The FSA SDLC is an iterative methodology broken down into six phases with multiple Quality Control (QC) reviews occurring at strategic points during the process. The six phases are:

Quality Control (QC) - The intent of IT Quality Control at the FSA is to provide an incremental layer of capabilities for problem detection within IT development efforts. This is typically accomplished through verifying a project's adherence to the following three criteria of the established IT process:

Adherence to this process can be verified via the QC Artifacts that are submitted by the development team. There are five potential opportunities for QC Artifact submissions that generally align with the phases of the SDLC process. Any team utilizing the Quality Control process is encouraged to schedule their submissions accordingly. The QC process (including the artifact reviews) is not intended to prescribe corrective action, but rather, to provide recommendations on how to avoid issues going forward. While interactive QC reviews are not currently taking place, teams are still required to submit artifacts for post development review. Contact the Architecture Office to schedule your artifact submissions.

Deviations from the standard set of artifacts are allowed but shall be documented in a Statement of Understanding (SOU). The SOU is an agreement between the development team and the Architecture Office that describes specific expectations of the project. It should include a description and rationale of the approach to be used, as well as details of expected deliverables for each point in the SDLC. This document should be referenced throughout the project as needed.

Certification & Accreditation - Every project must also go through the C&A process in order to ensure the system has appropriate security controls, and that vulnerabilities within the system have been considered. This is the process whereby an information system is authorized to operate (i.e., process, store, or transmit information) at an acceptable level of risk (accreditation) based on an assessment of its management, operational, and technical controls (certification). To complete this process there are multiple C&A documents that must be completed and submitted. These documents will be identified later in alignment with each phase of the SDLC process.

Records Management - Embedding Records Management at the earliest stages of SDLC is recommended to effectively manage Electronic Records. Every FSA System or Application Developed should be required to maintain an up-to-date electronic records system to capture, manage, store, remove, protect, recover, archive, recall, create, modify, retain, deliver and distribute information, conducted properly in accordance with laws, statutes, regulations and other guidelines. For more information visit the FSA Records Management Web Site.