During the Operations and Maintenance Phase, the information system’s availability and performance in executing the work for which it was designed is maintained. The State realizes the largest value for the system during this phase. System operations continue until the system’s termination date, when the next phase, Disposition, begins.
1.0: Objectives / Goals
2.0: Deliverables and Approvals
4.0: Tasks and Activities
Successful completion of the Operations and Maintenance Phase should comprise:
The purpose of the Operations and Maintenance Phase is to ensure the information system is fully functional and performs optimally until the system reaches its end of life.
Back To Top
SDLC deliverables help State agencies successfully plan, execute, and control IT projects by providing a framework to ensure that all aspects of the project are properly and consistently defined, planned, and communicated. The SDLC templates provide a clear structure of required content along with boilerplate language agencies may utilize and customize. State agencies may use formats other than the templates, as long as the deliverables include all required content.
The development and distribution of SDLC deliverables:
During the development of documentation, the Systems Team should:
The following is a listing of deliverables required of all projects for this phase of work.
Standard Operating Procedures (Updated) – defines in detail how the Systems Team will perform the business processes related to the operations and maintenance of the system.
· Provide detailed instructions for future business processes
· Ensure consistent execution of business processes
· Drive performance improvement and improve organizational results
Performance Reports – tracks routine metrics as system performance indicators.
· Report on agreed upon system performance measurements
· Include key performance indicators
No approval required
Implementation Notice – formally requests approval for system changes made during the Implementation Phase.
· Formally request approval for system implementation
Program Trouble Reports – provide details regarding an incident related to any aspect of an IT service.
· Document and track system incidents
· Communicate need to address a disruption in service and/or a reduction of quality of service
In-Process Review Report – formally reports the health of the system. It includes summary of performance reports but is more formalized and usually developed quarterly.
· Provide Agency CIO with routine insight into system performance
· Include results of user satisfaction reviews
User Satisfaction Review – determines the current user satisfaction with the performance capabilities of the system.
· Quantify user satisfaction levels
Disposition Plan – identifies how the termination of the system/data will be conducted, and when, as well as the system termination date, system components to be preserved, disposition of remaining equipment, and archiving of life cycle products.
· Address all facets of archiving, transferring, and disposing of the system and data
All deliverables other than those identified as Updates should be developed in this phase. Deliverables identified as Updates should be revisited and enhanced as necessary as prescribed in this phase.
Deliverables produced during this phase must be reviewed in detail and should follow the approval path as defined in the above table. A signature page or section should accompany each deliverable requiring approval. DoIT will periodically request copies of these documents as part of its oversight responsibilities.
The following personnel participate in the work activities during this phase:
Responsible – Describes role that executes the activities to achieve the task.
Accountable – Describes roles that own the quality of the deliverable and sign off on work that Responsible provides.
Consulted – Describes roles that provide subject matter expertise.
Informed – Describes roles that receive information about the task.
The Roles and Responsibilities page has detailed descriptions of these roles and their associated responsibilities.
The System Manager ensures the following prerequisites for this phase are complete:
The System Manager monitors phase performance by gathering status information about:
The System Manager also organizes and oversees systematic quality management reviews of phase work as a part of monitoring the phase performance.
The System Manager updates the PMP routinely (at least quarterly) to ensure the PMP reflects project performance accurately. Review project performance controls and risks for deviations from the baseline.
Information dissemination is one of the most important responsibilities of the System Manager. The System Manager reviews and updates the Communication Management Plan at least quarterly to account for potential changes in project stakeholders. The System Manager distributes the updated PMP and risk management information according to the revised Communication Management Plan. The PMBOK, Chapter 10 contains additional details on project communications and information distribution.
The System Manager conducts risk management activities during the Implementation Phase; these activities include:
These activities occur throughout the project duration to track and mitigate any new or changed project risks. PMBOK has details for risk management activities in section 11, particularly sections 11.2 through 11.6.
The Systems Team supports the system and its end users as an integral part of the information system’s day-to-day operations. The Operations or System Administration Manual defines tasks, activities, and responsible parties for these daily activities and must be updated as changes occur. By monitoring the system continuously, the Systems Team ensures that the production environment is fully functional and performs as specified. Critical support tasks and activities include:
The system log, the Operations Manual, journals, and other logs are invaluable in emergencies and should be kept in a central repository with other operational documentation.
The System Manager reviews the Program Trouble Reports, which document problems with the system through an automated system. The reports typically include:
Other information may be included and depends on the reporting system. The reporting system should permit an audit of the entire process from problem identification to problem resolution and case closure.
