ITS Software Development Lifecycle (SDLC) Policy

Question

Is there a policy regarding software development?

Answer

ITS Software Development Lifecycle (SDLC) Policy 

1. Purpose 

This policy establishes a standardized Software Development Lifecycle (SDLC) for all software development projects undertaken by the University of South Dakota, including those developed by internal personnel, by contractors, or through third-party vendors. This policy aims to: 

  • Ensure consistent and high-quality software development practices. 
  • Promote efficient project management and resource allocation. 
  • Mitigate risks associated with software development. 
  • Ensure compliance with relevant university policies, security standards, and legal regulations. 
  • Facilitate collaboration and communication among stakeholders. 

2. Scope 

This policy applies to all software development projects initiated or sponsored by the University of South Dakota, including but not limited to: 

  • Web applications 
  • Mobile applications 
  • Desktop applications 
  • Databases 
  • APIs 
  • Integrations 
  • Cloud-based systems 

3. SDLC Stages 

The University of South Dakota adopts an Agile-based SDLC, emphasizing iterative development, collaboration, and flexibility. The SDLC comprises the following stages: 

  • Planning & Analysis:  
    • Define project scope, objectives, and success criteria. 
    • Conduct stakeholder analysis and gather requirements. 
    • Create a project backlog and prioritize features. 
    • Develop a project plan with timelines, resources, and budget. 
    • Conduct risk assessment that aligns with USD Secure Software Policy and develop mitigation strategies. 
  • Design:  
    • Develop system architecture and design specifications. Architecture must meet the University system standards. Currently the university supports .NET frameworks, Microsoft Servers and the university’s Microsoft Cloud Hosting environments.  
    • Software will be configured securely following industry’s best practices and security standards to reduce the attack surface and minimize security risks.  
    • Default configurations will be reviewed and modified to meet the University's security requirements, including authentication settings, access controls, and encryption settings. 
    • Design user interfaces (UI) and user experiences (UX) that meet the current university accessibility standards. As of Jan. 2024, we follow the WCAG 2.1 Level AA standard 
    • Conduct usability testing. 
    • Ensure compliance with university branding guidelines and accessibility standards. 
    • Perform design reviews with members of the ITS development team 
  • Development:  
    • Develop and implement software code according to design specifications.  
    • Conduct regular code reviews with members of the ITS development team 
    • Utilize version control systems that are supported by the university, to manage code changes. Currently the university adopts Microsoft DevOps for its Version Control system. 
    • Adhere to coding standards and best practices. The university follows the following guidelines: 
  • Testing:  
    • Conduct comprehensive testing, including unit, integration, system, and user acceptance testing (UAT). 
    • Ensure software meets functional and non-functional requirements. 
    • Perform security testing to identify and address vulnerabilities. Testing will include but is not limited to the following 
      • Application pen testing 
      • Static code analysis 
      • Dynamic Application Security Testing (DAST) 
    • Document and track defects
       
  • Deployment:  
    • Plan and execute software deployment to test and production environments. 
    • Conduct post-deployment monitoring to ensure stability and performance. 
    • Provide user training and documentation. 
       
  • Maintenance:  
    • Provide ongoing maintenance and support for software applications. 
    • Address bug fixes and implement enhancements. 
    • Manage software updates and upgrades. 
    • The University will implement patch management procedures to ensure that application software is kept up to date with the latest security patches and updates. 
    • Critical security patches will be applied promptly to mitigate known vulnerabilities and reduce the risk of exploitation by malicious actors. 
    • Monitor system performance and security. 

4. Roles and Responsibilities 

  • Project Sponsor: A university representative who initiates the project, provides resources, and champions its success. 
  • Project Manager: Responsible for planning, executing, and closing the project, ensuring adherence to the SDLC. 
  • Development Team: Responsible for designing, developing, testing, and deploying the software. 
  • Quality Assurance Team: Responsible for ensuring the quality of the software through testing and quality control activities. 
  • Security Team: Responsible for ensuring the security of the software and compliance with security policies. 
  • Users: Provide feedback and participate in user acceptance testing. 

5. Tools and Technologies 

  • Project Management Tools: Utilize project management software to track progress, manage tasks, and collaborate with stakeholders. 
  • Equipment: University owned equipment, Windows operating systems, domain joined, and supported, to ensure IT security protections.
  • Version Control Systems: Employ version control systems (e.g., Git) to manage code changes and collaborate effectively. Ex. Azure DevOps. 
  • Development Tools: Utilize a university accepted integrated development environment. Examples: Visual Studio Professional, Enterprise or Code. Notepad++.   
  • Testing Tools: All development endeavors will include testing plans with success criteria. Ideally development will take advantage of automated testing tools to facilitate efficient and comprehensive testing, however manual testing is acceptable. Ex. Azure DevOps. 
  • Deployment Tools: Employ deployment tools and strategies to automate and streamline the deployment process. Ex. Azure DevOps. 
  • Communication Tools: Utilize communication and collaboration tools to facilitate effective communication among stakeholders.  

6. Security Considerations 

  • All software development projects must comply with university security policies and standards. 
  • Secure coding practices must be followed to prevent security breaches. 
  • Access control measures that align with university standards must be implemented to protect sensitive data. 

7. Documentation 

  • Maintain comprehensive documentation throughout the SDLC, including:  
    • Project Plan 
    • Requirements Documents 
    • Design Specifications 
    • Test Plans and Reports 
    • Deployment Plans 
    • Knowledge Articles  

8. Policy Compliance 

  • All software development projects must adhere to this SDLC policy. 
  • Deviations from this policy require approval from the University of South Dakota CIO.  

9. Policy Review and Updates 

This policy will be reviewed and updated periodically or as needed to ensure its relevance and effectiveness. 

10. Enforcement 

This policy is enforced by the University of South Dakota's IT department. Non-compliance may result in project delays, susp. 

This SDLC policy provides a framework for developing high-quality, secure, and user-friendly software applications that meet the needs of the university community. By adhering to this policy, University of South Dakota can ensure that its software development projects are successful and contribute to the achievement of its strategic goals. 

 

Print Article

Related Articles (1)