Business Analysis Guidebook/Requirements Templates

Different Documents/Customer Preferences

Business Requirements Documents

SDLC Deliverables

System Initiation Phase

Processes	Techniques	Process Deliverables
Prepare for System Initiation	Interviews Document Gathering and Reviews Define Security Roles and Responsibilities* Orient Staff on the SDLC Security Tasks* Establish a System Criticality Level*	Establish Team and Environment for System Initiation
Verify Proposed Solution	Brainstorming Research Classify Information (preliminary)* Establish System Security Profile Objectives (preliminary)* Create a System Profile (preliminary)*	Verified Proposed Solution
Assist in Developing System Schedule	Brainstorming Research Estimating	Work Breakdown Structure (WBS), High level estimates using predefined Estimation Models

System Requirements Analysis Phase

Processes	Techniques	Process Deliverables
Prepare for System Requirements Analysis	Site Walk-through Project Origination and Business Case Reviews Team Skills Assessment Technology Needs Assessment Tool Needs Assessment Stakeholder Analysis (though done as a part of Project Management (PM) activity, the project PM and business analyst (BA) must ensure that the stakeholders identified are still current and correct.)	Established Team and Environment for Requirements Analysis Stakeholder Map (Initiated as a PM activity but must be correct and up to date during this phase) System Context Diagram link to pb.works.com System Context Diagram template []
Determine Functional and Non-Functional Requirements	Establish an Information Profile (iterative)* Establish System Security Profile Objectives (iterative)* Decompose the System (preliminary)* Organizational Modeling Scope Modeling Functional Decomposition Interviews Observation (Job Shadowing) Focus Groups Acceptance and Evaluation Criteria Scenarios and Use Cases Sequence Diagrams User Stories JAD Sessions Brainstorming Storyboarding Prototyping Structured Walk-through Event Analysis Business Rule analysis Requirements Workshops Risk Analysis Root Cause Analysis	Business Requirements Document Business and Functional Requirements Non-Functional Requirements Business Rules Requirements Traceability Matrix Templates: All-encompassing: Business Requirements Document Subset of comprehensive version: Requirements Document Template Use Cases Sequence Diagrams User Stories
Define Process Model	Work Flow Diagrams Flow Chart Diagrams Business Process Models Use Case Diagrams Decision Analysis Prototyping	Process Model Templates: Business Process Models
Define Logical Data Model	Classify Information (iterative)*	Logical Data Model Requirements Data Model Data Dictionary Existing File Descriptions Data Conversion Requirements Archiving and Retention Requirements
Reconcile Functional and Non -Functional Requirements with Models	Current State Gap Analysis Scenarios and Use Case Modeling Data Modeling	Current Assessment Document Validated Functional and Non-Functional Requirements and Models Use Cases ER Diagrams Class Diagrams

System Design Phase

Processes	Techniques	Process Deliverables
Prepare for System Design	Interviews Site Walk-throughs Create a System Profile (iterative)* Decompose the System (iterative)* Assess Vulnerabilities and Threats (preliminary)* Assess Risks (preliminary)*	Established Team and Environment for System Design
Define Technical Architecture	Interviews Document Gathering and Reviews Role/Authorization Analysis Select and Document Security Controls (preliminary)*	Technical Architecture
Define System Standards	Interviews Brainstorming Policy and Standards Reviews	System Standards
Create Physical Database	Formal Walk-throughs Standard Data Definition Languages Data Administration Techniques (Data Normalization, De-Normalization)	Databases and System Files
Prototype System Components	Iterative Prototypes/Reviews Presentations GUI/Report Development Tools	Prototype and Proof of Concept Results
Produce Technical Specifications	Function Decomposition Expressing Logic: Pseudo Code, Structured English, Object Oriented Logic Operational Requirements Assessment System Load Analysis Business Impact Analysis Potential Problem Analysis Training Needs Decomposition	Technical Specifications Module Specifications Security, Database, Network, Application Architectures Test Plans/Test Cases Deployment/ Transition Plans Template: Technical Specifications

System Construction Phase

Processes	Techniques	Process Deliverables
Prepare for System Construction	Interviews Site Walk-throughs Environmental Assessments	Established Team and Environment for System Construction
Refine System Standards	Brainstorming Policy and Standards Reviews Best Practice Assessments Lessons Learned Reviews Prototyping Assess Vulnerabilities and Threats (iterative)* Assess Risks (iterative)* Select and Document Security Controls (iterative)*	Refined System Standards
Build, Test, and Validate (BTV)	Coding Create test data* Manual Testing Automated Testing Defect Tracking	Unit Test Results Unit Tested System Components Unit Tested System Utilities Data Conversion Utilities
Conduct Integration and System Testing	Manual Testing Automated Testing Defect Tracking Regression Testing Test Security Controls*	Integration and System Test Results Validated System Validated System Utilities
Produce User and Training Materials	Technical Writing Illustration On-line Content Development JAD Sessions Prototypes/Content Review Current State Gap Analysis Scenarios and Use Case Modeling Data Modeling	User Manual Training Materials
Produce Technical Documentation	Technical Writing Illustration On-line Content Develop Security Documentation Prototypes/Content Review	Technical Documentation

System Acceptance Phase

Processes	Techniques	Process Deliverables
Prepare for System Acceptance	Interviews Site Walk-throughs Environmental Assessments Acceptance Test Plan Review	Established Team and Environment for System Acceptance
Validate Data Initialization and Conversion	Manual Testing Automated Testing Defect Tracking Regression Testing	Data Validation Test Results Validated Data Initialization and Conversion Software
Test, identify, Evaluate, React (TIER)	Manual Testing Automated Testing Measure security compliance* Document System Security Profile* Document Security Requirements and Controls* Defect Tracking Regression Testing	Acceptance Test Results Validated System Validated System Utilities
Refine Supporting Materials	Technical Writing/ Illustration On-line Content Development/Content Review	Revised User/Training Materials Revised Technical Documentation

System Implementation Phase

Processes	Techniques	Process Deliverables
Prepare for System Implementation	Interviews Distribution of Materials Coordination of Training Logistics	Established Team and Environment for System Implementation
Deploy System	Training Sessions Manual Business Operations Parallel Operation Perform System Certification and Accreditation *	Migrated and Initialized Data Operational System
Transition to Performing Organization	Training Sessions Phased Ownership	Ownership of System by Performing Organization

Security Activities within Enterprise SSDLC Phases (ITS-S13-001)

links to pb.works.com templates

SDLC Process Deliverable Definitions

Description of SDLC Security Activities

This article is issued from Wikibooks. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.