Software Design Procedure | ITSW104

Software Design Procedure

The purpose of the Software Design Procedure is to transform a set of system requirements (developed by the systems analyst) into programming instructions for a software product.

The Software Design Procedure helps design software in a technically sound and efficient manner. This software procedure applies to all software products and updates released by the company. (6 pages, 1117 words)

Software Design Responsibilities:

The Software Designer is responsible for transforming system requirements developed by the systems analyst into programming instructions and then communicating the overall design approach. The Software Designer should write a description of the programming environment. They should also create a general design of the software required to fulfill the system requirements developed by the systems analyst. They might use the following tools:

  • A word processing program, for typing text;
  • A paint or draw program, for creating graphics;
  • A flow charting program, for documenting data flows;
  • A source code control system, for controlling program revisions; and
  • A central database, for storing specifications, charts, and images.

Document ideas, comments, and concerns for possible investigation. Plan on spending as much time as necessary to answer any questions before turning the design over for programming. The more time spent in the early planning phases will help to create easier coding and save time later in the software programming phase. Users may request design changes during this or any other phase of the software development life cycle.

Software Design Procedure Activities

  • Software Design-Introduction
  • Software Design Specification
  • Software Design Review

Software Design Procedure References

  • ISO/IEC 12207:1995-Information Technology-Software Life Cycle Processes
  • IEEE/EIA 12207.0-Standard Industry Implementation of International Standard ISO/IEC 12207:1995

Software Design Procedure Forms


Computer Malware Procedure | ITSD105

Computer Malware Procedure

The Computer Malware Procedure prevents data loss corruption or misuse of your company’s information that may occur when malware or “malicious software” is introduced into its IT network. This Computer Malware Procedure applies to all of your company’s personnel and to all computer hardware and software comprising the company’s IT network. (6 pages, 1792 words)

Computer Malware Responsibilities:

The Information Technology Security Manager is responsible for implementing malware control procedures, training LAN Administrators and other Information Systems Department personnel, training users on computer malware control, and evaluating and updating appropriate computer malware detection software.

The LAN Administrator is responsible for coordinating actions required to prevent computer malware outbreaks, coordinating all actions required to eradicate the malware, and recovering data to the greatest extent possible.

The Tech Support Manager is responsible for installing and maintaining malware protection on Information Technology assets and for cleaning malware infections from company applications, devices, etc.

Users are responsible for following the guidelines of this policy document and for immediately notifying the Information Technology Security Manager in the event a malware attack is suspected.

Computer Malware Definitions:

Malware – Short for “malicious software”, malware is designed to damage, disrupt, or abuse an individual computer or an entire network and/or steal or corrupt an organization’s most valuable and sensitive data.  Viruses, worms, and Trojan horses are examples of malware.

Spam or junk email – Unsolicited commercial email sent in bulk over the Internet. Spam puts a cost and a burden on recipients by clogging up network bandwidth, consuming disk space, and wasting employees’ time. Spam is frequently a malware vector.

Subscription service – A service whereby a software vendor offers support for its product, usually for a predetermined time period. Anti-virus vendors typically include a one-year subscription (for updates, notices, etc.) with the purchase of a product license. Many vendors offer fee-based subscription services whereby subscribers automatically receive notifications, security bulletins, etc., for a set period of time.

Target – The ultimate destination for malware; that which the malware is designed to attack. Boot sectors, hard disk drives, email servers, and departmental (HR, accounting, etc.) servers are examples of malware targets.

Vector – How malware is carried to a computer, server, or system.

Computer Malware Procedure Activities

  • Planning Malware Defense
  • Malware Defense Plan
  • Malware Defense Review
  • Malware Defense Plan Update

Computer Malware Procedure References

  • ISO/IEC Standard 27002:2013- Information Technology-Code of Practice for Information Security Management
  • National Institute for Standards and Technology (NIST) Draft Special Publication 800-83- Guide to Malware Incident Prevention and Handling (August 11, 2005)


IT Records Management Procedure | ITAD102

IT Records Management Procedure

The IT Records Management Procedure helps manage your company’s IT records consistently and efficiently ensuring safety, availability, accountability and security of the records. The procedure applies to all records managed by IT, both in hardcopy and electronic form. (10 pages, 2125 words)

IT Records Management Responsibilities:

Information Technology Managers is responsible for reviewing classification and retention of records, reviewing record obsolescence, conducting internal audits of the Records Management System, and ensuring that corrective actions prescribed by audits are taken.

The Information Technology Storage Librarian is responsible for maintaining company records, maintaining a records log, and purging or physically destroying records.

The Tech Support Manager is responsible for updating storage medium and format of records when they are still required but in danger of becoming inaccessible.

Top Management is responsible for developing and approving a records classification and retention guide.

All Employees are responsible for ensuring records they generate and use are timely, accurate, and complete and are kept in the appropriate records store or database.

IT Records Management Definitions:

Active – Currently in use; used in the conduct of current business. Active records are often referred to as “production” records.

