PS-08-018.02 Systems and Development Lifecycle

Issue Date:  3/20/2008

Revision Effective Date:  7/1/2018

Review Date: 12/1/2023

PURPOSE

System life-cycle management is a methodology for establishing processes, procedures and practices governing and managing the life of an information system from initiation/requirements through disposal.   The methodology is a tool to assist system owners, developers and management in documenting the design and decisions made regarding a system.

SCOPE and AUTHORITY

O.C.G.A 50-25-4(a)(10) – State Government, Georgia Technology, General Powers

O.C.G.A 50-25-4(a)(21) - State Government, Georgia Technology, General Powers

PM-04-001 – Information Technology Policies, Standards and Guidelines

PS-08-005 – Enterprise Information Security Charter

TERMS and DEFINITIONS

System Lifecycle - the overall process of developing/acquiring, implementing, operating, and retiring information systems through a multi-step process from initiation, design, implementation, operation and maintenance, to disposal.

POLICY

All state information systems and applications, whether in development or production, shall be governed by a documented and repeatable system life-cycle management policies and guidelines that are approved and reviewed by an authorizing official. The processes and guidelines must incorporate system security planning throughout all phases of the system’s life-cycle from conception to disposal.

RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES

System Lifecycle Management (SS-08-025)

Information Security - Risk Management (PS-08-031)

System Security Plans (SS-08-028)

REFERENCES

NIST SP 800-12 An Introduction to Information Security (nist.gov)

NIST SP 800-100 Information Security Handbook for Managers (Ch 3)

NIST SP 800-64 Security Consideration for SDLC