Pre-Definition
|
The Pre-Definition Phase is the first phase in the life-cycle and is when business owners determine if an IT System or Solution is needed to fulfill a business need and/or performance gap.
|
Definition
|
The Definition phase defines an EPA business need and documents the purpose, scope, and requirements of the proposed information system or model. Security planning for the system must begin during this phase by designating or revising, if necessary, information sensitivity levels, conducting a risk assessment, and developing a baseline security plan. The Definition phase includes three sub-phases, Initiation, Concept Definition, and Requirements Definition, described in the Agency System Life-Cycle Management Procedures supporting this policy. For models, this phase includes problem definition or scoping.
|
Development or Acquisition
|
The Development or Acquisition phase utilizes the information developed in the Definition phase to design, develop and/or acquire the required information system or model that meets the EPA business need and requirements. During this phase the security requirements of the system are developed. The security risk assessment and security plan must be updated based on technology selections, and contingency or continuity of support plans must be developed. The Development or Acquisition phase includes two subphases, Design and Construction, described in the Agency System Life-Cycle Management Procedures supporting this policy. For models, this phase includes formal model development and code verification.
|
Implementation
|
The Implementation phase installs the system in the production environment. Data is converted as needed, and sample testing is conducted to verify the system. Security features and plans are configured, enabled, and tested, and security certifications must be conducted during this phase. Written authorization to process must be completed during this phase prior to beginning operations. The Implementation phase includes two subphases, Testing and Implementation, described in the Agency System Life-Cycle Management Procedures supporting this policy. For models, this phase indicates that the model has been or is soon to be released.
|
Operations and Maintenance
|
The Operation and Maintenance phase operates and maintains the system. Periodic risk assessments, evaluation, testing, certification, and reauthorization must be conducted during this phase. For models, this phase represents full functionality. The model is evaluated and further developed/updated (i.e. versioning) as needed.
|
Termination
|
The Termination Phase ends the operation of the system or model in a planned, secure, orderly manner, including archiving system components and data or incorporating them into other systems as required, and securely disposing of hardware. For models, this phase represents models that are no longer supported by the Agency, but the metadata about the model is still publically available.
|
Mixed
|
The life-cycle is not exclusive to a single phase.
|