Amedeo Maturo

Protección de Datos y Administración Electrónica

Road to CISA, step 6: Information System Acquisition

When I started to study the Chapter 3 of CISA Review Manual 2013 (Information Systems Acquisition, Development and Implementation), I thought: «Hmm, I think I’ll never use this information«.

Obviously, I’m affected by some kind of a Cassandra effect, so two days later I was diving deep into the Information Systems Aquisition stuff for a client.

What is Information System Acquisition about?

It’s SDLC (System Development Life Cycle) that guides you through the process of acquisition of a new ERP, for example. CISA Review Manual outlines eight SDLC phases.

  1. Feasibilyt Study;
  2. Requirements Definition;
  3. Software Selecion adn Acquisition;
  4. Design;
  5. Development;
  6. Configuration;
  7. Implementation;
  8. Postimplementation.

For my client, by the moment, I went through the first two phases. That means that I made a brief (maybe, too brief) Feasibility Study and started to collect requirements from stakeholders.

The last phase was very interesting, because I had to:

  • consult the most affected stakeholders, to understand what they needed;
  • detect conflicts between stakeholders of different departments;
  • convert stakeholders requirements into system requirements;
  • structure requirements in a readable format (more or less…); they must be complete, consistent, unambigous, verifiable, modificable, testable and traceable;

How will the Acquisition Process go? Well, I hope I’ll have some results in the next three weeks. By the moment, I’m focused in elaborationg a vendors short-list. So, stay tuned.

Categoría: CISA

Etiquetas:

Deja un comentario

Archivos

Temas