Waterfall Methodology: Technology Solution Analysis and Design Process

Process Owner: Manager, Solutions Development and Support

Note: An owner must be a PCES-level manager or higher.

This process establishes standard tools and processes for the TSLC Waterfall Analysis and Design phase within the Postal Service Technical Environment.

1. PURPOSE

The Technology Solution Analysis & Design process translates the Technology Solution Requirements into an implementable design and finalizes the project’s implementation schedule and costs. Technology components are identified and architected to provide a framework in support of the Technology Solution Build phase.

The objectives of the Analysis & Design process are:

• Create an optimal design for an end product that will satisfy the agreed-upon technology solution requirements.
  
• Ensure technology service providers are in agreement and meet corporate standards / architectures before the technology solution is built.
  
• Develop cost and schedule for the entire technology solution project.

2. SCOPE

The Technology Solution Analysis & Design process applies to all technology solution projects including, but not limited to, one or more of the following:

• Development of application or system software
  
• Configuration of Commercial Off-The-Shelf (COTS) software, telecommunications / network implementations, database changes
  
• Information technology infrastructure projects
  

3. PROCESS DESCRIPTION

The Technology Solution Analysis & Design process creates a documented design from approved technology solution requirements.

This process is composed of the following sub-processes:

1. Perform Risk Assessment

Application risk assessment is an ongoing process designed to minimize risk to applications by identifying additional security controls (beyond those initially established) to be deployed that are commensurate with the relative values of the assets to be protected, the vulnerabilities associated with those assets, and threats to the application. Non-sensitive technology solutions may use the Abbreviated Risk Assessment.

This process includes the following steps:

2. Develop Technology Solution Design Documents

Host designs, database designs, network designs, application designs, etc., are developed as appropriate based on the approved requirements document. Host designs may use the provided TSLC template. All technology solution designs will encompass those environments (such as Development, Test, CAT, Prod, and Training) that have been defined within the scope of the technology solution requirements.

3. Develop Technology Solution Security Control Plan

Technology Solution Security specifications are documented to satisfy the security requirements defined by the Business Impact Assessment (BIA). The TSPM analyzes the security requirements and specifications established for the application and identifies potential security controls in light of business requirements, Postal Service policies, and cost versus benefit of the various control options. Security controls for the technology solution are selected by the project team to satisfy the privacy and security requirements identified through conducting the BIA and to mitigate the risks identified in the technology solution risk assessment or abbreviated technology solution risk assessment. Multiple information security controls may be needed to satisfy a particular information security requirement, or one control may satisfy more than one information security requirement.

This process includes the following steps:

4. Design Walkthrough with All Appropriate Technology Service Providers

All Technology Service Providers who have a stake in the technology solution will bring their draft designs to a walkthrough session. The designs will be reviewed against the requirements, and approval must be obtained by the Enterprise Architecture Committee for all projects introducing new or expanded use of IT services, technology solutions, or COTS software. This review process also applies to projects that require upgrades to software previously approved for inclusion in the IT Tool Kit (ITK). The objective of the walkthrough is for all IT Service Providers to agree on the design. Any changes to requirements as a result of the design must go through the CCB. 

5. Submit SOX System Impact Assessment (SIA) Form to SOX CCB (SOX Systems Only)

SOX Systems are required to complete the SOX SIA and submit it to the SOX Change Control Board (SCCB) when implementing changes to the system functionality (add/remove/enhance) or the system architecture. The SCCB will perform an analysis of a requested change against the SOX Controls defined for the requesting application and provide list of required remediation actions or approval. This is a Baseline requirement for all SOX in-scope systems that must be stored in the TSLC Artifacts Library.

6. Create Draft System Integration Test (SIT) Strategy

The Draft SIT Strategy is developed early and is an output of the Technology Solution Analysis & Design process to support generation of accurate and committed cost and schedule. The Draft SIT Strategy will include the following information:

• SIT logistics (where)
  
• People resource requirements (customer, IT, etc.)
  
• Data requirements (source and migration)
  
• High level script strategy (functionality, performance, etc.)
  
• Hardware requirements strategy
  
• Timeframe
  
• Backup requirements
  
• Security requirements
  

7. Create Draft CAT Strategy

A Customer Acceptance Test (CAT) phase is needed to ensure that the technology solution satisfies the key system requirements for the business customer. The Draft CAT Strategy is developed early to support the generation of accurate cost and schedule. The Draft CAT Strategy will include the following information:

• CAT Test approach
  
• High level CAT Test Conditions and Expected Results
  
• High level CAT Acceptance Test Cycles
  

8. Determine Components to Be Procured

This process involves performing preliminary procurement activities, such as a “making versus buying” analysis and procurement / award supplier identification (award will not occur until after the TSLC design process). This information will be utilized in the development of the project cost and schedule.