Archive – Offline storage of records (onto backup tapes, floppy disks, optical disks, etc.); files containing data that are no longer in current use but are kept in long-term storage for possible future needs (to fulfill legal requirements, for instance).

Document – Information and its supporting medium (paper, magnetic, electronic, optical, photograph, or sample). A document is an object commonly found in office systems (a spreadsheet, word processing document, database, etc.), whereas a record is a document that provides evidence of a particular business activity.

Record – In Information Technology, a record is a data structure aggregating several items of possibly different types. The items being aggregated are called fields and are usually identified or indexed by field labels. Generally, a record is data or information of any kind and in any form, created or received and accumulated by an organization in the course of conducting business and subsequently kept as “evidence of activity” through incorporation into a recordkeeping system.

IT Records Management Procedure Activities

  • Identification of Records
  • Records Generation
  • Record Management
  • Technology Obsolescence
  • Records Audit

IT Records Management Procedure References

  • Sarbanes-Oxley Act of 2002
  • ISO 15289-1:2001-Information and Documentation-Records Management
  • ISO 15489-2:2001-Information and Documentation-Records Management
  • ISO 9001:2000 Standard-Quality Management Systems-Requirements, Clause 4.2.4 (Control of Records)
  • Control Objectives For Information and Related Technology(COBIT)

IT Records Management Procedure Forms


Software Documentation Procedure | ITSW106

Software Documentation Procedure

The Software Documentation Procedure defines methods and responsibilities for controlling the revision, approval and distribution of documents used to provide software reference and training materials.

The Software Documentation Procedure applies to all software products and updates released by the company. (8 pages, 1808 words)

Document ideas, comments and concerns for possible investigation. Plan on spending as much time as necessary to answer any questions before releasing the documentation into production.

Software Documentation Responsibilities:

The Document Editor is responsible for reviewing software documentation for grammar, punctuation, understanding, and overall usability.

The Quality Assurance Manager is responsible for ensuring that software documentation meets quality requirements.

The Systems Analyst works with and educates the Technical Writer on the proper use of the software and reviewing all documentation for technical accuracy.

The Technical Writer is responsible for gathering information about the software that explains the use of the software to the target user using help files or manuals, while also maintaining and controlling the documentation produced.

Software Documentation Definitions:

Controlled Document – A document that provides information or direction for performance of work and that is within the scope of this procedure. Characteristics of control include such things as Revision Number (letter), signatures indicating review and approval, and controlled distribution.

Document – Information and its supporting medium. The medium can be paper, magnetic, electronic, optical computer disc, photograph, or sample.

External Document – A document of external origin that provides information or direction for the performance of activities within the scope of this procedure.

Software Documentation Procedure Activities

  • Software Assessment
  • Software Documentation Production
  • Software Documentation Review
  • Software Documentation Release
  • Software Document Revision
  • Software Documentation Procedure and Work Instruction Format

Software Documentation Procedure References

  • ISO/EIC 12207:1995-Information Technology-Software Life Cycle Processes
  • IEEE/EIA 12207.0-Standard Industry Implementation of International Standard ISO/IEC 12207:1995

Software Documentation Procedure Forms


Software Releases Procedure | ITSW109

Software Releases Procedure

The Software Releases Procedure maintains consistency and high quality of software products throughout all releases and updates.

The Software Releases Procedure applies to all company designed and developed software products and updates. (12 pages, 2129 words)

Software Releases Responsibilities:

The Product Manager decides how many versions of a product the company will maintain and support.

Programmers use the software component library to control all changes, comment on the changes made, and indicate version numbers.

The Quality Assurance Manager manages the software library and releases software versions that successfully pass testing.

The Software Designer determines the specific software components that make up the final product release.

Software Releases Definitions:

Software version – Consists of software components and corresponding documentation. Generally, a version is a checkpoint at which a particular thing or idea varies from its previous state or condition.

Software release – A software release refers to the creation and availability of a new version of a computer software product. Each time a software program is changed, the programmers and company doing the work decide on how to distribute the changes or the changed system or program to those people using it.

Software Releases Procedure Activities

  • Software Releases and Updates-Introduction
  • Software Version Control Standards
  • Software Configuration Control Standards
  • Software Release Control Standards
  • Software License, Warranty, and Copyright

Software Releases Procedure References

  • ISO/IEC 12207:1995-Information Technology-Software Life-Cycle Processes
  • IEEE/EIA 12207.0- Standard Industry Implementation of International Standard ISO/IEC 12207:1995

Software Releases Procedure Forms


TCP-IP Implementation Standards Procedure | ITAD105

TCP-IP Implementation Standards Procedure

The TCP-IP Implementation Standards Procedure defines specific standards regarding assignment of TCP and IP addresses for equipment attached to your company’s network infrastructure. The procedure facilitates effective network management. The TCP/IP implementation standards apply to all company Wide Area Networks (WANs), Local Area Networks (LANs) and all devices attached to those networks. (6 pages, 1145 words)

Transmission Control Protocol/Internet Protocol (TCP/IP) is the company primary networking protocol.  While other network protocols are in use on company networks, TCP/IP is particularly important since this is the primary protocol of the Internet. Access to any Internet resource, including the World Wide Web (WWW), must use this protocol. Communication with the TCP/IP software suite depends upon the assignment of unique 32-Bit addresses.

