Professional Documents
Culture Documents
Table of Contents
1. Process Introduction
Yesser is rapidly expanding its IT services and infrastructure in support of its national e-
government agenda of building a centralized integration platform. As part of delivering the
best services, Yesser define and implement the SDLC practices across Yesser software
related projects/products within Yesser.
This process definition document was prepared to illustrate the overall Yesser high-level
SDLC processes, procedures, guidelines and policies.
Other interfaces relate to specific disciplines that touches directly the software
development and delivery processes:
Requirements Management
Analysis and Design
Development
Quality Management
Configuration and Change Management
Build and Release Management
During the RFC assessment, each of the Yesser teams involved in the SDLC would
determine their involvement in the implementation of this RFC and would decide on the
impact of this RFC on their work products. As a result, all teams would know early enough
whether they are part of the implementation of a specific RFC thus help in better planning
for this RFC.
The BA role would then commence the effort to understand the solution needs to produce
the “Software Requirements Specifications (SRS)” document for the rest of the teams (i.e.
Software Designers and Quality Control teams) as an input to continue their work.
Please refer to the “Requirements Management Process Definition” document for more
details about this process key element.
Please refer to the “Analysis and Design Process Definition” document for more details
about this process key element.
Also, during this process key element, the solution “Deployment Manual” is prepared to
document the steps needed to successfully copy the changes to production.
Please refer to the “Analysis and Design Process Definition” document for more details
about this process key element.
A certain “Solution Build” can include partial or full implementation of the prepared design;
this depends on the plan for the gradual incremental development approach that is agreed
upon within the project teams. A “Solution Build” will be the main input for the Operations
and Release Management teams to continue their work. For each certain “Solution Build”,
a “Solution Build Announcement” is prepared to inform all the related parties about the
scope of certain build.
Please refer to the “Development Process Definition” document for more details about this
process key element.
For each deployed “Solution Build” which is not on the Production, the Quality Control
team will use it along with the “Solution Build Announcement” as an input to continue their
testing work.
Once a deployment is ready for production, the Operations team will execute the build on
the production and the Software Designer will prepare the “Release Notes” document
which will contain the overall scope of this software release for future reference.
Please refer to the “Build and Release Management Process Definition” document for
more details about this process key element.
Another activity by the Yesser Quality Control role is to prepare the “Test Cases” which
will act as the test analysis guidelines and procedures, these “Test Cases” will later be
used during the test execution and the Quality Control team will determine the result of
their execution.
It is worthy to mention that part of the test results produced during the test execution
would be the defects; each defect will describe an issue currently existing in a certain
“Solution Build”, their priorities/severities amongst other attributes will help understand the
fixing priority for the reported issues. These defects will be managed with the defect
management process and workflow and will be tracked to closure accordingly.
Please refer to the “Quality Management Process Definition” document for more details
about this process key element.
Throughout the SDLC, reviews for the configuration management activities will take place
to identify nonconformities; these nonconformities will later be logged and tracked for
closure.
Please refer to the “Configuration Management Process Definition” document for more
details about this process key element.
In order to provide an objective insight into the maturity and quality of the software, the
Quality Assurance Officer will document the goals, processes, and responsibilities
required to implement effective quality assurance within the “Quality Assurance Plan”
document. Similarly, regular reviews will be carried out and findings will be logged and
tracked for closure.
Please refer to the “Quality Management Process Definition” document for more details
about this process key element.
It involves different activities that focus on preparing the conditions for the execution
phase. This usually involves developing the overall plan (and sub plans) and getting the
commitment on all these plans from the different teams.
Also, this area shall involve the activities of ensuring and monitoring the progress in order
to identify variances from the overall plan so that corrective active actions can be taken
when necessary to meet the desired objectives.
When actual status deviates significantly from the expected values, corrective actions
shall be taken as appropriate. These actions may require re-planning, which may include
revising the original plans, establishing new agreements, or including additional mitigation
activities within the current plans.
