Understanding the Software Development Life Cycle — IT Certificate

            The post-mortem assessment reviews positive and negative points of the project and evaluates
            whether project goals and objectives, based on the approved charter, were met. The improvement
            process is continuous; as such, discussions could lead to improvements in the overall SDLC process.

            It is important to test the post-mortem assessment to ensure the team’s decisions and results met
            project goals. For example, if a goal or objective was for the new system to eliminate two full-time
            employees, then the team should be able to provide confirmation that two full-time employees were
            removed from the staffing table. Another example would include a project objective for the system
            to increase revenue by $2 million (USD). The team should be able to provide documentation of the
            revenue increase. Primarily, all goals and objectives should be measurable and supported. Some
            could be more subjective, but these should also be supported with evidence or documentation.
            Review the original project charter when it is first approved to ensure the project team can support
            the objectives at the end of the project.

            Operations and Maintenance

            During the operations and maintenance phase ensure that:
            •  Systems are monitored.
                   o  Identify and address abnormal activity.
            •  Hardware is maintained.
                   o  Verify that components follow proper maintenance protocols.
            •  The application, database, and/or OS software (or firmware) are periodically updated through
               vendor-provided patches and upgrades.
                   o  Confirm proper hardening of devices and software.
                   o  Validate that the OS and applications are continuously scanned for vulnerabilities.
                   o  Confirm that security and functionality patches and upgrades have been implemented
                       based on business need or risk level.

            Disposition

            During the disposition phase, end-of-system activities are described, and emphasis is given to
            proper preparation of data.

            All systems have a lifecycle, and the disposition phase describes the eventual retirement for the
            system, such as the manner in which the system data could be extracted and transferred to a new
            environment. This would be significant in a cloud-based application where the contract should
            provide disposition provisions — especially if the organization intends to move functionality from
            one vendor to another.








            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.