Karthik Consulting’s (KC) Enterprise Disciplined AgileTM (EDA) Software Development Life Cycle (SDLC) methodology is built on the following four foundational components, (see Figure 1): Agile software development for its ability to quickly adapt and respond to changes; Capability Maturity Model Integrated-Development (CMMI-DEV) for its rigor and enterprise scalability; International Organization for Standardization (ISO) 9001:2015 for its Quality Management; and Project Management Institute (PMI) for its project management best practices. KC’s EDA SDLC methodology is CMMI-DEV maturity Level 3 rated and incorporates best practices from the PMI Project Management Body of Knowledge (PMBOK).
Our EDA methodology is a hybrid approach that extends the typically “Construction” focused lifecycle of Scrum to address the full, end-to-end delivery lifecycle from project initiation to deploying the solution into production. In addition to software, we create supporting documentation including Information Assurance (IA) Certification and Accreditation (C&A) related documents. This means that we are producing solutions, defined by the customer as acceptable, that solve a larger business need. Since the customer is engaged in every stage of the process, they can easily understand, adopt, and support the solution to help them achieve their goals.
Figure 2 below shows the KC EDA SDLC methodology. At project initiation, we develop a Project Management Plan (PMP) describing the overarching program charter, sponsors, scope as well as subsidiary management plans such as schedule, cost, quality, configuration control, risk, human resources, communications, metrics, procurement, and integration with the customer’s program or project portfolio. Our Quality Manager (QM) monitors the adherence to these plans, escalating non-compliance issues to KC senior management.
Each iteration begins with a short requirements analysis phase, followed by design, implementation and testing phases. The testing includes several types such as integration testing, regression testing, performance/load testing, etc. After the features in the iteration are tested, the iteration is deployed to a “First Look” site accessible to the users for additional User Acceptance Testing (UAT). The process will repeat for each iteration until all the requirements are met and the software is ready for final production release. KC’s SDLC processes inherently address documentation requirements. All material for user guide and Standard Operating Procedures (SOP) are incrementally collected and developed during each iteration of the software. KC follows the customer’s specific change control processes as appropriate, (i.e., Change Management Board (CMB)) and works with the Operations and Information Assurance(IA) teams to provide the required documentation for the changes to be deployed on the network. All source code is under Configuration Management (CM) control using tools such as Git, PVCS, or Microsoft Team Foundation Server (TFS).
Requirements Analysis, Design, Coding, and Testing
Requirements Analysis: We work with the product owner, government Contracting Officer Representative (COR), stakeholders and Subject Matter Experts (SMEs) to capture the requirements and develop the Requirements Traceability Matrix (RTM). We follow our requirements management process conducting requirements analysis and develop the level of effort (LOE) for each requirement. As part of the requirements analysis process we will take into account not only the functional requirements, but also requirements related to other areas such as database, security, performance, and interfaces. Once the total set of requirements have been identified and LOE’s developed for them, a schedule will be developed by the Project Manager (PM) that is based on multiple iterations of 30 days or less each. The requirements to be implemented in each iteration will be based on the LOE of the requirements, their priority, and dependencies on other requirements.
Design: In each iteration, we perform detailed analysis and develop a design. Particularly for major releases or in earlier iterations it’s important to consider alternate design approaches. We evaluate the design alternatives and choose the “best-fit” for implementation.
Coding: We use the CM/source code control tool to create a new code “work set” or “branch” for new releases. Software development will continue using the development tools such as Visual Studio, Eclipse, and JDeveloper. Unit testing is an integral part of our SDLC process. All code is unit tested before being “checked” into the selected source code control tool. The code is “built” frequently and published/deployed to the test environment. Best practices such as continuous integration are implemented.
Testing: A standard definition of bug severity is coordinated with the COR and stakeholders so that each bug is classified for severity and prioritized based on this scale. We develop test scripts for each iteration and release of the software. Our developers perform unit level testing for any changes they make. UAT is conducted to confirm acceptability of software changes. Any defects identified during UAT are recorded in the Bug Tracker. The defects are fixed and re-tested as prioritized by the COR. Bugs are tracked using a tool such as JIRA. Once all the high priority bugs are tested and closed the software will be either scheduled for release or proceed to the next iteration. Once all known bugs are resolved a Test Readiness Review (TRR) is conducted to deploy the software in the production network. At the end of each iteration and release, we conduct an Agile retrospective session discussing the lessons learned and changes for the future releases of the software.
Once all known high priority bugs are closed and the software is accepted, the release is ready to be deployed into production following our CM processes. We comply with any customer specific change management requirements and obtain formal approval prior to deploying the release into production.
KC has mature processes supporting overall Quality Assurance (QA), Project Planning (PP), Project Monitoring and Control (PMC), Measurement and Analysis (MA), Risk Management (RM), and CM. All software development projects we execute follow these processes and are audited by the independent KC QA team. The PM and the QM participate in monthly Integrated Program Review (IPR) meetings with the KC senior leadership to present the project status and discuss the project schedule, risks, metrics, financials, staffing, subcontractor, and quality.