1. Step Task Deliverable Quality Gates Owner Required? Comments Project
Mgmt
Framew
ork
1 1. Create virtual project binder MOSS Project Site BA Yes There is a standard project document storage
configuration in SharePoint.
1. Validate project sponsor Project sponser contact
information
Quality Gate 1:
Project sponsor must
be identified prior to
moving to the
requirements phase
BA Yes Project sponsor was identified during the
development of the business case;
#3, #7
2. Review Business Case with project
sponsor(s)
Business Case Template BA Yes The business case should be developed by the
sponsoring organization as part of the project
review and approval stage
#8
1. Create Project Document TPID BA Yes #5
2. Formalize project details Project overview section
(objective, goals,
dependencies,
assumptions, constraints,
scope, governance)
BA Yes Part of PDD #14
3. Define project roles and identify
staffing
Roles and responsibilities
section of Busines Case
BA Yes Part of PDD #13
4. Define project risks and mitigations Risk Assessment and
Management section of
Business Case
BA Yes Part of PDD #18a
5. Develop Quality Assurance plan
(includes SDLC quality gates, who will
conduct the QA assessment and who will
approve the project to move forward )
QA section of Business
Case
BA Yes Part of PDD #18a
4 1. Develop work breakdown structure Work Breakdown
Structure
BA Yes Review w/ PMO Director and project team #20a
2
3
(1) Project Planning and Definition
2. 5 1. Review Business Case with project
sponsor
BA Yes Include other pertinent project team members in
this review. The purpose of the review to facilitate
sign-off on the PDD In advance of the kick-off
meeting.
#16
6 1. Obtain signoff on Buisness Case Sign-off on Business Case Quality Gate 2: Sign-
off from project
sponsor
BA Yes This can be a hardcopy or electronic signature. #17
7 1. Create preliminary project plan Project Plan BA Yes Review w/ PMO Director and project team; All
deliverable dates are preliminary until formal LOE
is developed during requirements phase; Hard
implementation date has NOT be set as this
juncture of the project – appropriate expectations
should be set with the project sponsor
#18
8 1. Conduct project kickoff meeting Project kickoff agenda and
presentaiton
Quality Gate 3:
Project Kick-off
presentation
BA Yes All project team members, including the sponsor,
are invited to the kickoff; Frequency of project
team meetings should be determined and
announced during the kickoff; EA and Security
representatives are included as part of the invitee
list
#25
1. Meet with project stakeholders, IT
and other pertinent groups to gather
functional, external interface, performance,
data and security requirements.
Business Requirement
Documents
BA Yes Detailed notes are captured during the
requirements gathering sessions. These notes
are then aggregated to form the formal
requirements document.
2. Include any bugs and remaining
requirments from previous release(s)
As needed
2 1. Determine and document changes to
existing business processes or identify
new business processes based on
requirements
Business Process
documentation
Sponser,
BA
3 1. Hold Security Kickoff Meeting Meeting minutes SO Depends on the complexity of the project.
4 1. Complete requirements document
based on requirements gathering sessions
Requirements document,
Security requirements
document
BA Yes Format and content of requirements document
will vary based on the type of project.
1
(2) Requirements
3. 5 1. Conduct requirements review meeting Meeting Agenda and invite
(ensure that all appropriate
IT and customer staff are
invited)
Quality Gate 4: Peer
review of
requirements
document
BA Yes Attendees to include: Business Area
representatives, BA, Developers, System Testers.
Changes are made to the requirements
documents based on feedback gathered during
this review session.
6 1. Obtain sign-off on requirements
document
Requirements sign-off
document
Quality Gate 5:
Requirements sign-
off from project
sponsor or delegated
proxy
BA Yes Provide sign-off to BA (retained with project
documentation)
1. Baseline requirements Baselined requirements BA BA notifies PM, Project Sponsor and Business
Lead that requirements are baselined
2. Determine Hardware Requirements Hardware Requirements
Document
BA,
Developer,
Infra
Yes **Actual hardware not required. All data elements
specific to the app will be contained within a
secured cloud storage provider.
3. Order hardware BA, Infra As needed
1. Develop Detailed Level of Effort and
communicate to the Development Mgr and
the project stakeholders
Project Plan Detail BA,
Developer
Yes Review LOE with Project Sponsor
**Student staff are able to commit 40 hours/week
to this project during non-academic time periods
and 20 hours/week during academic time periods.
#22
2. Resolve any conflict between scope and
deadline
BA As needed
3. Finalize implementation date BA Yes Testing 11/2014; Soft Launch 12/2014; Live
1/20159 1. Develop initial version of Requirements
Traceability Matrix
Requirements Traceability
Matrix
BA As needed Distribute traceability matrix to PM and BA
10 1. Establish Project Plan Baseline (MS
Project)
Baselined project plan Quality Gate 6:
Review baselined
project plan with
PMO Director and
Dev Mgr
BA Yes #24
11 Determine Life expectancy, set sunset
review date.