Moreover, this key element is concerned with Risk Management for identifying potential
problems before they occur so that risk-handling activities can be planned and invoked as
needed across the SDLC implementation to mitigate possible impacts that would affect
achieving the desired objectives.
The result of the assessment of this RFC will determine whether to start the requirements
management process or not. If the BA involvement was found to be necessary by this
process key check activity, then the BA will start the “Key Activity 1010: Understand
Solution Needs” process key activity:
If the involvement of the BA was determined as not-required (such as the fixing of a bug
from the Incident Management), then this will end the requirements management process
and initiate another assessment effort by the Solution Architects with “Key Activity 2000:
Needs Architecture Involvement?”
Please refer to the “Requirements Management Process Definition” document for more
details about this process key activity.
The outcomes from this key activity will be gathered by the BA to be used later on when
executing the “Key Activity 1020: Analyze Requirements”.
Please refer to the “Requirements Management Process Definition” document for more
details about this process key activity.
During this key activity, the BA will start analyzing the stakeholder needs gather
previously, the result of this analysis effort can produce both functional requirements
(mostly represented using the Use-Case Models) and the nonfunctional requirements
(including performance requirements, security, availability, etc).
The outcomes from this key activity will be gathered by the BA to be used later on when
executing the “Key Activity 1040: Create the System Requirements Definition”.
Please refer to the “Requirements Management Process Definition” document for more
details about this process key activity.
After this process key activity, the BA will work with the Product Owner to get his approval
on the prepared “Software Requirements Specification (SRS) Document” along with other
teams commitment on it.
Before the approval of the Product Owner, the BA will work with the rest of the SDLC
teams to get their commitment on the SRS each in his domain. For example, the Quality
Control team can commit that the requirement included in the SRS are testable and clear,
the Software Designer can commit that the requirements mentioned in the SRS are
implementation and also clear
Please refer to the “Requirements Management Process Definition” document for more
details about this process key activity.
Two roles can start their respective process key activities after this step:
Solution Architects with “Key Activity 2000: Needs Architecture Involvement?”
Quality Control Team with “Key Activity 6010: Test Planning”.
Please refer to the “Requirements Management Process Definition” document for more
details about this process key activity.
If the Solution Architecture involvement was found to be necessary for a specific RFC and
a change on the current architecture is required, then the Solution Architecture will
execute the “Key Activity 2030: Prepare Solution Architecture”. However, if the
involvement of the Solution Architecture was determined as not-required, then this will
initiate another assessment effort by the Software Designer with “Key Activity 3000:
Needs Design Involvement?”
Please refer to the “Analysis and Design Process Definition” document for more details
about this process key activity.
After this process key activity, the Software Designer will use this deliverable document to
execute the “Key Activity 3010: Prepare Solution Design”
Please refer to the “Analysis and Design Process Definition” document for more details
about this process key activity.
If the Software Designer involvement was found to be necessary for a specific RFC, then
the Software Designer will execute the “Key Activity 3010: Prepare Solution Design”.
However, if the involvement of the Software Designer was determined as not-required,
then this will initiate another assessment effort by the Software Developer with “Key
Activity 4000: Needs Development Involvement?”
Please refer to the “Analysis and Design Process Definition” document for more details
about this process key activity.
The Software Designer will rely on several main inputs to come up with the “Solution
Design Document”:
The Software Requirements Specifications (SRS) Document.
The Solution Architecture Document.
Other inputs that can be required based on the RFC nature.
After this process key activity, two roles can start their respective process key activities:
Software Developer with “Key Activity 4010: Implement the Design of the Product
Components”.
Software Designer with “Key Activity 3020: Prepare Deployment Manual”.
Please refer to the “Analysis and Design Process Definition” document for more details
about this process key activity.
The Software Designer will rely on several main inputs to come up with the “Deployment
Manual Document”:
The Solution Design Document.
The Solution Architecture Document.
Other inputs that can be required based on the RFC nature.
It is worthy to mention that as part of this process key activity, the Software Designer will
also ensure the validity of the previously prepared “Deployment Manual Documents” by
providing the necessary maintenance for these documents and update them to
accommodate for the changes introduced within either the “Solution Design Document”
and/or the “Solution Architecture Document”.
