Implementation Guides

Requirements Implementation

Implementing policies for gathering, prioritizing, and authorizing requirements ensures that development resources are allocated based on careful consideration of the requirement's alignment with business imperatives, cost, and overall feasibility.

Application requirements should be separated into two categories--new requirements/enhancements and bugs--and collected in one or two databases accordingly. Install a request management system that is accessible to both request sponsors and IT that is capable of ranking, tracking, and closing out requests.

The project team will need to meet regularly to review authorized requests and set deadlines. Ongoing project team meetings play an important role in determining the application's final form.

Since requests always exceed development capacity, a prioritization exercise is necessary to narrow the list of requests down to a workable set. The process of assigning priorities is susceptible to personal, political, and departmental pressures, so strategies for leveling the playing field are essential.

After a final evaluation of the risks associated with the deliverable, such as cost overruns due to overly optimistic estimates, the project is presented to the project sponsors for its final blessing. The requirements sign-off establishes, at a minimum, what will be delivered, when, and at what cost.

Download the Requirements Implementation Guide (PDF)

Design Implementation

By linking each design specification back to a specific requirement, a structured design process ensures that the development team is provided with a clear mission, and that everyone is pulling in the same direction. This doesn't mean that the progression from requirements to design to development is always a clean and linear process; in fact, it rarely is, which is why a formal design process is crucial.

A good design process captures the iterative progression of the design specifications as the requestors, design team, and developers go back and forth on application details. It enforces consideration of the "why" and "how" aspects of the project and provides a history of the design's evolution that can inform future changes and answer questions related to an audit.

Successful design implementation consists of the following:

• A formal design process describing how requests and change requests move through the requirements, design specifications, test planning, and design authorization stages
• A repository--accessible to all stakeholders--where all documents related to the design process are stored, including design specifications, test plans, test cases, and change requests
• A change control process with automated workflow
• Explicit design specifications linked to each approved request
• Test planning, including at least one test case for each specification

Download the Design Implementation Guide (PDF)

Development Implementation

Implementing development policies can be an uphill climb because it asks that developers conform to a set of standardized practices that may be markedly different from the way they're used to doing things. The same qualities that make Notes/Domino such a popular development platform have the unintended consequence of fostering dubious development practices. The important thing to remember is that Development policies don't have to be implemented in one fell swoop. Instituting IT governance is a cumulative process, best pursued one day at a time.

A simple roadmap for implementing development policies might begin with coding standards. Working collaboratively, create a document that lays out your coding standards, circulate it, and allow it to evolve over time. Then make sure your team is standardized and trained on the same tools.

Subsequent steps to implementation include setting up a source code control system; organizing the development server; integrating unit testing; and designing a build process that ensures a smooth, predictable path to production.

Download the Development Implementation Guide (PDF)

Test Implementation

Application testing should take place throughout an application's life cycle. Accordingly, test implementation occurs at different points along the project's journey. Test plans are developed in the Design phase. Unit testing is done in development, before the application reaches the actual test phase. Testing is an iterative process, cycling through the test/fix loop until the number and severity of faults is judged acceptable.

The testing phase consists of two primary types of activities: application testing and user acceptance testing. Application testing requires a dedicated, segregated environment configured as closely as possible to the production environment. Third-party testing tools can often be used to streamline application testing.

The goal of User Acceptance Testing is the customer's affirmation that the application or functionality meets the agreed-upon specification. This is more elusive than it might appear, and development methodologies like Extreme Programming and Agile may accelerate user acceptance by including the customer earlier and more deeply in the testing process.

All testing results need to be documented. Neglecting even the most innocuous-looking bugs could lead to more aggravated problems down the line.

The test team department should have final say over whether or not an application is ready for promotion to production. Final approval should rest with the administrator of the server on which the application will reside.

Download the Test Implementation Guide (PDF)

Production Implementation

Actively managing your Notes infrastructure is a tall order. Each policy area is a huge discipline in itself, so it is important to take it one step at a time.

In order to begin implementation of production policies you will need three things:

• A complete inventory of applications in production
• Full control of who has access to what and when, as well as the ability to lock down applications
• A controlled, auditable change management process

Once these are established you'll be in a better position to monitor application usage and agent activity and improve overall security by keeping a tight rein on ACL settings. You'll need to be vigilant so that new or updated applications don't invite chaos back into the system. The most effective way to stop this from happening is to prevent changes to applications in production. This can be achieved by exercising stringent ACL control and by locking down an application and implementing an automated method for moving designs into production.

Download the Production Implementation Guide (PDF)