System Implementation and Acceptance (SS-08-032)
SS-08-032 System Implementation and Acceptance
Issue Date: 3/31/2008
Revision Effective Date: 3/31/2008
Review Date: 7/1/2018
Part of the systems development lifecycle (SDLC) is releasing a new or upgraded system from development to operations. Care should be taken during this transition to establish and ensure that all requirements for system implementation and acceptance are met.
This standard establishes a requirement that system owners establish and document system acceptance criteria.
Prior to releasing or transitioning a new or upgraded information system into production, system owners shall establish and document a system implementation plan that aligns test, delivery and acceptance criteria with requirements.
Minimum acceptance criteria shall include (where applicable):
- Release/transition/conversion/implementation plans
- Functional, performance and user acceptance testing
- Security controls testing and validation
- Data Validation
- Procedures for transferring software and hardware from development/test to production
- CIO Approval (or other designated executive management) to promote the system to production
- Contingency/back-out plans
- Design, training, administration, operational and security documentation
Data resulting from test procedures shall be considered sensitive and shall be handled and disposed of accordingly.
RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES
NIST SP 800-64 Security Consideration for SDLC