After this activity, the Release Management Officer will get one of the inputs required to
get him started with his process key activity “Key Activity 5000: Release Planning”.
Please refer to the “Analysis and Design Process Definition” document for more details
about this process key activity.
The “Release Notes” document includes many detail, below are some example for these
details:
The “What is new?” section – this lists the new changes introduced by the
implementation of a certain RFC from a business prospective.
Features Added – this can list from a technical or semi-technical point of view the
new features implemented for a cetain RFC.
Known issues/bugs – this can list a list of known issues for the released
implemented RFC.
The outcome of the execution of this process key activity will be communicated to the
RFC related stakeholders using the “Release Notes” document.
Please refer to the “Build and Release Management Process Definition” document for
more details about this process key activity.
If the Software Developer involvement was found to be necessary for a specific RFC, then
the Software Developer will execute the “Key Activity 4010: Implement the Design of the
Product Component”. However, if the involvement of the Software Developer was
determined as not-required, then this will initiate another assessment effort by the Quality
Control Team with “Key Activity 6000: Needs Quality Involvement?”
Please refer to the “Development Process Definition” document for more details about this
process key activity.
This effort will involve modifying on the source code of the solution using the development
IDE specific for each technology. The result of this development effort will be the “Solution
Build” which will be sent for deployment on a test environment by the Operations Team to
be tested by the Quality Control Team.
As part of the Software Developer deliverables in addition to the “Solution Build” is the
“Solution Build Announcement” which is prepared to inform all the related parties about
the scope of certain build. After this process key activity, the Release Management Officer
will execute the “Key Activity 5000: Release Planning” based on the prepared
“Deployment Manual” document and other imputs.
Please refer to the “Development Process Definition” document for more details about this
process key activity.
An example for the activities that are carried out during this process key acitivity includes
the coordination of Release Management Officer with the rest of the teams for any
downtime for the environment for deployment purposes.
Please refer to the “Build and Release Management Process Definition” document for
more details about this process key activity.
Please refer to the “Build and Release Management Process Definition” document for
more details about this process key activity.
Please refer to the “Build and Release Management Process Definition” document for
more details about this process key activity.
An example for the activities that are carried out during this process key acitivity includes
the coordination of Release Management Officer with the rest of the stackholders for any
downtime for the environment for deployment purposes.
Please refer to the “Build and Release Management Process Definition” document for
more details about this process key activity.
If the Quality Control Team involvement was found to be necessary for a specific RFC,
then the Quality Control Team will execute the “Key Activity 6010: Test Planning”.
However, if the involvement of the Quality Control Team was determined as not-required,
then this will end the SDLC process.
Please refer to the “Quality Management Process Definition” document for more details
about this process key activity.
The Quality Control Team will rely mainly on the “Software Requirements Specifications
(SRS) Document” to come up with the “Test Plan Document”.
Please refer to the “Quality Management Process Definition” document for more details
about this process key activity.
The “Test Cases Documents” will include the identification of the testing procedures,
steps, solution expected results and conditions which will be the base to be used by the
Quality Control Team when executing the “Key Activity 6030: Test Execution”.
Please refer to the “Quality Management Process Definition” document for more details
about this process key activity.
An example for the changes that can occur and might require the Quality Control Team to
update their test cases accordingly, are field label changes, field specifications, mandatory
vs. optional fields, page/form layouts …etc.
Please refer to the “Quality Management Process Definition” document for more details
about this process key activity.
Documents”. It is initiated after the completion of the following previous process key
activities:
Key Activity 5010: Deployment Sanity Check
Key Activity 6020: Test Analysis
The Quality Control Team will rely on the “Solution Build Announcement” as an input to
understand the scope of changes/enhancement/fixes that were introduced as part of each
deployed “Solution Build”.
The outcomes from this process key activity will be the documented “Test Results” which
can include many deliverables, for example:
The PASS/FAIL results from the executed test cases, failed results are
documented as “Defects” which are communicate to the remainder of the project
teams to decide on the corrective actions accordingly.
