ROWAN UNIVERSITY POLICY


Title: Project Management and Software/Systems Development Life Cycle
Subject: Information Resources and Technology
Policy No: IRT:2017:02    
Applies: University-Wide
Issuing Authority: Senior Vice President of Information Resources and Technology and Chief Information Officer
Responsible Officers: Assistant Vice President of the Information Security Office
Adopted: 08/30/2016
Last Revision: 07/03/2018
Last Reviewed: 07/03/2018

I.  PURPOSE

The purpose for this policy is to establish the common and consistent application of Project Management and Software/Systems Development Life Cycle (SDLC) best practices in the management of technology projects.

II.  ACCOUNTABILITY

Under direction of the Senior Vice President of Information Resources & Technology (IRT) and CIO, the Assistant Vice President of the Information Security Office shall implement and ensure compliance with this policy.

III.  APPLICABILITY

This policy is applicable to University employees (faculty, staff, and student employees), students, and other covered individuals (e.g., University affiliates, vendors, independent contractors, etc.) that perform any type of technology project management, software or systems development work under the auspices of the University. 

IV.  DEFINITIONS

  1. Project Management - The application of knowledge, skills, tools and techniques to mitigate risk, control budget and manage scope of tasks.
  2. PM & SDLC Governance Committee – to agree on and ensure compliance with the project methodology and SDLC standards and procedures.
  3. Systems Development Life Cycle (SDLC) - The systems development life cycle (SDLC) is a term used in systems engineering, information systems and software engineering to describe a process for planning, creating, testing, and deploying an information system.

V.  REFERENCES

  1. Security System Development Life Cycle Policy
  2. Project Management Body of Knowledge (PMBOK)
  3. ISO/IEC 12207 Systems and Software Life Cycle Processes
  4. ISO/IEC/IEEE 15288 Systems and Software Life Cycle Processes

VI.  POLICY

  1. The University is committed to continuously improving the delivery of IRT solutions within budget, on schedule, within scope and in such a way as to best contribute to accomplishing the University's strategic mission. This policy furthers that goal by establishing the common and consistent application of Project Management and SDLC best practices in the management of technology projects. A uniform Project Management and SDLC framework promotes consistency and better control of technology projects, thereby reducing risks and increasing project successes.
  2. Rowan University is responsible for developing, maintaining, and participating in a Project Management and Systems Development Life Cycle (SDLC) for technology software and system development projects. All entities at the University, engaged in technology systems or software development activities, must follow the Rowan University PM & SDLC standards. This PM & SDLC policy is detailed in the Rowan University Project Management Office (PMO) Project Management and Systems Development Life Cycle (SDLC) Standards document.
  3. Application of the Policy
    1. Information technology projects are managed in accordance with best practices promoted by the nationally recognized Project Management Institute (PMI), appropriately tailored to the specific circumstances for the University. At a minimum, the five (5) phases of Project Methodology must be adhered too with examples shown:
      1. Pre-Project Planning Phase:
        • Development of a Feasibility Analysis
        • Request for Information (RFI) or Request for Proposal (RFP)
      2. Initiating and Approving Phase:
        • Determine Sponsor and Steering Committee
        • Development and Approval of a Project Charter
      3. Planning Phase:
        • Determine and Approval of Project Team
        • Development and Approval of a Project Schedule
      4. Executing and Controlling Phase:
        • Project Change Control Process
        • Development and Distribution of Status Reports
      5. Closing Phase:
        • Development of Closure Report
        • Development of Post Implementation Plan (On-going Maintenance)
    2. This methodology provides a clear guidance and procedural steps for leading a technology project from its initial proposal through the project's closeout.
    3. All software developed in-house which runs on production systems must be developed according to Rowan University Project Management and Software/Systems Development Life Cycle Standards.
      1. At a minimum, the six (6) phases of SDLC must be adhered to with examples shown:
        • Business Requirements Phase:
          • Develop and Approve Business Requirements
          • Develop Business Process Model
        • System Design Phase:
          • Develop and Approve Technology System Design
        • Development and Unit Testing Phase:
          • Coding of new Technology
          • Development and Approval of a Test Plan
        • User Acceptance Testing Phase:
          • Development and Approval of User Acceptance Testing
          • Completed and Approved User Acceptance Testing
        • Implementation and Operations & Maintenance Phase:
          • Develop Deployment Plan
          • Develop Maintenance Plan
      2. This methodology ensures that the software will be adequately documented and tested before it is used in conjunction with critical and/or sensitive Rowan University information.
    4. All development work shall exhibit a separation between production, development, and test environments, and at a minimum have at least a defined separation between the development/test and production environments unless prohibited by licensing restrictions or an exception is made. These separation distinctions allow better management and security for the production systems, while allowing greater flexibility in the pre-production environments.
    5. Where these separation distinctions in environments have been established, development, and QA/test staff must not be permitted access to production systems unless absolutely required by their respective job duties/descriptions.
    6. Documentation must be kept and updated during all phases of project management and development from the initiation phase through implementation and ongoing maintenance phases. Additionally, security considerations should be noted and addressed through all phases.
  4. Exceptions to the Policy
    1. Exceptions to this policy and associated standards shall be allowed only if previously approved by the Rowan University PM & SDLC Governance Committee and such approval documented and verified by the Director of Information Security.
    2. In the event a Rowan University Department chooses to seek an exemption for reasons such as inability to meet specific points, tasks, or subtasks within the Project Management and Software/Systems Development Life Cycle Policy or Standards, the PM & SDLC Governance Committee will convene in order to assess the specific merits of the exemption request(s) while still adhering to the main principles behind the Project Management and Software/Systems Development Life Cycle Policy or Standards. The outcome and supported justification will be recorded for audit purposes.


By Direction of the CIO:

Mira Lalovic-Hand
SVP and Chief Information Officer