Solutions Evaluation
Types of Solutions
In general, there are 2 types of possible solutions that can be suggested to fulfill a Request:
Updating an existing application
Developing a new application from scratch
The follow-up process for "Updating an existing application" and "Developing a new application from scratch" is described in the section "Application Development".
The decision which type of solution is adequate for a given Request as well as the decision on the specific final solution depends on different aspects that need to be taken into consideration. Each of these aspects will be described in the following:
Aspects in the Evaluation of Potential Solutions
Information Security Goals
"Information Security Goals" refer to issues related to Information Security, such as protecting data against external or internal threats. Since every project is very unique, the amount and thoroughness of the Information Security Goals differ from case to case. For example, bigger projects that involve more people or sensitive data require more thorough Information Security Goals than smaller projects.
Generally, the following aspects should be taken into consideration when deriving the Information Security Goals for a project:
Information Assets
What data will be used in the application? (What data is already in use in the current application?)
Where is the data stored?
How is the data transferred?
How detrimental is it if the asset gets disclosed (Confidentiality), modified/destroyed (Integrity) or becomes unavailable (Availability)?
Involved People
Which external stakeholders (e.g. customers) and which internal stakeholders (e.g. employees) are involved?
Which information assets contain (sensitive) data about them?
What are their legal rights regarding Information Security and Data Protection?
What are the responsibilities the organization has to fulfill in regards to their data?
Access and Authorization
Who has access to the data?
Who requires access to the data?
Who is (not) allowed to have access to the data?
How is access authorized?
For example, the Information Security Goals can be presented in the following way:
Financial Resources
Project and Scope Timeline
"Project and Scope Timeline" refers to the intended course of the project taking into consideration the available resources. Its purpose is to provide an estimate of how much time the project would require and to give a general overview of phases and milestones without going into too much detail, so that stakeholders and developers have a first orientation and can evaluate the scope and cost of the project. It may be revealed during the Application Development process that the Milestones cannot be achieved in time. In that case, the Timeline gets adapted and the stakeholders are informed of the adaptation.
The Project and Scope Timeline can be illustrated as a Roadmap like this:
Decision-making Guidelines
Buy or develop a new application
Here are some considerations that the managers use for the decision-making process to either buy or develop a new application in the organization:
1. Cost: One of the most critical factors in deciding to develop or buy an application is cost. It might be expensive in terms of resources, time, and money to develop an application internally. On the other side, purchasing an existing application could be more affordable in the short run, but the expenditures might be greater in the long run.
2. Timeline: Building an application internally may require a lot of effort and time, which might cause the project's timetable to be pushed back. On the other hand, buying an existing application can reduce the time it takes to implement a solution.
3. Complexity: If the organization requires a highly customized application that requires specific features, it may be more feasible to develop it in-house. On the other hand, if the application's requirements are standard, it may be more practical to buy an existing application.
4. Support and maintenance: The application's continuing assistance and maintenance are crucial to take into account. Developing an application in-house means that the organization will be responsible for ongoing support and maintenance. If the organization does not have the necessary resources or expertise, it may be better to buy an existing application that includes support and maintenance.
5. Strategic alignment: The choice should also be in line with the strategic aims and objectives of the firm. If the application aligns with the organization's strategic goals, developing it in-house may be the better option. On the other hand, if the application does not align with the organization's strategic goals, it may be better to buy an existing application that meets the specific needs.
Improve an old application
The business managers in the organization may choose to improve an old application in their operational process for a variety of reasons. These are some factors that they use for the decision-making process:
1. Performance and reliability: The organization may decide to improve an old application if it is experiencing performance issues or if it is unreliable. This can include addressing slow response times, fixing bugs, or improving the application's uptime.
2. User feedback: The organization may receive feedback from users indicating that the application needs improvement. This can include feedback related to usability, functionality, or performance.
3. Changes in the business environment: An outdated application may need to be modified by the company to reflect changes in the business environment, such as new laws or market trends. This can include adding new features, updating data integration, or improving security.
4. Cost-effectiveness: The organization may weigh the cost of improving an old application against the cost of replacing it with a new application. If it is more cost-effective to improve the old application, the organization may choose to do so.
5. Technical feasibility: The organization may consider the technical feasibility of improving the old application. This can include an assessment of the application's code base, the availability of resources with the necessary skills, and the compatibility of the application with modern technologies.
Last updated
