10.0 Design Phase

  • Users of the system should be involved in the design process or at least review the design as is is being created so the knowledge of the end user can help maximize the usefulness of the system.
  • The security design of the system should be confidential, but the design should resist compromise if unauthorized individuals who understand the security design attacked the system.
  • A technical evaluation of the system design must be conducted to be sure the system will satisfactorily support the system security requirements. The project management methodology provide a process to be sure this evaluation takes place and appropriate action is taken based on the results of the evaluation.
  • The system design must consistent with the organizational business strategies and information technology plans and only use methods and technologies that the organization is planning to support for the duration of the lifetime of the proposed system.
  • The system design must be verified to be in compliance with organizational design standards which considers the design of files, output, data acess, controls, and program code.
  • The system design must provide access and transaction controls which reduce risk and meet business requirements and expectations based on the data clasification needs of confidentiality, integrity, and availability according to the organization's policies.
  • The system design provides hardware specifications, software design requirements, input and output requirements, specifies media to use, specifies controls, and specifies procedures that will be used on the system.
  • The system design specification must be understandable to readers who have no prior knowledge about the project.
  • A review process must be created which assures that the design specifications meet or exceed both the business requirements and the technical requirements.
  • Stakeholders in the project must review and sign off on the system design specification. End users and security experts must review the design.
  • The system design must be maintainable.
  • After review of the system by stakeholders and users, the project sponsor must approve the final design specifications.