Enforcement

  1. All vendor purchased and internally developed applications at Rockhurst University must adhere to this SDLC policy, including the requirements for preliminary analysis, risk identification, systems analysis, design, development, testing, implementation, maintenance, and vendor patch currency.
  2. Compliance with the policy will be monitored through regular audits and reviews.
  3. Non-compliance with the policy may result in appropriate disciplinary actions as defined by the university's policies and procedures.

Policy Review and Updates

  1. This SDLC policy will be reviewed periodically to ensure its relevance and effectiveness.
  2. Updates to the policy will be made as necessary based on changes in industry best practices, technology advancements, or specific requirements of Rockhurst University.

By following this SDLC policy, Rockhurst University aims to ensure the consistent and secure development, implementation, and maintenance of both vendor purchased and internally developed applications, while also maintaining the latest security measures and application efficiencies through effective vendor patch management.