Testing progress status updates
Suggested enhancements for the system under test
Please refer to the “Quality Management Process Definition” document for more details
about this process key activity.
Please refer to the “Quality Management Process Definition” document for more details
about this process key activity.
During the UAT session, the person conduction this session will gather all the comments
and feedback of the Product Owner to classify them into the following categories:
Test results from User Acceptance Testing (UAT) may reveal defects that were not
identifies during the Quality Control testing of the RFC, these defects will be
logged and tracked back to closure.
Test results from User Acceptance Testing (UAT) may ay introduce certain
changes in the original requirements/specifications or new requirements that are
out of Scope-of-Work of the RFC, these changes or new requirements must be
raised as new RFC in order to track them through the SDLC and to verify their
closure.
Please refer to the “Quality Management Process Definition” document for more details
about this process key activity.
Several criteria can control the Quality Control team recommendation to go-live, for
example:
The severity of the identified new issues/defects that were revealed during the
UAT.
The priority of the new changes that were identified during the UAT based on the
business impact that is owned by the Product Owner.
Please refer to the “Quality Management Process Definition” document for more details
about this process key activity.
The Configuration Management Officer will rely mainly on the “Data Management Plan” to
come up with the “Software Configuration Management Plan (SCMP) Document”.
The outcome of this process key activity is considered an input for most project teams and
any senior leader whose support is needed to carry out the tasks mentioned in this SCMP.
Please refer to the “Configuration and Change Management Process Definition” document
for more details about this process key activity.
This will promote the successful implementation of a certain RFC by ensuring that work
products and documentation changes involved during the implementation of the RFC
establish and maintain configuration control. All identified discrepancies will be collected,
documented and tracked for closure within the “Configuration Management
Nonconformities Report”.
Please refer to the “Configuration and Change Management Process Definition” document
for more details about this process key activity.
The Quality Assurance Officer will rely on the “Project Management Plan” to come up with
the “Quality Assurance Plan (QAP) Document”.
The outcome of this process key activity is considered an input for most project teams and
to carry out their tasks to ensure that they meet their requirements and comply with
Yesser policies, standards and procedures as well as the selected/chosen delivery model.
Please refer to the “Quality Management Process Definition” document for more details
about this process key activity.
This will promote adherence to the defined processes as well as providing the necessary
feedback to carry on with Yesser continuous process improvement. All identified findings
will be collected, documented and tracked for closure within the “Quality Assurance
Review Findings Report”.
Please refer to the “Quality Management Process Definition” document for more details
about this process key activity.
The Product Owner will rely on the information included along with the approved SDLC-
related RFC to come up with the “Product Release Plan Document”.
The outcome of this process key activity is considered an input for most project teams and
to provide a clear understanding of the expectations from each project team.
This process key activity will result with a deployed solution build on its targeted
environment and the Release Management Officer can proceed with the initiation of the
execution of “Key Activity 5010: Deployment Sanity Check”.
Please refer to the “Build and Release Management Process Definition” document for
more details about this process key activity.
This process key activity will result with a deployed solution build on the Production
environment and the Release Management Officer can proceed with the initiation of the
execution of “Key Activity 5020: Production Sanity Check”.
Please refer to the “Build and Release Management Process Definition” document for
more details about this process key activity.
5. Process Guidelines
This section depicts the list of guidelines that govern the execution of the Yesser SDLC
process activities.
6. Process Deliverables
This section includes the main deliverables that will be produced within the Yesser SDLC
process. This list is not the complete set of deliverables as other deliverables will be
defined and listed within each of the SDLC disciplines.
