The Disposition Phase is the end of an information system’s life cycle. The information system is formally retired according to organizational needs, laws and regulations, and the Disposition Plan. The disposition activities ensure that the information system is terminated in an orderly manner and that vital information about the system is preserved according to applicable records management regulations and policies for future access.
The decision to proceed with the Disposition Phase is based on recommendations and approvals from an In-Process Review during the Operations and Maintenance Phase.
1.0: Objectives / Goals
2.0: Deliverables and Approvals
4.0: Tasks and Activities
1.0 Objectives / Goals
Successful completion of the Disposition Phase should comprise:
- Notification of end-users
- Notification to Systems Team with reference to interfacing systems
- Shutting down the system
- Disposal of residual assets from the retirement
- Archiving data and system components
The purpose of the Disposition Phase is to shut down the operational information system in a controlled manner.
Back To Top
2.0 Deliverables and Approvals
SDLC deliverables help State agencies successfully plan, execute, and control IT projects by providing a framework to ensure that all aspects of the project are properly and consistently defined, planned, and communicated. The SDLC templates provide a clear structure of required content along with boilerplate language agencies may utilize and customize. State agencies may use formats other than the templates, as long as the deliverables include all required content.
The development and distribution of SDLC deliverables:
- Ensure common understanding among Systems Team members and stakeholders,
- Serve as a reminder of specified plans as projects become increasingly complex,
- Provide agency senior management and other State officials insight into project risks and ongoing performance,
- Encourage the execution of repeatable and consistent processes,
- Facilitate the implementation of project management and agency IT best practices, and
- Result in a comprehensive record of project performance useful for many purposes (e.g. staff knowledge transfer, budgetary and other assessment activities, lessons learned).
During the development of documentation, the Systems Team should:
- Write comprehensive, easy to understand documents with no redundant information.
- Develop an organized document repository for critical project information, so Systems Team members can easily access, store, and reference project documents and other deliverables from all life cycle phases.
- Implement routine deliverable reviews to correct inaccuracy, incompleteness, and ambiguities.
- Recognize that sample templates for deliverables are available; agencies might accept deliverables in different formats as long as all required information is present. The content of these deliverables might expand or shrink depending on the size, scope, and complexity of the project.
- Recycle or reference information from earlier documents where possible and beneficial.
The following is a listing of deliverables required of all projects for this phase of work.
Disposition Plan (Update) – identifies how the termination of the system/data will be conducted, and when, as well as the system termination date, software components to be preserved, disposition of remaining equipment, and archiving of life cycle products.
All deliverables other than those identified as Updates should be developed in this phase. Deliverables identified as Updates should be revisited and enhanced as necessary as prescribed in this phase.
Deliverables produced during this phase must be reviewed in detail and should follow the approval path as defined in the above table. A signature page or section should accompany each deliverable requiring approval.
DoIT will periodically request copies of these documents as part of its oversight responsibilities.
Back To Top
The following personnel participate in the work activities during this phase:
- Agency CIO
- Business Owner
- System Manager
- Systems Team
- Project Stakeholders
- State Archivist
Responsible – Describes role that executes the activities to achieve the task.
Accountable – Describes roles that own the quality of the deliverable and sign off on work that Responsible provides.
Consulted – Describes roles that provide subject matter expertise.
Informed – Describes roles that receive information about the task.
The Roles and Responsibilities page has detailed descriptions of these roles and their associated responsibilities.
Back To Top
4.0 Tasks and Activities
4.1 Review Phase Prerequisites.
The System Manager ensures the following prerequisites for this phase are complete:
- The Disposition Plan drafted in the Operations and Maintenance Phase
- The Data Retention Plan drafted in the Design Phase
4.2 Monitor Phase Performance.
The System Manager monitors phase performance by gathering status information about:
- Activity progress with status details
- Complete and incomplete deliverables
- Estimated time to completion
- Resource utilization data
4.3 Initiate Disposition Activities.
The Systems Team audits comprehensively the information system, its equipment, its data, and its documentation:
- Compare the audit report with the information in the configuration management repository to identify and address any deficiencies.
- Compare the audit report with the information in the asset management repository to identify and address any deficiencies.
- Identify and consider any risks to system disposition.
- Perform any actions noted in the Operations and Maintenance Phase Review.
These actions should prepare the information system for termination.
4.4 Review the Security Plan.
The Systems Team reviews the Security Plan for any requirements for system termination. Both the Security Plan and the Disposition Plan govern the disposition of hardware, software, and data. The State’s security policies follow guidelines endorsed by the NIST and the NSA. Information regarding Disposition Phase activities can be found in several different NIST Special Publications, including Generally Accepted Principles and Practices for Securing Information Technology Systems, SP800-14, and Guidelines for Media Sanitization, SP800-88. Other information on State security policies is available on DoIT’s website.
4.5 Review the Data Retention Plan.
The Systems Team reviews the formal Data Retention Plan that the Development Team and project stakeholders created in the Development Phase.
The State of Maryland has legally mandated data retention policies that apply to all State agencies and State-created entities and any public records maintained. The State Archivist’s website has records management guidance, including laws, rules, and regulations, at http://www.msa.md.gov/msa/intromsa/html/record_mgmt/homepage.html.
4.6 Update the Disposition Plan.
The Systems Team updates the Disposition Plan as additional detailed plans are defined or changed.
4.7 Notify End Users and Systems Teams for Interfacing Systems of the System Retirement.
As early as possible, the System Manager notifies all end users of the system's retirement and the termination date. The System Manager also notifies any Systems Teams working on other systems that interact with the retiring system of the impending termination date.
4.8 Notify the State Archives about the System Termination.
The Systems Team notifies the State Archivist’s office of the system termination. Submit the proper forms for storing state records according to the Data Retention Plan.
4.9 Shut Down the System.
The Systems Team shuts down all software and hardware components in the system on the termination date according to the Disposition Plan.
4.10 Archive or Transfer Data.
The Systems Team transfers data from the old system to the new system or the State Archives according to the Disposition Plan and the Data Retention Plan.
4.11 Archive or Transfer Software Components.
The Systems Team transfers software components to the new system or the State Archives according to the Disposition Plan and the Data Retention Plan. The archived system is the entire application including logs, data, documentation, issue reports, and any other information created during the life cycle of the system.
4.12 Archive Life Cycle Deliverables.
The Systems Team transfers all life cycle deliverables or documentation to the State Archives according to the Disposition Plan and the Data Retention Plan.
4.13 Dispose of Equipment.
The Systems Team assesses the system hardware components and determines whether to reuse, recycle, destroy, or sell the equipment.
4.14 Perform Phase-Closure Activities.
The Systems Team prepares and presents a phase status review for the Agency CIO, Business Owner, and other project stakeholders to address status on Disposition Phase activities.
The System Manager also conducts the Post-Termination Review within six months after system disposition. The Post-Termination Review documents the findings of the Disposition Phase Review and the lessons learned from shutting down and archiving the terminated system; this report also identifies the repository for all archived products and documentation. The Agency CIO and Business Owner review and sign the Post-Termination Review Report.
Back To Top
The Disposition Phase is the end of the operational system.