[Document title]

[Document subtitle]

Murtaza Engineer [Date] [Course title]

 Software Development Standards and Specifications

Contents

1. Introduction ......................................................................................................................... 2
2. Pre-Development .................................................................................................................. 2
3. Development ........................................................................................................................ 2
4. Post-Development ................................................................................................................ 4
5. Outsourcing Guidelines ......................................................................................................... 4
6. Process for Evaluating Software Development Proposals ......................................................... 5
7. Annexures ............................................................................................................................ 6
1. Introduction
This document outlines the standards and specifications for all software development activities
within the organization. It is designed to ensure consistency, quality, security, and compliance across
all departments, irrespective of whether the development is conducted in-house or outsourced to
third-party vendors.

2. Pre-Development
2.1 Guidelines

• Requirement Gathering: Clearly define business needs and objectives.

• Stakeholder Involvement: Engage all relevant stakeholders early in the process.
• Feasibility Analysis: Assess technical and financial feasibility before initiating development.
2.2 Documentation Formats and Templates

SN Document Name Purpose Template

1. Business Requirements Outline the business objectives, scope, Refer
Document (BRD) and requirements Annexure A
2. Software Requirements Detail the functional and technical Refer
Specification (SRS) requirements of the software. Annexure B
3. Technical Design Provide a detailed design of the software Refer
Document (TDD) architecture and components. Annexure C

3. Development
3.1 General Requirements

o All software applications must comply with industry standards like GDPR (General
Data Protection Regulation) and ISO 27001 (Information Security Management).

o If SSO functionality is required, the application must integrate with "ITS One Login".

3.2 Technology Standards

• Preferred Approach:

o Adopt the latest, scalable, and secure technologies to ensure future proofing.

o Conduct reviews of existing technologies to determine if they are nearing end-of-life.

o Preferred Technology Standards:

▪ Frontend: React.js, Angular.

▪ Backend: Node.js, Python (Django, Flask).

▪ Database: PostgreSQL, MongoDB.

 ▪ Cloud Hosting: Azure, AWS, GCP. (Would be finalized by Central IT team to
achieve economies of scale and also to ensure single-window management)

▪ Infrastructure as Code (IaC): Terraform.

• API Development:

o Use REST or GraphQL APIs based on project requirements.

o Follow OpenAPI 3.0 Specification for API documentation (Refer to Annexure 1).

o Ensure APIs are secure, scalable, and capable of handling high data throughput.

3.3 Source Code and Repository Management

• Use standardized version control systems such as GitHub or GitLab (Refer to Annexure 3 for
repository structure standards).

• Commit Standards: Follow semantic naming conventions.

• Code Reviews: Mandatory for all commits.

• Ensure repositories are:

o Centralized with clear access controls.

o Documented with comprehensive README files and proper versioning.

• Maintain ownership of source code at all times to ensure seamless vendor transitions.

3.4 Vendor and Developer Evaluation

• Third-party Vendor Evaluation:

o Define a scoring system based on parameters like technical capability, certifications,

project experience, cost, adherence to timelines, and support services (Refer to
Annexure 4).

o Verify vendor compliance with security & quality standards (ISO9001, ISO27001, etc.)

o Documentation Provided: Project plan, SLAs, and post-project support terms.

• In-house Developer Assessment:

o Conduct technical skill assessments using tools such as HackerRank or Codility

(Refer to Annexure 5 for assessment criteria).

o Evaluate developers based on problem-solving, code quality, and adherence to best

practices.

3.5 Integration Standards

• All applications must support:

o API-based data exchange.

 o Seamless communication with existing and future systems.

o API Specifications:

▪ Use OpenAPI 3.0 standards.

▪ Endpoints: RESTful.

▪ Authentication: OAuth2.0.

▪ Versioning: Use semantic versioning (e.g., v1, v2).

• Ensure all software includes real-time monitoring and logging for integrations (Refer to
Annexure 6).