The table below lists the main deliverables that are part of the Yesser SDLC process:
# Template Name Template File
1 Software Requirements Specifications (SRS)
2 Solution Architecture
3 Solution Design
4 Deployment Manual
5 Solution Build Announcement
6 Release Notes
7 Test Plan
8 Test Cases
9 User Acceptance Testing (UAT) Report
10 Software Configuration Management Plan (SCMP)
Software Configuration Management (SCM)
11
Nonconformities Report
12 Quality Assurance Plan (QAP)
13 Quality Assurance (QA) Review Findings Report
14 Progress Status Report
Please refer to the “Requirements Management Process Definition” document for more
details.
architectural decisions which have been made on the system. The document can also
include alternative architectural solutions discussed and how all alternatives were
compared based on well-defined selection criteria.
Please refer to the “Analysis & Design Process Definition” document for more details.
The document can also include alternative design solutions discussed and how all
alternatives were compared based on well-defined selection criteria.
Please refer to the “Analysis & Design Process Definition” document for more details.
Another main purpose of this document is to describe the roll-back procedures and plan in
case a certain software/solution build was not to be considered for deployment on any of
Yesser environments.
Please refer to the “Build and Release Management Process Definition” document for
more details.
Please refer to the “Build and Release Management Process Definition” document for
more details.
This document is similar in many aspects to the “Solution Build Announcement”; however,
this document is intended for production purposes and is sent to the business owners to
understand the scope for the newly released software/solution.
Please refer to the “Build and Release Management Process Definition” document for
more details.
This document ensures that the QC processes and methodologies will be carried out by
the Quality Control Team. It is also considered a critical artifact that communicates to the
stakeholders and to the Development Team the level of testing for acceptance and the
strategy to execute these tests.
Please refer to the “Quality Management Process Definition” document for more details.
Please refer to the “Quality Management Process Definition” document for more details.
The Product Owner need to provide a document sign-off on this report as this report is
consider the base for later stages to approve the production deployment of the
implementation of a certain RFC.
Please refer to the “Quality Management Process Definition” document for more details.
This document is considered an input for most project teams (such as the Project
Manager, Quality Control, Development, project sponsor) and any senior leader whose
support is needed to carry out the tasks mentioned in this SCMP.
Please refer to the “Configuration and Change Management Process Definition” document
for more details.
Please refer to the “Configuration and Change Management Process Definition” document
for more details.
The QAP provides the framework necessary to ensure a consistent approach to software
quality assurance throughout the project life cycle. It defines the approach that will be
used by the Quality Assurance Officer to monitor and assess software development
processes and products to provide objective insight into the maturity and quality of the
software.
The systematic monitoring of the execution of the SDLC processes and the resulted work
products will be evaluated to ensure that they meet their requirements and comply with
Yesser policies, standards and procedures as well as the selected/chosen delivery model.
Please refer to the “Quality Management Process Definition” document for more details.
Please refer to the “Quality Management Process Definition” document for more details.
7. Process Policies
This section lists the policies that will help establish a consistent set of management
practices and terms to conduct systems development within Yesser environment. These
policies allow establishing a standardized process for conducting projects within Yesser.
Below are the policies that will be governing activities for Yesser SDLC process:
# Policy Description
All items and activities under the Yesser SDLC should be planned, reviewed and
1
approved by the end of the planning phase (i.e. before execution).
Adequate recourses (material, people, and tools like EPM) need to be provided to carry
2
out the SDLC activities.
The resources that will perform their assigned SDLC activities should be trained to carry
3
out their designated activities.
Audits on the SDLC activities should be conducted to guarantee adherence with the
4
defined SDLC process.
Tailoring guidelines should be defined for all process areas and they shall all be
5
maintained in the organizational centralized repository
All project work products resulting from the SDLC should always be kept under a version
6
control system.
Best practices and lessons learned should be captured, saved, and then used for future
7
SDLC projects.
The documentation produced after each must be produced according to the templates
8 defined within this document or as per the templates defined within each SDLC discipline
process definition document.
For each of the approval activities within the SDLC, there need to be defined a certain
timeframe for the specific SDLC deliverable/activity in which this specific SDLC
9
deliverable/activity will be considered approved if no comment from the receiver was
acknowledged within the defined timeframe.
For major RFCs, the approval of the Change Authorizing Board (CAB) will be required
10
before initiating the development and implementation of that major RFC.
