The directive is issued based on clause 12) of § 11 of the Statutes.
1. General provisions
The Rules for Information Technology (hereinafter referred to as “IT”) Development Work apply to the performance of IT development work required by Tallinn University of Technology (hereinafter referred to as “the university”), incl. preparation, planning, prioritisation and execution of IT development orders and subsequent IT management.
2. Definitions
2.1 “Information system” means a system which stores and processes information. An information system can consist of a set of interrelated modules/applications forming a unified whole for the user.
2.2 “Application” means a set of various programs designed to perform specific tasks. A set of applications can form an information system.
2.3 “IT development” or “IT development work” means the process of conceiving, specifying, designing, programming, documenting, testing, bug fixing involved in creating and modifying information systems and applications and the management activities necessary to carry out these processes.
2.4 “Requirements for IT development work” means the detailed requirements for IT development work annexed to the Rules.
2.5 “IT development proposal” means a proposal for IT development work that can be made by any member of the university.
2.6 “IT development project” means a larger set of IT developments (IT development orders, small-scale IT developments) with a fixed scope and time frame, the cost of which exceeds 60,000 euros (VAT included) and the purpose of which is to introduce or replace an existing information system or application.
2.7 “IT development order” means an IT development or set of developments with a fixed scope and time frame, the cost of which is between 0 and 60,000 euros (VAT included) or (if performed internally by the IT Services Office) the volume of which is 40 hours or more and the purpose of which is to develop certain additional functionality, substantially modify an existing one, or technically update a particular application or information system.
2.8 “Small-scale IT development” means a small-scale IT development carried out under a simplified procedure and with the cost of less than 3000 euros (VAT included) or with the volume of less than 40 hours if performed internally by the IT Services Office.
2.9 “IT development budget” means the financial resources allocated by a decision of the Rector for the fulfilment of development orders, implementation of IT projects and carrying out small-scale developments in the specific financial year.
2.10 “IT management costs” means the costs of maintaining information systems or applications (licence fees, hosting costs, administration charges), which are allocated to the budget of the IT Services Office.
2.11 “IT architecture” means the structure of an information system or application, containing the interrelationships between its components and their relationships with the surrounding environment. An architecture includes also system design and development standards.
2.12 “IT management” means the process of maintaining an information system or application in compliance with a service level agreement, incl. application hosting, maintenance, installation of updates, ensuring availability, management of technical settings, implementation of information security requirements, making backups, restoration and monitoring if necessary.
2.13 “Service level agreement” means an agreement entered into between an area director and an IT management service provider that defines the expected level of the services, in particular their availability and quality.
3. The participants, responsibilities and tasks in the IT development process
3.1 The information system or application owner (area director):
3.1.1 designs a roadmap of information systems and applications supporting the process or processes in the field based on the substantive and IT architecture requirements;
3.1.2 appoints a business project manager for each information system or application;
3.1.3 initiates and launches improvements, including IT development projects or development orders (with the approval of the process owner and related stakeholders);
3.1.4 allocates and ensures the necessary resources (human resources, time, financial resources) for the project (incl. IT projects and IT development orders);
3.1.5 is responsible for the success of launched projects (incl. IT projects) and IT development orders and regularly monitors the progress of the project(s);
3.1.6 is responsible for risk mapping and management.
3.2 If the functionality of an information system or application concerns multiple processes, the owner is the director of the area, the processes of which are affected most by the information system or application or the area directors agree on the owner’s role among themselves.
3.3 The process manager (contracting authority):
3.3.1 carries out day-to-day management and development of the process, incl. monitors user feedback;
3.3.2 makes proposals to the area director for initiating IT development projects and orders;
3.3.3 formulates the objectives, success criteria and indicators and coordinates them with the beneficiaries (users, participants in the process); prepares a project work plan and other necessary documentation;
3.3.4 plans and carries out, if necessary, operational restructuring or organisational change and manages the implementation of the restructuring or change (incl. informs and explains the need for and the content of the restructuring or change), making sure that the organisation is ready to adopt the resulting outputs;
3.3.5 ensures that the goals of IT development projects are achieved by complying with the quality, time and budgetary objectives. takes preventive or corrective measures if necessary, informs the area director and the process owner of the risks and obstacles;
3.3.6 Keeps all documentation related to the process (incl. regulations, process models, indicators, manuals) up to date.
3.4 The business project manager (the contracting authority’s project manager):
3.4.1 is responsible for designing the roadmap or life cycle of an information system or application based on the substantive need and in view of the IT architecture;
3.4.2 ensures the consistency and integrity of functional IT developments across an information system or application;
3.4.3 provides the process manager regular overviews of IT developments and informs the area director or process owner as necessary;
3.4.4 monitors the implementation of the budget allocated to the information system or application;
3.4.5 processes new IT development proposals in cooperation with the process manager and prepares IT development orders and terms of reference;
3.4.6 organises analysis (the business project manager carries out analysis himself/herself, orders the analysis from a development partner or arranges it in another way) and, if necessary, conducts a market research to find the most suitable solution in terms of functionality;
3.4.7 manages IT projects, IT development orders and small-scale IT developments and makes sure that the objectives are achieved; prepares an IT development plan in cooperation with the process manager, IT project manager and other related parties;
3.4.8 is responsible for the success and risk management of an IT project;
3.4.9 is responsible for managing and updating the project documentation of the application or information system;
3.4.10 organises the data protection impact assessment and information security risk analysis and ensures compliance with their requirements;
3.4.11 is responsible for organising functional testing and validation during the IT development process. A successfully passed test is a prerequisite for accepting IT development work;
3.4.12 is responsible for preparing and/or updating manuals;
3.4.13 participates in negotiations regarding the service level agreement held with the IT management service provider;
3.4.14 compiles the part of functional requirements of the procurements of IT development work, IT development partners and IT management; organises purchasing of licences and software services in cooperation with the IT Services Office.
