Date: Fri, 29 Mar 2024 09:09:41 -0400 (EDT)
Message-ID: <161767833.13195.1711717781515@confluence05.rowan.edu>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_13194_357228746.1711717781511"
------=_Part_13194_357228746.1711717781511
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
ROWAN UN=
IVERSITY POLICY
Title: Project Management and Software/Systems Development =
Life Cycle
Subject: Informati=
on Resources and Technology
Policy No: I=
RT:2017:02
Applies: Un=
iversity-Wide
Issuing Authority: Senior Vice =
President of Information Resources and Technology and Chief Information Off=
icer
Responsible Officers: Assistant Vice Pres=
ident of the Information Security Office
Adopted: =
08/30/2016
Last Revision: 07/03/2=
018
Last Reviewed: 07/03/2018
I. PURPOSE
The purpose for this policy is to establi=
sh the common and consistent application of Project Management and Software=
/Systems Development Life Cycle (SDLC) best practices in the management of =
technology projects.
II. ACCOUNTABILITY
Under direction of the Senior Vice Presid=
ent of Information Resources & Technology (IRT) and CIO, the Assistant =
Vice President of the Information Security Office shall implement and ensur=
e compliance with this policy.
III. APPLICABILITY
This policy is applicable to University e=
mployees (faculty, staff, and student employees), students, and other cover=
ed individuals (e.g., University affiliates, vendors, independent contracto=
rs, etc.) that perform any type of technology project management, software =
or systems development work under the auspices of the University.
IV. DEFINITIONS
- Project Management - The application of knowledge, skills, too=
ls and techniques to mitigate risk, control budget and manage scope of task=
s.
- PM & SDLC Governance Committee =E2=80=93 to agree on =
and ensure compliance with the project methodology and SDLC standards and p=
rocedures.
- Systems Development Life Cycle (SDLC) - The systems developmen=
t life cycle (SDLC) is a term used in systems engineering, information syst=
ems and software engineering to describe a process for planning, creating, =
testing, and deploying an information system.
V. REFERENCES
- Secu=
rity System Development Life Cycle Policy
- Project Management Body of Knowledge (PMBOK)
- ISO/IEC 12207 Systems and Software Life Cycle Processes
- ISO/IEC/IEEE 15288 Systems and Software Life Cycle Processes
VI. POLICY
- The University is committed to continuously improving the delivery of I=
RT solutions within budget, on schedule, within scope and in such a way as =
to best contribute to accomplishing the University's strategic mission. Thi=
s policy furthers that goal by establishing the common and consistent appli=
cation of Project Management and SDLC best practices in the management of t=
echnology projects. A uniform Project Management and SDLC framework promote=
s consistency and better control of technology projects, thereby reducing r=
isks and increasing project successes.
- Rowan University is responsible for developing, maintaining, and partic=
ipating in a Project Management and Systems Development Life Cycle (SDLC) f=
or technology software and system development projects. All entities at the=
University, engaged in technology systems or software development activiti=
es, must follow the Rowan University PM & SDLC standards. This PM &=
SDLC policy is detailed in the Rowan University Project Management Office =
(PMO) Project Management and Systems Development Life Cycle (SDLC) Standard=
s document.
- Application of the Policy
- Information technology projects are managed in accordance with best pra=
ctices promoted by the nationally recognized Project Management Institute (=
PMI), appropriately tailored to the specific circumstances for the Universi=
ty. At a minimum, the five (5) phases of Project Methodology must be adhere=
d too with examples shown:
- Pre-Project Planning Phase:
- Development of a Feasibility Analysis
- Request for Information (RFI) or Request for Proposal (RFP)
- Initiating and Approving Phase:
- Determine Sponsor and Steering Committee
- Development and Approval of a Project Charter
- Planning Phase:
- Determine and Approval of Project Team
- Development and Approval of a Project Schedule
- Executing and Controlling Phase:
- Project Change Control Process
- Development and Distribution of Status Reports
- Closing Phase:
- Development of Closure Report
- Development of Post Implementation Plan (On-going Maintenance)
- This methodology provides a clear guidance and procedural steps for lea=
ding a technology project from its initial proposal through the project's c=
loseout.
- All software developed in-house which runs on production systems must b=
e developed according to Rowan University Project Management and Software/S=
ystems Development Life Cycle Standards.
- At a minimum, the six (6) phases of SDLC must be adhered to with exampl=
es shown:
- Business Requirements Phase:
- Develop and Approve Business Requirements
- Develop Business Process Model
- System Design Phase:
- Develop and Approve Technology System Design
- Development and Unit Testing Phase:
- Coding of new Technology
- Development and Approval of a Test Plan
- User Acceptance Testing Phase:
- Development and Approval of User Acceptance Testing
- Completed and Approved User Acceptance Testing
- Implementation and Operations & Maintenance Phase:
- Develop Deployment Plan
- Develop Maintenance Plan
- This methodology ensures that the software will be adequately documente=
d and tested before it is used in conjunction with critical and/or sensitiv=
e Rowan University information.
- All development work shall exhibit a separation between production, dev=
elopment, and test environments, and at a minimum have at least a defined s=
eparation between the development/test and production environments unless p=
rohibited by licensing restrictions or an exception is made. These separati=
on distinctions allow better management and security for the production sys=
tems, while allowing greater flexibility in the pre-production environments=
.
- Where these separation distinctions in environments have been establish=
ed, development, and QA/test staff must not be permitted access to producti=
on systems unless absolutely required by their respective job duties/descri=
ptions.
- Documentation must be kept and updated during all phases of project man=
agement and development from the initiation phase through implementation an=
d ongoing maintenance phases. Additionally, security considerations should =
be noted and addressed through all phases.
- Exceptions to the Policy
- Exceptions to this policy and associated standards shall be allowed onl=
y if previously approved by the Rowan University PM & SDLC Governance C=
ommittee and such approval documented and verified by the Director of Infor=
mation Security.
- In the event a Rowan University Department chooses to seek an exemption=
for reasons such as inability to meet specific points, tasks, or subtasks =
within the Project Management and Software/Systems Development Life Cycle P=
olicy or Standards, the PM & SDLC Governance Committee will convene in =
order to assess the specific merits of the exemption request(s) while still=
adhering to the main principles behind the Project Management and Software=
/Systems Development Life Cycle Policy or Standards. The outcome and suppor=
ted justification will be recorded for audit purposes.
By Direction of the CIO:
Mira Lalovic-Hand
SVP and Chief Information Officer
------=_Part_13194_357228746.1711717781511--