Question PPPR-05
Do you have a documented systems development life cycle (SDLC)?
| Weight | 20 |
| High Risk | No |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
State any plans to implement an SDLC.
Answering "YES"
Briefly summarize your SDLC or provide a link or attachment.
Reason for Question
Mature product/software/service lifecycle management can position a vendor to sufficiently plan, implement, and manage systems that better protect institutional data.
Follow-Up Inquiries
Although withdrawn by NIST, the Security Considerations in the Systems Development Life Cycle (SP 800-64r2) document is an excellent resource to provide guidance to vendors (i.e., set expectations). Follow-up questions to SDLC use will be institution/implementation specific.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]