56.40.06 - Applications Development, Life Cycle, and Coding Standards

Return to policies website

PURPOSE:

The purpose of this Texas Tech University Health Sciences Center El Paso (TTUHSC El Paso) Operating Policy and Procedure (HSCEP OP) is to establish the policy for software development and implementation standards.

REVIEW:

This HSCEP OP will be reviewed each odd-number year (ONY) by the Managing Director of Information Management Systems and Associate Managing Director of Academic Technology and will be approved by the Chief Information Officer (CIO) 

POLICY/PROCEDURE:

Scope and Applicability

    1. This policy applies to the development and maintenance of software applications within TTUHSC El Paso. The processes of the life cycle are described and are applicable to any software methodology used. 
    2. Outside of the Information Technology Department, all employees identified as developers should adhere to the same quality assurance procedures listed in this policy

Software Development Life Cycle

    1. Project requests must be approved by the department administrator before any work is started.
    2. An approved software development methodology must be followed.
    3. The programmers must abide by the TTUHSC El Paso Coding Standards to be in compliance with applications architecture, security, naming conventions, EIR accessibility guidelines, and programming best practices. TTUHSC El Paso Coding Standards
    4. TTUHSC El Paso EIR accessibility guidelines
    5. A code review session must be performed by a Database Administrator (DBA), Programmer, and Analyst as a prerequisite to the testing phase. 
    6. Test cases must be completed and executed as a prerequisite to proceed with User Acceptance Testing (UAT).
    7. Test cases must be executed by an Information Management Systems analyst.
    8. Stakeholders must assign at least one person to perform the UAT. Once the UAT is approved by the stakeholders, the application can be deployed to production environment.
    9. Deployments to production environment must undergo an assessment using a dynamic security scan tool. Critical and high vulnerabilities must be fixed, if applicable. 
    10. Software application deployment will be performed by database administrators following an established schedule and guidelines outlined in the change management program. 
    11. All web sites must follow the B.No. 1910 SECTION 1 Subchapter C, Chapter 2054 act.