The FSA SDLC is an iterative methodology broken down into six phases with multiple Quality Control (QC) reviews occurring at strategic points during the process. The six phases are:
Quality Control (QC) - The intent of IT Quality Control at the FSA is to provide an incremental layer of capabilities for problem detection within IT development efforts. This is typically accomplished through verifying a project's adherence to the following three criteria of the established IT process:
Adherence to this process can be verified via the artifacts that are created by the development team. The QC process (including the artifact reviews) is not intended to prescribe corrective action, but rather, to provide recommendations on how to avoid issues going forward. While interactive QC reviews are not currently taking place, teams are still required to maintain artifacts for possible review.
Statement of Understanding - Deviations from the full set of artifacts are allowed but shall be documented in a Statement of Understanding (SOU). The SOU should include a description and rationale of the approach to be used, as well as details of expected deliverables for each point in the SDLC. The SOU should be submitted to AMC during project initiation.
Certification & Accreditation - Every project must also go through the C&A process in order to ensure the system has appropriate security controls, and that vulnerabilities within the system have been considered. This is the process whereby an information system is authorized to operate (i.e., process, store, or transmit information) at an acceptable level of risk (accreditation) based on an assessment of its management, operational, and technical controls (certification). To complete this process there are multiple C&A documents that must be completed and submitted. These documents will be identified later in alignment with each phase of the SDLC process.
Records Management - Embedding Records Management at the earliest stages of SDLC is recommended to effectively manage Electronic Records. Every FSA System or Application Developed should be required to maintain an up-to-date electronic records system to capture, manage, store, remove, protect, recover, archive, recall, create, modify, retain, deliver and distribute information, conducted properly in accordance with laws, statutes, regulations and other guidelines. For more information visit the FSA Records Management Web Site.