The System Manager and the Systems Team continuously monitor the performance of the system in regard to hardware and the network. Daily operations of the system require identifying and implementing minor modifications for it to function optimally and correctly. Document these modifications using a Change Implementation Notice in the configuration management repository, and follow the change management process to receive approval for the modifications. The Change Implementation Notice contains a requested change to the system by a user and its priority or urgency.
Maryland law states that agencies must have the approval of the Agency CIO:
…before making expenditures on major information technology development projects (MITDP), which were defined as projects that included planning, procuring, creating, installing, testing, or providing initial training on an IT project in which:
-- SB212, Acts of 2008
Change requests that meet the following criteria are maintenance work:
The Systems Team implements changes to the information system to upgrade hardware and add new or remove old functionality. These enhancements might originate with user requests for specific capabilities or from the Systems Team’s identifying solutions to substantive routine system problems. Document any enhancements using a Change Implementation Notice, and follow the change management process to receive approval for the enhancement. All maintenance and enhancements are part of a continuous improvement process for the system.
After the system has been implemented, any major system modifications required must follow the configuration management process from planning through implementation. Refer to the Configuration Management Plan template in the Templates and Checklists section.
The Security Officer monitors the security of the information system according to the System Security Plan. As modifications occur, the Security Officer confirms the System Security Plan is current. As a part of reviewing system security, the Security Officer performs a risk assessment and analysis; the results provide the basis for new or modified security controls. The Security Officer also oversees routine testing of the Contingency Plan.
When a security incident occurs, the Systems Team sends an incident report to the System Manager. These incident reports must be filed with the State’s Incident Response Group. The System Manager routinely reviews the regular system security reports with the Security Officer.
The System Manager routinely reviews DoIT’s security policies and standards on DoIT’s website and guidelines endorsed by NIST and the NSA. The System Manager and Security Officer coordinate with project stakeholders on regular disaster recovery tests for the system. Additional information on security and disaster recovery and best practices is available on the NIST Computer Security Division – Computer Security Resource Center website.
The System Manager reviews and updates all system documentation, particularly the Operations Manual and Disaster Recovery Plan, as changes occur or on a regularly scheduled basis.
The System Manager routinely reviews the information system performance with end users to identify changes and problems. A User Satisfaction Review, which might include a Customer Satisfaction Survey, can obtain feedback on operational systems to help determine if the systems are accurate and reliable.
The System Manager with the Agency CIO conducts the In-Process Review usually quarterly but at least annually. Agencies should conduct the In-Process Review in mid-year to prepare for annual IT Project Request budgets, due in September.
During the In-Process Review, the System Manager evaluates system performance against baseline performance, user satisfaction with the system, adaptability to changing business needs, and new technologies that might improve the system. Project stakeholders may request ad hoc reviews when deemed necessary. The User Satisfaction Review, which can be added to the In-Process Review, can indicate the need for a Process Improvement Review Board meeting or initiation of a proposal for a new system. The Agency should establish a Process Improvement Review Board comprised of project stakeholders representative of all groups impacted by the system. The Business Process Review Board participates in the In-Process Review meetings to ensure proper communication and decision-making.
The Disposition Plan identifies how the termination of the system/data will be conducted, and when, as well as the system termination date, system components to be preserved, data to be preserved, disposition of remaining equipment, and archiving of life cycle products.
The key elements of the Disposition Plan include the following. Additional guidance is provided in the SDLC template.
The objective of the Disposition Plan is to end the operation of the system in a planned, orderly manner and to ensure that system components and data are properly archived or incorporated into other systems. At the end of this phase, the system will no longer exist as an independent entity. The completion of the systems life cycle is carefully planned and documented to avoid disruption of the organizations using the system or the operation of other systems that will use the present system.
The Agency CIO and Business Owner review and sign the Disposition Plan.
The System Manager and the Systems Team prepare and present a system status review for the Agency CIO and other project stakeholders after performing Operations and Maintenance Phase tasks. This review addresses:
The System Manager also updates the Risk Register before beginning the Disposition Phase.
During the life of the system, the Operations and Maintenance Phase is the longest and most expensive as the information system provides the most value to the organization in this phase. After system functionally becomes obsolete, the information system is ready to move to retirement in its final phase, the Disposition Phase.
100 Community Place, Crownsville, MD 21032
300-301 West Preston Street, Baltimore MD 21201
410-697-9700 - Dial 7-1-1 to place a call through Maryland Relay