TCP-IP Implementation Standards Responsibilities:

The Network Manager is responsible for managing the company TCP/IP addressing plan.

Remote Site LAN Administrators are responsible for coordinating TCP/IP addressing with the Network Manager.

TCP-IP Implementation Standards Procedure Activities

  • TCP/IP Address
  • Dynamic Host Configuration Protocol (DHCP)
  • Network Address Translation
  • Subnet Addressing Standards
  • WAN Link Addressing Conventions

TCP-IP Implementation Standards Procedure References

  • Sarbanes-Oxley Act of 2002


Software Services Procedure | ITSW111

Software Services Procedure

The Software Services Procedure ensures that customers can effectively install and operate the software they purchase from your company. The support services procedure also ensures customer satisfaction with your company’s goods and/or support services.

The Software Services Procedure applies to all software products and updates released by your company. (10 pages, 1737 words)

Software Services Responsibilities:

Customer Software Consultants are responsible for developing custom solutions and recording their activities.

The Customer Consulting Manager is responsible for periodic reporting on consultants’ activities and helping improve consulting services.

Software Services Definitions:

Statement of Work (SOW) – A formal contract or agreement, signed by the client and the service provider, that states at a minimum the scope of work, deliverables, terms and conditions, and commercial details. It may also specify service level agreement requirements, quality expectations, resource descriptions, and reward-penalty clauses.

Service Level Agreement (SLA) – A binding contract, formally specifying or quantifying a customer’s expectations with regard to solutions and tolerances; a collection of service level requirements, negotiated and mutually agreed upon by the service provider and the consumer.

Software Services Procedure Activities

  • Software Consulting-Introduction
  • Software Consulting-Cost Estimates
  • Software Consulting-Enhancements and Customization
  • Software Consulting-Software Problems
  • Software Consulting Services Review

Software Services Procedure References

  • ISO/IEC 12207:1995-Information Technology-Software Life-Cycle Processes
  • IEEE/EIA 12207.0-Standard Industry Implementation of International Standard ISO.IEC 12207:1995

Software Services Procedure Forms


Software Training Procedure | ITSW112

Software Training Procedure

The Software Training Procedure ensures that customers and employees can effectively operate your company-developed software.

The Software Training Procedure also promotes customer satisfaction with company products and services. The training procedure applies to all software products and updates released by your company. (6 pages, 1157 words)

Software Training Responsibilities:

The Software Trainer is responsible for developing training materials and training classes, scheduling classes and facilities, developing training plans, and providing instruction.

The Tech Support Manager is responsible for setting up computer equipment to be used in software training.

The Training Manager is responsible for reviewing course evaluations and recommending changes to software courses.

The Training Assistant is responsible for entering courses, trainers, and schedules into the training course log (or database).

Maintenance is responsible for setting up non-computing equipment (tables, chairs, etc.) for training.

Software Training Procedure Activities

  • Software Training-Introduction
  • Software Training-Standard Training Courses
  • Software Training-Customized Training Courses
  • Software Training-Teaching Training Courses

Software Training Procedure References

  • ISO/IEC 12207:1995-Information Technology-Software Life-Cycle Processes
  • IEEE/EIA 12207.0- Standard Industry Implementation of International Standard ISO/IEC 12207:1995

Software Training Procedure Forms


Systems Analysis Procedure | ITSW103

Systems Analysis Procedure

The purpose of the Systems Analysis Procedure is to create documents that define the functions the system will perform. The Systems Analysis Procedure also creates an acceptance test plan—which describes how to test system functions—and a beta test plan—which describes how to conduct a user test of those functions.

The Systems Analysis Procedure applies to all software products and updates released by the company. (6 pages, 1270 words)

Systems Analysis Responsibilities:

The Systems Analyst is responsible for developing and communicating the overall design approach that addresses the customer requirements, as well as producing the test plans.

Systems Analysis Definitions:

Systems analysis – Work that involves applying analytical processes to the planning, design, and implementation of new and improved information systems to meet the business requirements of customer organizations; phase of the SDLC in which the current system is studied and alternative replacement systems are proposed.

Systems development life cycle (SDLC) – A method for developing information systems, made up of five main stages: analysis, design, development, implementation, and evaluation. Each stage is further comprised of several components (for example, the development stage includes programming, debugging, testing, and documenting).

Systems Analysis Procedure Activities

  • Systems Analysis-Introduction
  • Systems Analysis-Requirements
  • Systems Analysis-Information Flows Documentation
  • Systems Analysis-Acceptance Test Plan
  • Systems Analysis-Beta Test Plan
  • Systems Analysis-Review

Systems Analysis Procedure References

  • ISO/IEC 12207:1995- Information Technology-software Life Cycles Processes
  • IEEE/EIA 12207.0-Standard Industry Implementation of International Standard ISO/IEC 12207:1995(ISO/IEC 12207) Standard for Information Technology Software Life Cycle Processes