Maine State Government

Dept. of Administrative & Financial Services

Office of Information Technology

 

Software Development Lifecycle Policy

 

I. Statement

 

In order to be successful, all major application projects[1] must undergo a well-defined development lifecycle. This Policy establishes the minimum requirements and responsibilities for such a lifecycle in Maine State Government.

 

II. Purpose

 

Software development is a complex endeavor, susceptible to failure, unless undertaken with a deliberate and systematic methodology. The Maine State Software Development Lifecycle (SDLC) is a methodology for implementing an application project[2] by following a sequence of standard steps and techniques. In combination with sound Project Management, the SDLC improves the capability of application projects to deliver as expected, on time, and within budget. Besides increasing the success rate of application projects, a statewide SDLC also facilitates statewide collaboration in application projects. Finally, a statewide SDLC increases the efficiency and effectiveness of professional training for the State’s software development personnel.

III. Applicability

 

This Policy applies to all major application projects, both new applications and upgrades of existing applications. They include:

·        applications that are owned by the Executive Branch and Semi-autonomous State Agencies[3], irrespective of where such applications are hosted, and

·        applications from other Maine State Government branches that are hosted on computer devices operated by the Office of Information Technology, or those that traverse the State wide area network.

 

At its discretion, the Associate CIO, Applications, may sanction a simplified implementation of this SDLC for certain application projects.

 

IV. Responsibilities

A. Application Owners: The Application Owners[4] are responsible for executing this SDLC and submitting the resulting artifacts to the Associate CIO, Applications. This submission consists of the names and signatures of the Application Owners, and the actual artifacts. (Artifacts are the documents, diagrams, etc., that are created as a result of following the SDLC.)

B. Application Owners and Enterprise Project Management Office (PMO): The Application Owners and the Enterprise PMO must jointly consider this SDLC as an integral part of the overall project plan.

C. Associate CIO, Applications: The Associate CIO, Applications, is responsible for enforcing this Policy.

 

V. Guidelines & Procedures

A. A software application typically undergoes several development lifecycles, corresponding to its creation and subsequent upgrades. Each such development lifecycle constitutes a project. Such projects continue until the underlying technology ages to the point where it is no longer economical to invest in upgrades and the application is considered for either continued as-is operation or retirement. The Maine State SDLC defines a standard methodology for the creation and upgrades of software applications. It does not address routine maintenance that occurs as part of the operational management of an application. Nor does it address retirement.

B. The Maine State SDLC is a subset of the Enterprise Unified Process, which is a derivative of the IBM Rational Unified Process. This SDLC is structured in two dimensions: Phases[5] and Disciplines[6].

C. This SDLC is sequential with respect to the Phases, while iterative, or incremental, with respect to the Disciplines. More specifically, each Phase ends with a go/no-go decision on whether to proceed to the next Phase. Each Discipline ends with a set of deliverables encapsulating the results of a specific activity, which is incrementally refined over multiple iterations of the Phases. While it may appear that a one-to-one correspondence exists between the elements of the Phases and the elements of the Disciplines, this is absolutely not the case. In reality, designing, coding, and testing continue incrementally across multiple Phases. More detailed coverage of this two-dimensional model is provided in References [1] and [2].

D. The Maine Office of Information Technology will propose, adopt, and implement Procedures, Best Practices, etc., in support of this Policy.

E. This SDLC is meant to operate under the umbrella of the TenStep Project Management Process®, the project management methodology adopted by the Enterprise PMO.

 

VI. Definitions

 

1.      Application Owners: The Project/Product Manager, the Executive Sponsor, and the Technical Leader are jointly and collectively identified as the Application Owners.

 

2.      Application Project: The Project Management Institute[7] defines a Project as a temporary endeavor undertaken to create a unique product, service, or result. By extension, an Application Project is a temporary endeavor undertaken to create a unique application product, be it a new application or the upgrade of an existing application.

 

3.      Discipline: Disciplines are the specialized activities that take place over the life of an application project. The Disciplines of this SDLC are Business Modeling, Requirements, Analysis & Design, Implementation, Test, and Deployment.

 

4.      Major Application Project: An Application Project is deemed to be major if it meets the threshold of Enterprise Portfolio submission. At the discretion of the Associate CIO Applications, or the Enterprise PMO, or the Application Owners, an Application Project that does not meet the threshold of Enterprise Portfolio submission may still be deemed to be major due to its complexity, operational impact, security impact, business criticality, media or political exposure, etc. Should it appear that a large application project has been decomposed into smaller projects, some or all of which fall below the threshold of Enterprise Portfolio submission, then the Enterprise PMO or the Associate CIO, Applications, may designate any or all of the smaller projects as major.

 

5.      Phase: Phases represent the sequential evolution of an application project through time. The Phases of this SDLC are Inception, Elaboration, Construction, Transition, and Production.

 

6.      Semi-autonomous State Agency: An agency created by an act of the Legislature that is not part of the conventional branches of Government, i.e., the Executive Branch, the Legislative Branch, the Judicial Branch, the Office of the Attorney General, the Office of the Secretary of State, the Office of the State Treasurer, and the Audit Department.

VII. References

1.      Ambler, Scott W, A Manager’s Introduction to The Rational Unified Process (RUP), December 4, 2005[8].

2.      Enterprise Unified Process (EUP) Home Page, Last Updated: March 1, 2006[9].

3.      Software Development Lifecycle Procedure[10].

VIII. Document Information

1.      Document Reference Number: 19

 

2.      Category: Applications

 

3.      Adoption Date: August 31, 2009

 

4.      Effective Date: August 31, 2009

 

5.      Review Date: August 31, 2011

 

6.      Point of Contact: B. Victor Chakravarty, Enterprise Architect, State House Station #138, Augusta, ME 04333, (207) 624-9840.

 

7.      Approved By: Richard B. Thompson, Chief Information Officer, State House Station #138, Augusta, ME 04333, (207) 624-7568.

 

8.      Position Title(s) or Agency Responsible for Enforcement: Jim Lopatosky, Associate CIO, Applications, State House Station #11, Augusta, ME 04333, (207) 287-1921.

 

9.      Legal Citation: 5 MRSA, Chapter 163, Section 1973, paragraphs B and D, read in part: [The Chief Information Officer shall] "Set policies and standards for the implementation and use of information and telecommunications technologies" and "Identify and implement information technology best business practices and project management".

 

10.  Waiver Process: A request for waiver should be submitted to the CIO in writing, explaining the reasons thereof.