BA Yes Sunset review at 2 years. Life expectancy 3-5 yrs.
App to become unsupported at this time.
12 Change Control Process begins after
requirements and project plan are
baselined (see phase 8):
· Change Request
Document
BA As needed BA manages the evaluation of project changes
and the submission of pertinent changes to the
Change Control Board (CCB), where appropriate,
and maintains a ‘Change Log’ to track all
approved, deferred, and rejected changes.
7
8
(3) Design
4. 1 1. Compare proposed design against
Enterprise Architecture
Environment Visualization
Document
Dev Mgr &
Developer
#26
2 1. Identify Applicable Security Design
Guidelines (Best Practices)
SO &
Developer
#26
1. Develop Wireframe design document iPlotz Wireframe Developer,
Sponsor
Yes Does the county have an account we can use? #26
2. Develop Logical Design Document Data Flow/Process
Documents
Developer Yes Sample Document/format? #26
3. Develop DB Architechture DB Schema Developer,
DBA
As Needed Sample Document/format? #26
4. Develop Security Architecture User Security matrix BA, SO,
Sponsor,
Developer
As Needed User security is not always required #26
4 1. Perform Threat Modeling Threat Model Document Developer
& SO
This app has no threat on patron data. #26
5 1. Submit design documents to Dev Mgr
for Review
Design documents BA,
Developer
Sample Document/format? #26
6 1. Conduct design Review Meeting invite and agenda Quality Gate 7:
review of design
documents
BA Yes Ensure that the Dev Mgr, Tech Lead, PM, BA and
SME are invited to this review. Also include SO if
applicable
#26
7 1. Obtain Design sign-off Design Approval
document
Quality Gate 8:
Approval on design
from Development
Mgr / Director EA
BA,
Developer
Yes Provide sign-off to BA in order to retain with
project documentation
#26
8 1. Develop Transition plan document Transition plan document Testing
Team, BA
#26
1. Develop source code Source code Developer Yes VSS **BitBucket.org #26
2. Set up Dev Environment Hardware Developer,
Infra
As needed Dev environment will be in Appcelerator's
Titanium Studio
#26
2 1. Conduct code review (ongoing process
throughout development)
Code walkthrough
checklist
Quality Gate 9: Peer
Review of Code
Developer Yes Ensure code meets standards and that impacts to
other applications / projects are identified
#26
1. Document Unit Test results using the
Dev to Test transition document
Unit test / dev to test
transition checklist
Developer Yes Includes a list of what was tested, what was NOT
tested, and description of known issues
#26
2. Update Bug Tracking software Bug Tracking Updates Developer Yes #26
4 1. Conduct security code review Completed Checklists Developer,
SO
Yes Submit security code review checklist to SO #26
3
1
3
(4) Development
5. 5 1. Obtain sign-off on Dev to Test transition Signed Dev to Test
Transition Document
Quality Gate 10: Dev
to Test sign-off by
Dev Mgr
Developer Yes Provide sign-off to PM, Test Lead, Tech Lead and
Dev Mgr
#26
6 Promote from Dev to Tst Developer Yes VSS ** We test concurrently throughout the
project.
#26
7 Documentation Waukepedia Entries Developer Yes ** Do we have access to make these entries? #26
1 1. Set up test server environment Hardware BA, Infra As needed #28
2 1. Develop System Test documentation System Test strategy,
User Acceptance Testing
System
tester, BA,
SME
Determine if stress testing is necessary and
develop test cases and conduct environment set
up as necessary;
#28
3 1. Review System Test Plan with project
stakeholders (walk through the testing
process with the users)
BA /
Sponser
Ensure that the project stakeholders understand
roles, scope and timeline.
