Introduction

RosettaHealth’s Systems Development Lifecycle Process (SDLC) uses a multi-phase approach based on industry standard Agile practices with additional processes used to encompass the unique nature of the RosettaHealth system. Each phase consists of a number of activities and deliverables.

Planning Phase

Purpose: Identify and prioritize the different work activities that are needed by the RosettaHealth system/product

Activities:

  • Review work activities that are needed by the RosettaHealth Platform (enhancements, defects, operational actions, new features).

    • Define/revise the product planning tracker with task

    • Derive security requirements for any new features or functionality that has potential security implications

    • Evaluate security and compliance guidance for requirements

    • Assign technical team resources to each task.

Deliverable:

  • Update to project planning tracker

Work Phase

Purpose: Perform the tasks necessary to build/implement/execute the tasks defined in the previous phase

Activities: Note that these activities are executed in a continuous cycle for each work item.

  • Define/Design the flow of data within the solution including any dependent or depending systems.

  • Analyze design against known security requirements. Specifically any components that touch PHI must be analyzed for:

    • Improper delivery of messages. 

    • Are messages delivered to the intended recipient

    • Improper access of messages. 

    • Can messages only be accessed by authorized users

    • Proper encryption of PHI.

    • All messages or other data must be encrypted in transit and at rest. 

    • Vulnerability of publically exposed interfaces. 

    • Are any public interfaces vulnerable to any recognized attack vectors. 

    • Develop testing tools to validate security requirements mentioned above.

  • Implement: perform the necessary actions to create a Candidate Item

  • Review: review of the implementation details by the technical team

  • Test: develop, execute and document the testing mechanisms appropriate to the work item. Testing may include one or more of the following

    • Repeatable functional regression tests

    • Performance testing if applicable

    • Security testing for any identified security requirements

    • Third-Party system of systems testing

  • DevOps Integration

    • Build and Deploy mechanisms appropriate for the Candidate item.

    • Define and verify monitoring integration for he Candidate Item

Deliverable:

  • Candidate Item

  • Test Cases

  • Technical Support Information

Production Deployment and Operations Phase

Purpose:ensure that the Candidate Item is ready to be introduced and supported in the RosettaHealth production environment

Activities:

  • Execute Production Deployment activities associated with the candidate time.

  • Update associated FreshDesk ticket.