 |
 |
 |
|
| 1 Objective and Application of the Lifecycle Process Model |
Zielsetzung und Anwendung des Vorgehensmodells
1.1 Objective
In the field of Federal Administration, the Software Lifecycle Process Model (V-Model) regulates the system development process and the maintenance and modification of systems; how these systems meet their requirements is predominantly regulated by the application of IT.
This is achieved by means of the uniform and binding set of activities and products (results) which are required during the IT system development and the accompanying activities quality assurance (QA), configuration management (CM), and technical project management (PM).
Therefore, this standard helps to achieve the following objectives:
- Improvement and guarantee of the quality:
- The completeness of the results to be delivered can best be guaranteed by a standardized procedure.
- Defined interim results make early assessment procedures possible.
- Uniform product contents alleviate the readability of the products and the assessment procedures.
- Checking the costs for the whole lifecycle:
- The generation of relevant project-specific development standards and its assessment will be simplified.
- The standardized procedure makes the cost calculation more transparent. Any risks in connection with the costs can be recognized better.
- Uniform standards reduce friction losses between customer and contractor as well as between main contractor and subcontractor.
- Standardized procedures allow for the reduction in the use of resources.
- In case of a standardized procedure universal approaches to the solutions become transparent and can thus be reused.
- Undesirable developments are recognized at an earlier stage.
- The training costs are reduced.
- Improvement in the communication between the different parties, as well as a reduction in the dependence of the customer on the contractor:
- Using defined terms reduces misunderstandings between all parties involved.
- The user, the purchaser, and the developer will be supported when formulating their requirements/when describing their parts or results.
- The interim results/final results are standardized to such an extent that other parties involved or staff of other companies are able to settle in without very much effort, if necessary.
1.2 Application of the V-Model
The V-Model is taken into consideration after being requested to make an offer and when setting up contracts; it is applied during project supervision, generation, maintenance and modification of IT systems. Users are both the authorities and industry.
When using the V-Model for developments within the authorities, the following terms, which are constantly applied in the V-Model, have to be used analogously:
| order/contract | 
| instruction/commissioning/directive |
| customer |
| purchaser |
| contractor |
| developer/programming center |
The V-Model does not take into consideration any organizational rules; with regard to the organization it is impartial. Therefore, the V-Model must in the various authorities be adjusted to the available process organization. In order to support this mapping, activities in the V-Model are allocated to roles.
All departments in charge of software development have to guarantee-for each SDE implementation-an allocation of the documentation resulting from the tools to the V-Model documents.
It also must be checked if-based on the new regulations-any rules or regulations in their areas have to be adjusted or if special implementation regulations have to be enacted.
1.3 The Term "System" in the V-Model
When applied, the V-Model basically uses the term "system" as defined in /ISO IEC 12207/:
There a system is defined as a uniform whole consisting of one or several processes, hardware, software, installations and persons, having the ability to meet specified requirements or objectives.
| For the V-Model, only such systems are considered that are fulfilling their tasks predominantly by using IT. Apart from the IT systems, this also includes IT portions of other systems. |
For that, the V-Model applies the term IT System. An IT system in that sense can be part of a higher-level system.
1.4 Adaptation to the Actual Project Situation
The advantage of the V-Model is based on its general validity. The technical rules it contains must be adapted to the actual project situation. These project adaptations are called "tailoring"; they will be carried out by deleting or combining activities or products. Additions have to be marked. Following that, the organizational allocations of the activities thus determined must be realized.
Part 3 Collection of Manuals includes suggestions for adjusting several project types within the scope of the "Standardized Pre-Tailoring".
1.5 Meeting the QA Regulations
The V-Model includes detailed rules for the entire IT system development process including the activities for project management, quality assurance, and configuration management. If the V-Model is correctly applied then in turn the Part 3: Meeting the Minimum IT Requirements of the Federal Audit Office by Means of the V-Model, as well as the requirements according to ISO 900x and /AQAP-110/ or /AQAP-150/ are fulfilled.
An allocation table from the requirements according to ISO 9000-3 and their being covered by the V-Model is shown in Part 3 Collection of Manuals in the manual The V-Model in an ISO and AQAP Environment.
1.6 Meeting the Security Criteria
Systems and software to be evaluated and certified by independent and impartial organizations must meet the requirements of the corresponding security criteria.
The regulations of the V-Model meet the requirements of the corresponding criteria catalogue with respect to security(1) with regard to the development process, and with regard to the products to be generated; all the corresponding requirements can be defined and controlled within the scope of the regulations of the V-Model.
The term "IT security" refers to the actual Security ("classical" IT security), but may also be understood in the sense of Satefy (procedural safety or operational safety).
Note: (1) The criteria for the evaluation of security of information technology systems (/ITSEC/) lay the foundations which are valid at present.
|
|
|
GDPA Online
Last Updated 01.Jan.2002
Updated by Webmaster
Last Revised 01.Jan.2002
Revised by Webmaster
|