The Federal Bureau of Investigation's Implementation of the
Laboratory Information Management System
Audit Report 06-33
Office of the Inspector General
According to the FBI’s Chief Information Officer (CIO), since the inception of the Life Cycle Management Directive (LCMD), all FBI information technology (IT) programs and projects have been reviewed and managed according to the processes described in the LCMD. New IT programs and projects have been managed according to this IT Systems Life Cycle from inception and will be managed through retirement or replacement, while existing IT programs and projects are reviewed and placed within an appropriate IT Systems Life Cycle phase according to their maturity and other factors.
Systems Life Cycle Phases
The LCMD has established nine phases that occur during the development, implementation, and retirement of IT projects. During these phases, specific requirements must be met for the project to obtain the necessary FBI management approvals to proceed to the next phase. The approvals occur through seven control gates, where management boards meet to discuss and approve or disapprove a project’s progression to future phases of development, implementation, or retirement. The nine phases of development, implementation, and retirement are as follows:
Concept Exploration — Identifies the mission need, develops and evaluates alternate solutions, and develops the business plan.
Requirements Development — Defines the operational, technical and test requirements, and initiates project planning.
Acquisition Planning — Allocates the requirements among the development segments, researches and applies lessons learned from previous projects, identifies potential product and service providers, and secures funding.
Source Selection — Solicits and evaluates proposals and selects the product and service providers.
Design — Creates detailed designs for system components, products, and interfaces and initiates test planning.
Development and Test — Produces and tests all system components, assembles and tests all products, and plans for system testing.
Implementation and Integration — Executes functional, interface, system, and integration testing, provides user training, and accepts and transitions the product to operations.
Operations and Maintenance — Maintains and supports the product, and manages and implements necessary modifications.
Disposal — Shuts down the system operations and arranges for the orderly disposition of system assets.
Control Gate Reviews
The seven control gate reviews provide management control and direction, decision-making, coordination, confirmation of successful performance of activities, and determination of a system’s readiness to proceed to the next life cycle phase. Decisions made at each control gate review dictate the next step for the IT program or project and may include: allowing an IT program or project to proceed to the next segment or phase, directing rework before proceeding to the next segment or phase, or terminating the IT program or project. The FBI’s Investment Project Review Board (IMPRB) — comprised of 12 representatives from each FBI division at the Assistant Director level and 4 representatives from the Office of the Chief Information Office, including the CIO — is responsible for approving an IT project’s passing through each control gate. The seven control gate reviews that represent the approval of an IT project are as follows:
Gate 1 — System Concept Review approves the recommended system concept of operations.
Gate 2 — Acquisition Plan Review approves the Systems Specification and Interface Control documents and the approach and resources required to acquire the system as defined in the Acquisition Plan.
Gate 3 — Final Design Review approves the build-to and code-to documentation and associated draft verification procedures, ensures that the design presented can be produced and that when built is expected to meet its design-to specification at verification.
Gate 4 — Deployment Readiness Review approves the readiness of the system for deployment in the operational environment.
Gate 5 — System Test Readiness Review verifies readiness to perform official system-wide data gathering verification testing for either qualification or acceptance.
Gate 6 — Operational Acceptance Review approves overall system and product validation by obtaining customer acceptance and determining whether the Operations & Maintenance organization agrees to, and has the ability to, support continuous operations of the system.
Gate 7 — Disposal Review authorizes termination of the Operations and Maintenance Phase and disposes of system resources.
At each control gate, executive-level reviews determine system readiness to proceed to the next phase of the IT systems life cycle. Evidence of readiness is presented and discussed at each control gate review in the form of deliverables, checklists, and documented decisions. Regardless of the development model used for a particular program or project, all control gate reviews should be performed unless an agreement is made to skip or combine reviews. Depending upon the development model employed, programs or projects may pass through the control gates more than once.
The control gate reviews also provide executive-level controls to ensure that IT projects are adequately supported and reviewed before a project receives additional funding. Five executive-level review boards serve as the decision authority for the control gate reviews:
LCMD Project-Level Reviews
Project-level reviews help determine a project’s readiness to proceed to the next phase of the project life cycle. Each project-level review provides information to the executive-level control gates as data is developed and milestones are completed. They include the following:
|« Previous||Table of Contents||Next »|