Text Size Default Text SizeDefault Text Size Large Text SizeLarge Text Size Largest Text SizeLargest Text Size Print Print this Page

Policy 6136

IT Systems Development Life Cycle

I. Purpose

The purpose of this policy is to establish a University wide information technology (IT) systems development life cycle to offer consistency and structure to the IT systems development process and to ensure that security is considered throughout an IT system's development.

II. Definition

Systems Development Life Cycle (SDLC): The SDLC is a process for developing IT systems that offers consistency and structure in the progression of an IT system from concept to implementation to disposition.

III. Policy 

  1. Establishment of the SDLC: The SDLC is described in detail in the IT Systems Development Life Cycle Standard and will be followed for all University IT systems.
  2. Phases of the SDLC: The SDLC process is a phased process and phases will be completed in the order specified:
    1. Planning
    2. Initiation
    3. Definition and Construction
    4. Integration and Test
    5. Implementation
    6. Operations and Maintenance
    7. Disposition
  3. Initiating the SDLC: All new IT systems developed will enter the SDLC at the Planning Phase when a request for a new IT system or significant modification to an existing IT system is made through the Project Management Office's established IT project request procedures. New IT systems or significant modifications include those developed at the University or acquired from a third party.
  4. Consideration of Security in the SDLC: Security will be integrated into each phase of the SDLC. An IT System Security Plan will be updated and maintained throughout the life cycle of an IT system.

IV. Enforcement

The University regards any violation of this policy as a serious offense. Violators of this policy are subject to disciplinary action, in addition to possible cancellation of IT resources and systems access privileges. Users of IT resources and systems at Longwood are subject to all applicable local, state and federal statutes. This policy does not preclude prosecution of criminal and civil cases under relevant local, state, federal and international laws and regulations.

Approved by the Board of Visitors, December 5, 2008.