#28
4 1. Review system test plan System test plan and test
cases
Quality Gate 11:
Peer review of
system test plan
Yes PMO Tester conducts a peer review of the test
plan and test cases
#28
5 1. Set up User Test Environment BA, Infra As needed BA works with appropriate IT resources to set up
user test environment
#28
6 1. Obtain sign-off on System Test Results Review sgin-off document Quality Gate 12: sign
off by BA
BA /
System
Tester
Yes PMO tester reviews test results with BA; BA
executes sign-off
#28
7 1. Testing Preview Presentation to User
group: BETA TEST
overview document BA /
System
Tester
PMO Tester and BA meet with User team to
review approach, scope, roles, documentation,
schedule and expectations
#28
8 1. Develop User test documentation
including User plan and test cases
test plan and test cases Business
Users
BA and PMO tester review documentation and
provide feedback
#28
9 1. Schedule Security Penetration Testing BA, SO Work with SO #28
1. Execute UAT test cases Bug Log Testers Yes UAT personnel enter bugs into bug tracker, Keep
BA appraised regarding system test results and
potential changes in schedule due to severity of
bugs
#28
2. Identify system defects Issues Report, Issue Log BA /
Testers
Yes #28
3. Retest defects once they are fixed Testers Yes #28
4. Retest system once UAT bugs are
resolved
Testers Yes #28
10
(5) Testing
6. 11 1. Execute Security Penetration Testing Security Penetration Test
Results and Issues List
SO #28
12 1. Update Threat Model Document Updated Threat Model
Document
Developer,
SO
#28
13 1. Assess Risk of Known
Threats/Vulnerabilities
Risk Assessment BA,
Developer,
SO
Document risk assessment #28
14 1. Obtain User Acceptance sign off sign-off document Quality Gate 13:
UAT sign off from
sponsoring user
group
Sponsor Yes BA obtains sign-off from sponsoring user group #28
1. Develop Implementation Plan Implementation Plan BA / Dev
Mgr
If a Release Manager is assigned to the
deployment, they own the development and
execution of the implementation plan
#29
2. Set up Production Environment Hardware BA, Infra As needed
2 1. Document Application Administration Application Administration
Operating Procedures
BA / Dev
Mgr
3 1. Develop back-out plan Back out plan BA / Dev
Mgr
Yes Can be part of implementation plan
4 1. Conduct Mock Implementation BA As needed
5 1. Make Go/ No-Go to begin deployment
activities
Go / No-Go email to
project team
Quality Gate 14:
Mock Go / No-Go
signoff email by Dev
Mgr, SO
BA/Dev
Mgr/SO
Yes Dev Mgr provides go no-go decision to BA for the
application, SO provides go no-go decision to BA
for security
6 1. Validate Secure Configuration
(Hardware and Platform)
Completed Server
Hardening Checklists
SO
7 1. Execute Implementation Plan BA /
Developers
This plan occurs on the day(s) of deployment.
8 1. Hold Final Security Review Meeting Meeting minutes SO
9 1. Make Go / No-Go to decision to go
‘Live’ in production
Quality Gate 15:
Prod Go / No-Go
signoff email by Dev
Mgr / SO
BA / Dev
Mgr / SO /
Sponsor
Yes ** Does this apply? You will have final decision if
we release to the app store.
#30
1
(6) Implementation
7. 10 1. Testing in Production BA/
Testers
Project implementation personnel must follow
rules and restrictions stipulated in the ‘Testing in
Production’ procedure
#30
11 1. Deployment Notification Email outlining a
successful deployment
BA #30
1. Identify, prioritize, track and resolve
bugs in production
Bug tracker BA , Users BA is the point person for production issues for 30
days after the deployment;
**App Brewery provides defect fixes for 90 days2. Monitor Statistics BA Provide PMO Director and Project User Group
with production error statistics
#31
2 1. Conduct project closeout activities Project closeout checklist BA #32, #33
3 1. Conduct project customer survey Customer project survey
results
Quality Gate 16:
Project survey
results Business Unit
project participants
BA Yes Project sponsor group provides feedback to a
standard list of project survey questions in order
to gauge customer satisfaction with the project
and to identify potential process improvements
#38
4 1. Conduct post-implementation project
review and lessons learned session in
order to evaluate the success of the
project and identify what went right and
areas for improvement
· Notes from Project
Evaluation
BA/ PMO
Dir
Deliver project evaluation and lessons learned
documentation to project team and kick-off action
items
#38
5 1. Obtain sign-off on project evaluation Signoff on project
evaluation documentation
Quality Gate 17:
Signoff on project
evaluation by PMO
Director
BA Yes #39
6 1. Add project deliverable to Securities
products list to Perform Periodic Security
Penetration Testing and Assessments
Security Penetration Test
Results and Issues List,
Risk Assessment
BA,
Developer,
SO
As Needed
1. Identify Changes Any
2. Document Change Requests Change Request Doc BA, User Yes Use Bug tracker (Under evaluation)
3. Evaluate Change Requests Dev Mgr,
BA
Yes
1
1
(7) Post-Implementation
(8) Change Control
8. 4. Conduct impact assessment Dev Mgr,
Developer
As Needed
5. Review Change Request Dev Mgr,
Developer
Yes
6. Approve / Deny Change Request Dev Mgr Yes
7. Assign Priority/Version/Classification Dev Mgr Yes
8. Re-enter @ phase 3 or 4 of SDLC Depends on complexity of change if design is
needed.
1