Upload
dddibal
View
214
Download
0
Embed Size (px)
Citation preview
7/27/2019 CS IT Global SD Policies Flyer e
1/2
Version V1.0, 25-JAN-2007
CREDIT SUISSEGLOBAL IT SOLUTIONDELIVERY POLICY - FLYER
INTRODUCTION
The CS Global IT Solution Delivery Policy is based on industry standards and relevant regulations.
This document defines the policy covering Solution Delivery (IT Application and Infrastructure
Development). It extends the divisional or regional lifecycle models, like "SDLC+" and "IT Project
Procedure". Adherence to the Policy will ensure the Solution Delivery projects will follow a consistent
and managed path.
The Policy has been endorsed on and signed by all members of the IT Senior Management Team.
GUIDING PRINCIPLE AND SCOPE
This policy applies to every Solution Delivery project with a planned or actual to-date total IT effort of
more than 110 person-days.
It requires a project plan which accounts for the applicable divisional or regional lifecycle model. It
requires monitoring the project execution to identify potential problems and take appropriate corrective
actions in a timely manner. It obviously also requires completion of the work defined in the plan to
accomplish the project's requirements and to deliver high-quality technology solutions to the business.
The controls specified in this document give a high-level guidance on how to follow this policy. They
may also be applied within other projects at their discretion.
GENERAL MANAGEMENT CONTROLS
The Chief Information Officer (CIO) of Credit Suisse IT owns, maintains, communicates and
enforces this policy.
The CIO will review this policy on a regular basis, or when major changes in the organizational
strategy or changes in the regulatory environment are made.
All managers shall be responsible for the compliance of their organizational units with this policy.
They shall provide the quality management resources necessary to identify non-compliances and
track their resolution to closure and they provide the project resources necessary to resolve the
said non-compliances. Managers shall regularly report to their direct managers on the resolution
of non-compliances.
The CIO of the IT business area performing the majority of the project-related development effort
shall determine the mandatory development lifecycle of a cross-business area or -regional project.Such projects shall comply to platform-specific Change Control requirements associated with the
platforms that will be impacted by components and/or systems deployed by the project.
Project managers shall bring all work packages within a projects active phase or lifecycle that
cannot be mapped to a named resource to the attention of their immediate supervisor. The
project managers immediate supervisor shall be responsible for facilitating the reconciliation of
necessary resources to planned work.
Project team members shall be trained on process, methodology and supporting tools as
required to fulfill their assigned roles.
PROJECT MANAGEMENT CONTROLS
Project managers are responsible and accountable for planning and managing the execution of
their projects.
Project managers shall define project roles and assign said roles to adequately skilled project
team members; in particular, project managers shall assign team members to fill requirements
engineering and configuration management roles.
Project managers shall define the roles and identify dedicated resources for all reviewing and
testing activities.
The progressive elaboration of requirements shall serve as an input to project planning activities,
including development of the projects work breakdown structure (WBS).
Project managers shall develop a WBS based on input from relevant project team members and
stakeholders.
They shall decompose the WBS to a level that enables reasonable effort, cost and scheduling
estimates to be made.
Project managers shall develop a project schedule based on input from relevant project team
members and stakeholders. They shall ensure that the schedule is traceable to the WBS.
Project teams shall maintain a list of planned and/or completed external acquisitions including
products, components, and services.
If acquisition alternatives exist, relevant stakeholders shall establish and confirm selection criteria
prior to the final selection of any supplier and/or product. Project teams shall plan for the integration of acquired products with respect to: 1. transfer of
the product to the project; 2. training; and, 3. maintenance and support.
Project managers may initially map each work package in the WBS to a responsible genericrole, but they must map all work packages that are due to be completed within the projects
active or current lifecycle phase to a named human resource who shall be responsible for
delivery of said work package.
Project managers shall create and maintain a project communications plan that details project
stakeholders' responsibilities to the project, and also details project stakeholders'
communication preferences.
Project managers shall maintain a quality assurance plan, including effort estimation for all
reviewing and testing activities.
Project managers shall obtain commitment to the WBS and the project schedule from team
members and providers of resources.
Project managers shall document supplier and/or product selections.
Documentation shall include the following: 1. a list of possible suppliers, 2. selection criteria,
and, 3. evaluation results and rationale behind the decision made.