9. Develop CAT Scripts

The CAT scripts are documented test scenarios that outline input data, sequence of test steps, and expected output values. The CAT scripts define the technology solution acceptance criteria. Once the test scenarios have been developed, the CAT team will walk through all scenarios to ensure that requirements are thoroughly tested. This is a Baseline requirement, for all SOX in-scope and out-of-scope systems, that must be stored in the TSLC Artifacts Library.

10. Assemble Cost and Schedule from Technology Service Providers

At this point the requirements are signed off and placed in change control in the Requirements phase. The Technology Solution Coordinator (BPL with IBSSC developed solutions) has up to two weeks to request, obtain, and compile the technology solution implementation costs and schedule milestones from the Technology Service Providers. DARs and large project technology solution implementations that will require longer than the two week timeframe may request an extension in writing in advance from the Portfolio Manager responsible for the technology solution. Though the technology solution costs and schedule milestones have been provided, the Technology Solution Coordinator continues to complete and obtain signoff on the technology solution design document.

11. Updated Project Plan

The project plan is updated with the information from the milestone information from the Technology Solution Providers. At this point the project plan has all the tasks to commit and implement the technology solution.

12. Present Costs and Schedule

The total project implementation costs and schedule are presented to the customer for a decision to proceed with the building process or continue with the technology solution Analysis and Design process in the event this has not been completed.

13. Technology Solution Implementation Cost and Schedule Customer Approval

Upon the customer review of the cost and schedule to develop the Technology Solution, a decision is made in writing by the customer to proceed with the Build process (or design if not completed). If approved to proceed, funding is obtained to support the rest of the TSLC processes in implementing the Technology Solution.

14. Implement Design Document Change Control

Upon formal approval of the design document by the appropriate Technology Solution Providers, the technology solution design document is placed under change control. Any changes to the design document must go through the CCB process.

4. PROCESS DIAGRAM

An asterisk (*) denotes a Baseline requirement.

5. PROCESS INPUTS/OUTPUTS

Inputs

• Technical Solution Requirements with Approval*: All functional, business, and technical requirements for designing the technical solution.
  
• Traceability Test Matrix: Traces all technical solution requirements to their corresponding test cases.
  
• Business Impact Assessment: Assessment classifying the sensitivity level of data.
  
• Documented Approval of Technology Solution Requirements: Signifies the technical requirements have been approved as input into creating the technical solution design.
  

Outputs

• Risk Assessment: Assessment of risks that could impact the security of the technology solution.
  
• Technology Solution Design: Encompasses all the components that make up the structure and overall functionality of the technology solution into functional engineering elements and relationships between them.
  
• Technology Solution Security Control Plan: Plan that documents the security controls to be implemented based on results of the BIA and the risk assessment.
  
• Technology Solution Design with Approval
  
• EA Checkpoint 2: EA Committee approves or denies technologies that are represented in design documentation.
  
• Updated Traceability Test Matrix: Updated Traceability Test Matrix with Build information.
  
• Draft SIT Strategy: Supports generation of accurate and committed resource and cost estimates for SIT.
  
• Draft CAT Strategy: Supports generation of accurate and committed resource and cost estimates for CAT.
  
• CAT Scripts*: Scripts used for performing the Customer Acceptance test.
  
• Technology Solution Implementation Cost: The collection of cost estimates from all IT Service Providers who have design input into the respective technology solution.
  
• Project Plan Final Baseline: Identifies all tasks and dates by all participants in implementing the technology solution.
  
• SOX System Impact Assessment Form*: Documents requests for change with potential to impact SOX Controls and/or SOX Freeze Period.
  
• TS Funding and Schedule Approval: Approval of the design, cost, and schedule and the approval to proceed by the customer has been given.
  

An asterisk (*) denotes a Baseline requirement.

6. PROCESS RELATIONSHIPS

An asterisk (*) denotes a Baseline requirement.

7. ROLES AND RESPONSIBILITIES

• Technology Solution Coordinator (TSC): Responsible for coordinating the development of the technical solution design.  This role may be the responsibility of any TSP but is typically performed by IBSSC.
  

• Technology Solution Project Manager (TSPM): Responsible for coordinating the development of the total project plan.  This role may be the responsibility of any TSP but is typically performed by Portfolio.
  

• Customer: The Customer will decide to proceed with the technology solution build once the implementation cost and schedule have been provided.  This role is typically performed by a functional business group, but the role may also be performed by IT Portfolio or TSP.
  

• Technology Service Providers (TSP): All Stakeholders that are responsible for providing input into the Technology Solution design.  Responsible for ensuring their technical solution design is architected appropriately.
  

• Change Control Board (CCB): Assesses all cost and schedule impacts associated with any new technology solution enhancements. 
  

• SOX Change Control Board (SCCB): The SOX CCB is responsible for assessing and providing final determination (approve/deny) for all SOX System requests for change which may impact SOX Controls.

8. SUPPORTING DOCUMENTATION

For access to the following documents, contact the US Postal Service. See Publication 5, Let's Do Business for further information about local US Postal Service contacts.

• Application Development Standards
• TSLC Templates, Waterfall
  

9. REVISION HISTORY