SS-08-032 System Implementation and Acceptance

Issue Date:  3/31/2008

Revision Effective Date:  3/31/2008

Review Date: 7/1/2018

PURPOSE

Part of the systems development lifecycle (SDLC) is releasing a new or upgraded system from development to operations.  Care should be taken during this transition to establish and ensure that all requirements for system implementation and acceptance are met. 

This standard establishes a requirement that system owners establish and document system acceptance criteria.

STANDARD

Prior to releasing or transitioning a new or upgraded information system into production, system owners shall establish and document a system implementation plan that aligns test, delivery and acceptance criteria with requirements.

Minimum acceptance criteria shall include (where applicable):

  • Release/transition/conversion/implementation plans
  • Functional, performance and user acceptance testing
  • Security controls testing and validation
  • Data Validation
  • Procedures for transferring software and  hardware from development/test to production
  • CIO Approval (or other designated executive management) to promote the system to production
  • Contingency/back-out plans
  • Design, training, administration, operational and security documentation

Data resulting from test procedures shall be considered sensitive and shall be handled and disposed of accordingly.

RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES

Systems and Development Lifecycle (PS-08-018)

System Security Plans (SS-08-028)

System Operations Documentation (SS-08-027)

REFERENCES

NIST SP 800-64 Security Consideration for SDLC