Integrating Risk Management in SDLC | Set 3

Prerequisite – Integrating Risk Management in SDLC | Set 1, and Set 2
In this article we will be discussing remaining four steps: Integration and System Testing, Installation, Operation and Acceptance Testing, Maintenance and Disposal.

5. Integration and System Testing:
In this phase, first all modules are independently checked for errors, bugs. Then they are related with their dependents and dependency is checked for errors and finally all modules are integrated into one complete software and checked as a whole for bugs.

Support from Risk Management Activities –
In this phase designed controls are tested to see whether they work accurately in integrated environment.

This phase includes three activities: Integration Activity, Integration Testing Activity, System Testing Activity. We will be discussing these activities in a bit detail along with risk factors in each activity.

  1. Integration Activity – In this phase individual units are combined into one working system.
    Risk Factors –

    • Difficulty in combining components: Integration should be done incrementally else it will very difficult to locate errors and bugs. The wrong sequence of integration will eventually hamper the functionality for which the system was designed.
    • Integrate wrong versions of components: Developing a system involves writing multiple versions of the same component. If incorrect version of the component is selected for integration it may not produce the desired functionality.
    • Omissions: Integration of components should be done carefully. Single missed component may result in error and bugs, that will be difficult to locate.
  2. Integration Testing Activity – After integrating the components next step is to test whether the components interface correctly and to evaluate their integration. This process is known as integration testing.
    Risk Factors –

    • Bugs during integration: If wrong versions of components are integrated or components are accidentally omitted, then it will result in bugs and errors in the resultant system.
    • Data loss through interface: Wrong integration leads to a data loss between the components where the number of parameters in the calling component do not match the number of parameters in the called component.
    • Desired functionality not achieved: Errors and bugs introduced during integration results in a system that fails to generate the desired functionality.
    • Difficulty in locating and repairing errors: If integration is not done incrementally, it results in errors and bugs that are hard to locate. Even of the bugs are located, they need to be fixed. Fixing error in one component may introduce error in other components. Thus it becomes quite cumbersome to locate and repair errors.
  3. System Testing Activity – In this step integrated system is tested to ensure that it meets all the system requirements gathered from the users.
    Risk Factors –

    • Unqualified testing team: Lack of good testing team is a major setback for a good software as testers may misuse the available resources and testing tools.
    • Limited testing resources: Time, budget, tools if not used properly or unavailable may delay project delivery.
    • Not possible to test in real environment: Sometimes it is not able to test system in the real environment due to lack of budget, time constraints etc.
    • Testing cannot cope up with requirements change: Users requirements often change during entire software development life cycle, so test cases should be designed to handle such changes. If not designed properly they will not be able to cope up with change.
    • System being tested is not testable enough: If the requirements are not verifiable, then In that case it becomes quite difficult to test such system.

6. Installation, Operation and Acceptance Testing:
This is the last and longest phase in SDLC. In this system is delivered, installed, deployed and tested for user acceptance.

Support from Risk Management Activities –
The system owner will want to ensure that the prescribed controls, including any physical or procedural controls, are in place prior to the system going live. Decisions regarding risks identified must be made prior to system operation.

This phase involves three activities: Installation, Operation, Acceptance Testing.

  1. Installation Activity – The software system is delivered and installed at the customer site.
    Risk Factors –

    • Problems in installation: If deployers are not experienced enough or if the system is complex and distributed, then in that case it becomes difficult to install the software system.
    • Change in environment: Sometimes the installed software system don’t work correctly in the real environment, in some cases due to hardware advancement.
  2. Operation Activity: Here end users are given training on how to use software system and its services.
    Risk Factors

    • New requirements emerge: While using system, sometimes users feel need to add new requirements.
    • Difficulty in using system: Being a human it is always difficult in the beginning to accept a change or we can say to accept a new system. But this should not go for a long otherwise this will be a serious threat to acceptability of the system.
  3. Acceptance Testing Activity – Delivered system is put into acceptance testing to check whether it meets all user requirements or not.
    Risk Factors –

    • User resistance to change: It is human behavior to resist any new change in the surroundings. But for the success of a new delivered system it is very important that the end users accept the system and start using it.
    • Too many software faults : Software faults should be discovered earlier before the system operation phase, as discovery in the later phases leads to high cost in handling these faults.
    • Insufficient data handling: New system should be developed keeping in mind the load of user data it will have to handle in real environment.
    • Missing requirements: while using the system it might be possible that the end users discover some of the requirements and capabilities are missing.

7. Maintenance:
In this stage, the system is assessed to ensure it does not become obsolete. This phase also involves continuous evaluation of the system in terms of performance and changes are made time to time to initial software to make it up-to date.

Errors, faults discovered during acceptance testing are fixed in this phase. This step involves making improvements to the system, fixing errors, enhancing services and upgrading software.

Support from Risk Management Activities –
Any change to a system has the potential to reduce the effectiveness of existing controls, or to otherwise have some impact on the confidentiality, availability, or integrity of the system. The solution is to ensure that a risk assessment step is included in evaluating system changes.

Risk Factors –

  • Budget overrun: Finding errors and fixing them involves repeating few steps in SDLC again. Thus exceeding the budget.
  • Problems in upgrading: Constraints from end user or not so flexible architecture of the system forces it to be not easily maintainable.

8. Disposal:
In this phase, plans are developed for discarding system information, hardware and software to make transition to a new system. The purpose is to prevent any possibility of unauthorized disclosure of sensitive data due to improper disposal of information. All of this should be done in accordance with the organization’s security requirements.

Support from Risk Management Activities –
Risk Management plan developed must also include threats to confidentiality of residual data, proper procedures and controls to reduce risk of data theft due to improper disposal. However, by identifying the risk early in the project, the controls could be documented in advance ensuring proper disposition.

Risk Factors –

  • Lack of knowledge for proper disposal: Proper disposal of information requires a experienced team, having a plan on how to handle the residual data.
  • Lack of proper procedures: Sometimes in hurry to launch a new system, organization sidelines the task of disposal. Procedures used to handle residual data should be properly documented, so that they can be used in future.

My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using or mail your article to See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.