📖 What is Software Development Life Cycle (SDLC)?
Software Development Life Cycle (SDLC) is a structured process used by the IT industry to design, develop, and test high-quality software. It consists of several phases, including requirements gathering, design, coding, testing, deployment, and ongoing maintenance.
"Student, be prepared to identify which phase a specific activity belongs to. For example, creating a functional specification happens during the requirements/design phase."
📚 Certification: Certified Information Systems Auditor (CISA)
🔑 What are the Key Concepts of Software Development Life Cycle (SDLC)?
- ▸ Requirements Traceability Matrix (RTM) ensures every business requirement is mapped to a design element, a line of code, and a specific test case.
- ▸ Segregation of Duties (SoD) is critical, requiring that developers do not have access to migrate code into the production environment to prevent unauthorized changes.
- ▸ User Acceptance Testing (UAT) is the final validation phase where end-users confirm the system meets business needs before formal sign-off and deployment.
- ▸ The transition from SDLC to Change Management occurs during deployment, ensuring all promoted code is documented, approved, and can be rolled back if necessary.
- ▸ Audit evidence for SDLC includes signed-off requirement documents, test plans, bug logs, and formal approval records for each phase gate transition.
🎯 How does Software Development Life Cycle (SDLC) appear on the CISA Exam?
A scenario might describe a system failure immediately after deployment; you may be asked to identify which SDLC phase was likely bypassed or poorly executed, such as UAT.
You may be asked to identify the most significant risk when a small development team shares administrative access across development, testing, and production environments.
Expect questions where you must determine the best method to verify that all requested business functionalities were actually implemented and tested in the final software release.
❓ Frequently Asked Questions
What is the primary difference between System Integration Testing (SIT) and User Acceptance Testing (UAT)?
SIT focuses on the technical interfaces and data flow between different software modules or systems. UAT focuses on whether the software fulfills the business requirements and is acceptable to the end-user.
Why should an auditor be particularly concerned with the maintenance phase of the SDLC?
Maintenance often involves emergency patches or 'hotfixes' that may bypass formal SDLC controls. Auditors check for retrospective approvals to ensure these changes didn't introduce security vulnerabilities or undocumented features.