PROGRAM CHANGE:
Accounting, Audit, Governance, Policies, Procedures, Regulatory Compliance, Revenue Assurance, Risk Assessment
ACCESS CONTROL:
Awareness & Training, Fraud & Phishing, Incident Management, Internet Security, Security, Service Management, Spam
COMPUTER OPERATION:
Backup & Restore, Contingency, Data Center, Disaster Recovery, Environmental Exposures, System Log
STANDARD:
British Standard, Certification, Cobit, Financial Institution, ISO Standard, ITIL, NIST-SP, Oil & Gas, Sarbanes Oxley, Standard, US Standard
FREE TOOLS:
Anti Phishing, Anti Spam, Anti Spyware, Anti Virus, Audit Tools, Data Removal, Encryption, Firewall, Forensics, Password, Secure Connection

User login

Who's new

Develop, Buy or Customize?

in

Although this is not a step in the SDLC, an organization might decide to buy a product instead of building it. The decision typically comes down to time, cost, and availability of a predesigned substitute.

Before moving forward with the option to buy, the project team should develop a request for proposal (RFP) to solicit bids from vendors. Vendor responses should be closely examined to find the vendor that best meets the project team’s requirements. Some of the questions that should be asked include these:
. Does the vendor have a software product that will work as is?
. Will the vendor have to modify the software product to meet our needs?
. Will the vendor have to create a new, nonexistent software product for us?

The reputation of the vendor is also important. Is the vendor reliable, and do references demonstrate past commitment to service? When a vendor is chosen, the last step is to negotiate and sign a contract. Auditors will want to make sure that a sufficient level of security will be designed into the product and that risks are minimized.

Bookmark/Search this post with: