Download - IncidentResponse.com

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
Document related concepts

Phase-gate process wikipedia , lookup

Transcript 
Information Security Policy
Domain:
Systems Development Life Cycle
System Development Life-Cycle
1 Purpose .............................................................................................................................. 2
2 Policy Statement.............................................................................................................. 2
2.1 Development Phases ........................................................................................................... 2
2.1.1 Initiation ...................................................................................................................................... 2
2.1.2 System Concept Development .......................................................................................... 2
2.1.3 Planning........................................................................................................................................ 2
2.1.4 Requirements Analysis ........................................................................................................ 3
2.1.5 Design ............................................................................................................................................ 3
2.1.6 Development.............................................................................................................................. 3
2.1.7 Integration and Test .............................................................................................................. 3
2.1.8 Implementation ....................................................................................................................... 3
2.1.9 Operations and Maintenance ........................................................................................... 4
2.1.10 Disposal ..................................................................................................................................... 4
Confidential - Internal Use Only
Page 1 of 4
Information Security Policy
Domain:
Systems Development Life Cycle
1 Purpose
In accordance with industry ‘best practices’ and to comply with numerous compliance
regulations, The company has prepared various Information Security policies and procedures
which are intended to protect the confidentiality, integrity and availability (CIA) of their
critical client data and their computing resources. This document describes system
development life cycle policy at The company in defining and administering these policy and
procedures..
2 Policy Statement
In an effort to control the implementation of new systems, this policy defines guidelines
that must be followed during that implementation. They are designed to insure that
business needs and security measures are addressed throughout the entire life cycle. In
addition, this life cycle helps balance business needs and security measures, so a
functional yet secure application and its environment can be achieved.
This policy should be applicable to all The company information systems and
applications across all Information Technology environments (e.g., mainframe, client,
server) and applies to contractually developed as well as in-house developed
applications. The specific participants in the life cycle process, and the necessary
reviews and approvals, vary from project to project. The guidance provided in this
document should be tailored to the individual project based on cost, complexity, and
criticality to The company’s mission.
2.1 Development Phases
The System Development Life Cycle (SDLC) Policy includes ten phases during
which defined information systems are created or modified. The tenth phase occurs
when the system is disposed of and the task performed is either eliminated or
transferred to other systems. Not every project will require that the phases be
sequentially executed. However, the phases are interdependent. Depending upon the
size and complexity of the project, phases may be combined or may overlap.
2.1.1 Initiation
The initiation of an information systems project begins when a business need or
opportunity is identified. A Project Manager should be appointed to manage the
project. This business need is documented in a Concept Proposal. After The company
Management and the sponsor(s) approve the Concept Proposal, the System Concept
Development phase begins.
2.1.2 System Concept Development
Once a business need is approved, the approaches for accomplishing the concept are
reviewed for feasibility and appropriateness. A preliminary document must be written
to identify the scope of the system and to require sponsor approval and funding
before beginning the Planning Phase.
2.1.3 Planning
Confidential - Internal Use Only
Page 2 of 4
Information Security Policy
Domain:
Systems Development Life Cycle
The concept is further developed to describe how the business will operate once the
approved system is implemented, and to assess how the system will impact employee
and customer privacy. To ensure the products and/or services provide the required
capability on time and within budget, project resources, activities, schedules, tools,
and reviews are defined. Additionally, activities must begin to identify system
security requirements and the completion of a high-level vulnerability assessment.
2.1.4 Requirements Analysis
End user requirements are formally defined and state the requirements in terms of
data, system performance, security, and maintainability requirements for the system.
All requirements are defined to a level of detail sufficient for systems design to
proceed. All requirements need to be measurable and testable and relate to the
business need or opportunity identified in the Initiation phase.
2.1.5 Design
The physical characteristics of the system are designed during this phase. The
operating environment is established, major subsystems and their inputs and outputs
are defined, and resources are allocated to processes. Everything requiring user input
or approval must be documented and reviewed by the user/customer. The physical
and logical characteristics of the system are specified and a detailed design is
prepared. Subsystems identified during design are used to create a detailed
architecture of the system.
2.1.6 Development
The objective of the Development phase will be to convert the deliverables of the
Design phase into a complete information system, which may include hardware,
communications, and executable software. Software shall be tested individually,
integrated, and retested in a systematic manner. Hardware is assembled and tested.
2.1.7 Integration and Test
The various components of the system are integrated and systematically tested. The
user tests the system to ensure that the functional requirements, as initially defined
and documented in the previous phases, are satisfied by the developed or modified
system. Prior to installing and operating the system in a production environment, the
system must undergo approval and accreditation activities from the user community,
the business process owner(s) and the project management.
2.1.8 Implementation
The system or system modifications are installed and made operational in a
production environment. The phase is initiated after the system has been tested and
accepted by the user community. This phase continues until the system is operating in
production in accordance with the defined user requirements. Once the system has
entered the production environment, it is subject to the The company Change
Management Policy.
Confidential - Internal Use Only
Page 3 of 4
Information Security Policy
Domain:
Systems Development Life Cycle
2.1.9 Operations and Maintenance
The system operation is ongoing. The system is monitored for continued performance
in accordance with user requirements, and needed system modifications are
incorporated. The operational system is periodically assessed through a combination
of feedback and reviews whose role is to determine the system's performance and
user satisfaction. This process occurs repeatedly to ensure that the system is also
performing cost-effectively and that it continues to meet the functional needs of the
user. Operations continue as long as the system can be effectively adapted to respond
to an organization’s needs. If modifications or changes are requested, then the system
and the changes will be subject to the The company Change Management Policy.
2.1.10 Disposal
The disposal activities ensure the orderly termination of the system and preserve the
vital information about the system so that some or all of the information may be
reactivated in the future if necessary. Particular emphasis is given to proper
preservation of the data processed by the system, so that the data is effectively
migrated to another system or archived in accordance with applicable records
management regulations and the The company Compliance Policy and other related
Information Security Policies, for potential future access.
Confidential - Internal Use Only
Page 4 of 4
Related documents
CELL CYCLE ,CONTROL OF CELL PROLIFERATION
CELL CYCLE ,CONTROL OF CELL PROLIFERATION
Phases of Matter - Bill Nye the Science Guy Wkst
Phases of Matter - Bill Nye the Science Guy Wkst
Rezakhani, Ali
Rezakhani, Ali
How Many Cells? - Yale School of Medicine
How Many Cells? - Yale School of Medicine
CHAPTER 12 THE CELL CYCLE
CHAPTER 12 THE CELL CYCLE
Innovating the Future
Innovating the Future
“IPMATC” Activity Directions: Use complete, meaning
“IPMATC” Activity Directions: Use complete, meaning
Managing Application Development
Managing Application Development
Table 2-1. Organizational Structure Influences on Projects The
Table 2-1. Organizational Structure Influences on Projects The
Modeling the Phases of the Cell Cycle
Modeling the Phases of the Cell Cycle
Genetics Assignment - Virtual Lab (Mitosis/Meiosis)
Genetics Assignment - Virtual Lab (Mitosis/Meiosis)
project initiation – making the right start
project initiation – making the right start