Project managers shall document formal agreements for each project-related external
acquisition.
For acquisitions that are critical for the success of the project, agreements shall include the list
of deliverables and the respective acceptance criteria, a breakdown of effort and/or cost, a
schedule, and a list of risks and respective mitigation plans.
7/27/2019 CS IT Global SD Policies Flyer e
2/2
Version V1.0, 25-JAN-2007
CREDIT SUISSEGLOBAL IT SOLUTIONDELIVERY POLICY - FLYER
Project managers shall track progress of internal and external suppliers regularly, at least
monthly. This includes milestone tracking and progress reviews.
In case of significant deviations from the agreed plan the project teams shall take appropriate
corrective actions.
Project managers shall develop and maintain a list of project risks based on input from relevant
project team members and stakeholders.
They shall document a mitigation plan for all risks that are deemed to pose a serious threat.
The projects senior stakeholders shall review and approve this plan in advance so that the plan
can be acted upon should the risk manifest into an issue requiring resolution.
Project managers shall lead a project status meeting involving all key project stakeholders no less
than once a month.
At a minimum, the following items will be discussed: 1. changes to project scope; 2. progress
against the current monthly milestone; 3. progress against the overall schedule; 4. project risks;
5. project issues; 6. resource demand versus resource availability or capacity; and, 7. updates to
the project communications plan.
Project managers shall maintain copies of the meeting agendas, attendance records and minutes
of said meetings.
Project managers shall hold one-on-one project status meetings with their immediate supervisor
no less than once a month.
Project managers shall maintain copies of the meeting agendas and minutes of said meetings.
Project teams shall conduct reviews to ensure the consistency of work products and deliverablesand the completion of significant milestones such as phase exits and major deployments.
Project managers shall document the results of the review along with action items and decisions.
APPLICATION AND INFRASTRUCTURE DEVELOPMENT CONTROLS
Designated project team members shall ensure that the requirements received or generated by
the project are gathered and documented and a unique identifier is assigned to each
requirement.
Designated project team members shall analyze and negotiate requirements with the
requirements providers and the project team in order to obtain a common understanding and
agreement. They shall document commitments and decisions.
They shall negotiate changes to existing commitments before project participants commit to the
requirements.
The project sponsor shall sign-off the requirements.
Project teams shall follow a communicated project change request procedure for all changes to
agreed requirements and log all requirements changes.
They shall analyze the impact of requirements changes on commitments, project plans and work
products.
For approved requirements changes the project manager shall update the project plans and work
products accordingly.
Project teams shall verify the project plan and all work products against the agreed requirements
on a regular basis and initiate corrective actions if appropriate.
Designated project team members shall establish and maintain a list of select configuration items
and place them under configuration management including version control.
Project teams must document changes to configuration items and baselines.
Project teams shall create, document, and release baselines of configuration items for project
internal use and for delivery to the project's customers.
Project teams shall systematically record, control and track project change requests to closure
according to the project's change request procedure.
Project teams shall record, control and track changes due to defects.
Project teams shall analyze and document the impact of project change requests on
configuration items.
Project teams shall determine which products or components will be purchased, reused or
developed. They shall conduct the make-or-buy decision using an appropriate evaluation
approach.
Project teams shall develop and maintain technical documentation throughout the entire lifecycle
of the product or component. They shall update technical documentation to reflect any changes
in the system.
Project teams shall develop and maintain appropriate documentation for installation, ongoing
operational support and maintenance tasks to be performed for the developed system, as well
as user documentation and/or online help.
Designated project team members shall perform tests and reviews to verify that functional and
non-functional requirements as well as business objectives are met. This includes user and
operational requirements.
Designated project team members shall review system designs against functional and non-
functional requirements, especially performance, security and control requirements.
Designated project team members shall ensure that production environments are at least
logically segregated from development and testing environments.
Designated project team members shall perform unit testing and system testing for each module
or application.
Acceptance testing shall be performed and the test results shall be documented and retained.
There shall be formal confirmation that testing has been performed according to the test plan.
The sponsor, or the person responsible for the project within the client's reporting line, and by
the decision body responsible for Change Control shall make "Go live" decisions for the system
based, among other criteria, on test results.