Refer to the policies section in “Requirements Management Process Definition
11
Document”.
12 Refer to the policies section in “Analysis and Design Process Definition Document”.
13 Refer to the policies section in “Development Process Definition Document”.
14 Refer to the policies section in “Quality Management Process Definition Document”.
Refer to the policies section in “Change and Configuration Management Process
15
Definition Document”.
Refer to the policies section in “Build and Release Management Process Definition
16
Document”.
The complete RACI matrix is included in a separate document; please refer to the
following document for complete details about the RACI matrix.
Defining the baselining criteria of the software-related CIs for SDLC-related RFCs.
Defining and identifying how to control changes to the identified software
configuration for the purpose of maintaining software integrity and traceability
throughout the software lifecycle.
Conducting reviews for implementation of the configuration management activities
within the implementation of a certain RFC.
Collecting and documenting the identified nonconformities within the
“Configuration Management Nonconformities Report”.
Tracking the closure of the identified nonconformities.
To evaluate a proposed metric, including one that this document proposes, it would be
useful to ask the following questions:
What is the purpose of this measure? Examples of purposes include (facilitating
private self-assessment and improvement, or evaluating project status to facilitate
management of the project or related projects).
What is the scope of this measure? Examples of scope include (one project done
by one workgroup, or a year's work from that workgroup).
What is the natural scale of the attribute we are trying to measure? What type of
scale makes sense for programmer skill, or thoroughness of testing, or size?
What measuring instrument do we use to perform the measurement? For the
attribute “length” we can use a ruler (the instrument) and read the number from it.
Examples of instruments include (Counting, Matching, Comparing and Timing).
What are the natural and foreseeable side effects of using this measurement? If
we change our circumstances or behavior in order to improve the measured result,
what impact we are going to have on the attribute. For some cases, the measured
result looked better while the underlying performance that was allegedly being
measured was actually worse.
Since the SDLC is the result of its underlying disciplines, process measurement of the
overall SDLC will rely on each of the SDLC disciplines measurement procedures and
guidelines, please refer to each SDLC discipline process definition document for more
details.
Define measurement
objectives (business
objectives)
Specifying measurement (KPIs)
to address the defined objectives
Communicate measurement
results
Acronyms Explanation
SDLC Software Development Life Cycle
GSB Governmental Service Bus
RFC Request For Change
CAB Change Authorizing Board
BA Business Analysis
SRS Software Requirements Specifications
SCM Software Configuration Management
CI Configurable Item
IDE Integration Development Environment
KPI Key Performance Indicator
SCMP Software Configuration Management Plan
QAP Quality Assurance Plan
QA Quality Assurance
QC Quality Control
QoS Quality of Service
RACI Matrix (Responsible, Accountable, Consulted, Informed) Matrix
SOA Service Oriented Architecture
Term Description
Sequence of interdependent and linked procedures which, at every
stage, consume one or more resources (employee time, energy,
Process machines, money) to convert inputs (data, material, parts, etc.) into
outputs. These outputs then serve as inputs for the next stage until a
known goal or end result is reached.
A fixed, step-by-step sequence of activities or course of action (with
Procedure definite start and end points) that must be followed in the same order to
correctly perform a task.
Recommended practice that allows maturity in its interpretation,
Guideline
implementation or use.
Policy A high-level overall plan embracing the general goals and procedures.
Concept, norm, or principle established by agreement, authority, or
Standard custom, and used generally as an example or model to compare or
measure the quality or performance of a practice or procedure.
A differentiation between the expected and actual results founded in
Defect
testing phase of project.
Non conformity A failure to comply with a defined process.
The fundamental structural unit of a Configuration Management (CM)
System, the CM system oversees the life of the CIs through a
Configurable Item combination of process and tools by implementing and enabling the
fundamental elements of identification, change management, status
accounting, and audits.
The identification of significant states within the revision history of a
Baselining
Configuration Item (CI)
Measurement is the empirical objective assignment of numbers according
Measurement to a rule derived from a model or theory to attributes of an object or event
with the intent of describing them.