System Development Change Management_M5 Flashcards
What is change management controls?
Change Mgmt Controls help mitigate certain risk such as, Selection and acquisition risk, Integration risks, Outsourcing risks.
- Policies and Procedures
- Emergency Change Policies
- Standardized Change Request: involves using formats, protocols, or technology so that all change requests meet pre-established criteria in an effort to streamline the change-requesting process.
- Impact Assessments
- Authorization
- Separation of Duties.: may prevent unauthorized access or protect assets and information.
- Conversion Controls
- Reversion Access: Can revert back capabilities; is a parallel implementation, which involves keeping legacy systems in place while simultaneously setting up a new system to either run concurrently or be in place so the company can revert to the old system if unexpected complications arise.
- Pre-implementation testing
- Post-implementation testing is a process that occurs after a new system is in production and has replaced the legacy system.
- Ongoing Monitoring
How to decide how to replace a legacy system?
- The decision to acquire new software would have more discretion over quality control if it developed the software in house. If subscribed to the vendor’s subscription service, then would be subject to the standards set by the vendor, likely with little say as to how those standards are policed.
- Purchasing large software systems is expensive but may have the opportunity for price negotiation as well as using the system over a longer period to spread out costs, giving it more flexibility than outsourcing.
What are the different types of test and strategies used in info. systems and Change Mgmt Controls?
- Purpose of testing
- Software Testing Process
- Guidelines for Sucessfule Testing
- Types of test:
- Unit Test
- Integration Test
- System Testing (11 components)
- Acceptance Test (2 Components) Alpha and Beta
5 Change Management Testing
- Testing the change
- Testing outsourced changes
What is the Unit Test?
1 of 4 types of test for info systems and change control mgmt.
- Unit test: are used to validate the smallest components of a system, ensuring that they handle known input and output correctly.
What is the Integration test?
2 of 4 types of test for info systems and change control mgmt.
- Integration test: exercise an entire subsystem and ensure that a set of components operates smoothly together.
What are the different types of system test?
3 of 4 types of test for info systems and change control mgmt.
- A system test assesses:
- The overall performance of a newly implemented software package.
- The IT platform to evaluate whether it meets operational, technical, or applicable quality standards.
- Is a Validation Tests focus on visible user actions and user-recognizable outputs from the system.
- System tests are performed in an environment that simulates how the system should function in production.
- Functional Test: the basic ability to function as intended
- Black Test
- White Test
- Grey Test
- Exploratory test
- Performance Test
- Recovery Test: the ability to recover from failures
- Security test: A security test verifies that the tested system can block unauthorized penetration, prevent unintended system or data changes, or prevent any other type of system-related misuse.
- Stress test: A stress test does not test logical reasoning but rather it judges the tested system’s ability to handle extremes. These extreme scenarios may test how the new platform handles a spike in quantity, a change in frequency, or increase in the volume of records processed.
- Regression test: takes rerun test cases within known outcomes given a known set of variables and applies those cases to a new system with new functionality to determine any variation in system performance.
- Sanity test: gauges whether the system behaves as it was designed, verifying that the design parameters align with all intended use cases for the system. This test would also reveal abnormalities or outcomes that are illogical based on the system input and expected output.
What is the Acceptance Test?
4 of 4 types of test for info systems and change control mgmt.
- Acceptance test: ensures that the software works correctly for the intended user in his or her normal work environment.
-
Alpha Test
The developer will be present during the test, and the customer gets to test the software at its own site. -
Beta Test
The developer will not be present during the test, and the customer gets to test the software at its own site.
What are the characteristics of purchasing software?
- If application software is purchased, it purchased only the license to use the software.
- The purchaser may or may not receive a copy of the source code.
- The source code may or may not be escrowed.
- Escrow is designed to protect the purchaser.
- Maintenance for that software may or may not be purchased. Maintenance is normally updates and support.
What are the advantages and disadvantages of building software vs. outsourcing?
Advantages and Disadvantages of Outsourcing Software
- Outsourcing may be a quick way to gain capabilities and expertise.
- If subscribed to a subscription service would be subject to the standards set by the vendor.
- A company will likely have less control over the functionality if it outsources.
- It is typically more expensive over the long run to subscribe to an outsourced vendor because there is no opportunity to spread out costs over longerperiods of time.
Advantages and Disadvantages of Building Software in-House
- Would have more discretion over quality control.
- Can set its own standards.
- Can decide to use it for periods much longer than the expected life and that means a lower cost in the long-run.
- Purchasing large software systems is expensive but may have the opportunity for price negotiation.
What is program modification control software?
- It attempts to prevent changes by unauthorized personnel.
- It track program changes so that there is an exact record of what versions of what programs were running in production at any specific point in time.
- Controls over modification on programs being used in production applications.
- Includes a software change managementb tool and a change request tracking tool.