4. Post-Development
4.1 Maintenance and Support

• Third-party vendors must provide:

o Comprehensive maintenance for 1-4 years post-deployment.

o Clear Service Level Agreements (SLAs) for response and resolution times.

• Internal teams must:

o Ensure continuous monitoring, updates, and bug fixes.

o Provide reports to all relevant stakeholders at regular intervals.

4.2 Security and Compliance

• Ensure all applications undergo regular security audits, at least once a year if not more.

• Enforce encryption for data in transit and at rest.

• Implement role-based access controls.

5. Outsourcing Guidelines
5.1 Vendor Documentation Requirements

Before awarding a contract to an external vendor, the following details and documents must be
collected:

• Company Profile:

o Overview of the vendor's business.

o Relevant experience and expertise.

• Technical Documentation:

o Detailed description of proposed technologies and frameworks.

 o API documentation as per OpenAPI 3.0 standards.

• Security Certifications:

o Proof of compliance with GDPR, ISO 27001, and other relevant standards.

• Project Plan:

o Detailed timeline with milestones.

o Resource allocation and management plan.

• Support and Maintenance Plan:

o Scope of support services.

o SLAs for maintenance and issue resolution.

• Source Code Ownership Agreement:

o Terms ensuring full ownership and control over the source code.

6. Process for Evaluating Software Development Proposals

6.1 Evaluation Process Overview

(Note: A visual flowchart or swimlane diagram should be included here. Below is a textual
representation.)

1. Proposal Submission

o Department submits a software development proposal.

2. Initial Review

o CoE conducts a preliminary review for completeness.

3. Compliance Check

o Ensure adherence to GDPR and ISO 27001.

4. Technical Evaluation

o Assess proposed technologies and frameworks (Annexure 1 & 2).

5. Vendor Evaluation (if outsourcing):

o Score based on Annexure 4 criteria.

6. Approval Decision

o CoE approves or requests modifications.

7. Project Kick-off

o Align with CoE guidelines and standards.

(For a graphical representation, please use a tool like Microsoft Visio or Lucidchart to create a
flowchart based on the above steps and embed it in the document.)

7. Annexures
Annexure 1: OpenAPI Specification Standards

• Use OpenAPI 3.0 for all API documentation.

• Ensure API endpoints include detailed request/response schema, authentication methods,

and error codes.

• Utilize tools like Swagger or Postman for documentation.

Annexure 2: Cloud Hosting Standards

• Preferred Vendors: AWS, Microsoft Azure, or Google Cloud Platform (GCP).

• Use Infrastructure as Code (IaC) tools like Terraform for cloud resource management.

• Ensure high availability with multi-zone deployments.

• Implement cost monitoring and optimization practices.

Annexure 3: Source Code Repository Standards

• Repository Structure:

o Separate branches for development, testing, and production.

o Enforce code review processes using pull requests.

• CI/CD Pipelines:

o Implement automated CI/CD pipelines using GitHub Actions, Jenkins, or GitLab CI.

o Ensure automated testing and deployment procedures are in place.

Annexure 4: Vendor Evaluation Criteria

• Criteria Breakdown:

o Technical Expertise: 40%

o Cost-effectiveness: 20%

o Timely Delivery: 20%

o Post-delivery Support: 20%

• Scoring System:

o Assign scores for each criterion based on predefined benchmarks.

o Calculate total scores to rank vendors.

Annexure 5: In-house Developer Assessment Criteria

• Skills to Assess:

o Backend Development: Proficiency in Node.js, Python, or Java.

o Frontend Development: Experience with React.js, Angular, or Vue.js.

o Database Management: Knowledge of SQL and NoSQL databases.

• Assessment Tools:

o Use platforms like HackerRank or Codility for coding challenges.

o Conduct code reviews and pair programming sessions.

Annexure 6: Integration Standards

• Use JSON or XML for data exchange formats.

• Ensure token-based authentication (e.g., OAuth 2.0) for APIs.

• Implement rate limiting to prevent abuse.

• Ensure APIs are versioned to manage changes without disrupting existing integrations.