3.5 The superuser:
3.5.1 provides daily support to the users of the information system or application;
3.5.2 is responsible for provision of training to the users and IT Helpdesk and for ensuring the availability of manuals;
3.5.3 manages application or information system settings (incl. configures workflows, etc.);
3.5.4 proposes additional IT developments, supplements the terms of reference, business analysis and IT development orders if necessary;
3.5.5 is responsible the timely management of the rights of access to the application or information system and develops the principles for granting access in cooperation with the process manager;
3.5.6 manages data in the information system or application, i.e. the information assets; fulfils the obligations placed upon an information asset owner based on the Information Security Policy.
3.6 The IT project manager:
3.6.1 coordinates the implementation of IT development work in cooperation with the IT development partner;
3.6.2 divides IT development orders into smaller works and tasks if necessary;
3.6.3 prepares a schedule for fulfilling an IT development order in cooperation with the IT development partner, ensures its fulfilment and provides the business project manager an overview of its progress in the agreed form;
3.6.4 coordinates with the business project manager the use of the approved budgetary resources and is responsible for staying within the budget;
3.6.5 is responsible for managing the technical documentation of the information system or application;
3.6.6 organises procurement of IT developments, IT development partners and IT management services and is the person responsible for carrying out procurements; compiles the parts of non-functional requirements and IT management in procurements and consolidates these with the functional requirements received from the business project manager into a single whole;
3.6.7 performs or organises system analysis;
3.6.8 ensures compliance of IT development work with the requirements for architecture and information security;
3.6.9 is responsible for developing UX/UI design in cooperation with the IT development partner, the business project manager and future users;
3.6.10 is responsible for non-functional testing;
3.6.11 accepts IT development work from an IT development partner and with the approval of the business project manager gives the system manager an order to install updates;
3.6.12 is responsible for negotiating and concluding a service level agreement.
3.7 The IT architect:
3.7.1 develops the IT architecture principles, manages the architecture of the university’s IT solutions, creates the corresponding component diagrams and approves the designed architecture based on the agreed principles and the existing IT architecture. For approval, involves an information security expert of IT infrastructure, who confirms compliance of the solution with the security requirements;
3.7.2 makes sure that the architecture of IT systems is designed in compliance with IT architecture principles and manages the data architecture across information systems and applications;
3.7.3 prepares the preliminary IT architectural design for IT development orders and IT projects if necessary.
3.8 The IT development partner (external partner or IT Services Office):
3.8.1 executes IT development orders approved by the IT project manager;
3.8.2 performs work in accordance with the IT architecture principles, data protection and information security requirements;
3.8.3 is responsible for achieving the agreed outputs and goals; monitors the progress of an IT project, makes sure that the goals of the IT project are achieved by complying with the quality, time and budgetary objectives and takes preventive or corrective measures if necessary;
3.8.4 mitigates and manages risks upon fulfilling IT development orders;
3.8.5 makes sure that reports are submitted to the IT project manager in the agreed form;
3.8.6 delivers the work completed in the framework of IT development orders.
3.9 The system manager:
3.9.1 is responsible for the implementation of the service level agreement of an application or information system;
3.9.2 manages environments related to IT development of an information system or application (the development, testing and production environments);
3.9.3 installs updates to the information system or application based on the instructions of the IT project manager;
3.9.4 manages settings and makes technical adjustments related to the information system or application if necessary;
3.9.5 ensures the implementation of information security requirements and fulfils the requirements set for an information asset administrator in the Information Security Policy;
3.9.6 compiles and updates the technical documentation, including recovery manuals, of an information system or application and performs regular recovery testing from backups;
3.9.7 installs the monitoring tool as required and ordered by the IT project manager;
3.9.8 cooperates with the IT infrastructure team;
3.9.9 maps technical risks and proposes improvements.
3.10 The IT development manager:
3.10.1 leads the IT development process;
3.10.2 processes IT development proposals, incl. defines the process related to the proposal and directs it to the business project manager and business process manager for review;
3.10.3 processes and approves IT development orders and terms of reference;
3.10.4 provides advice to parties involved in an IT development order;
3.10.5 ensures that IT development orders are consistent with the organization’s goals;
3.10.6 prepares a budget proposal for IT developments;
3.10.7 plans the execution of IT development orders in cooperation with business and IT project managers;
3.10.7.1 processes IT development proposals, incl. defines the process related to the proposal and directs it to the business project manager and business process manager for review;
3.10.7.2 processes and approves IT development orders and terms of reference;
3.10.7.3 provides advice to parties involved in an IT development order to ensure that the solutions being developed are consistent with the organisation’s goals;
3.10.7.4 prepares a budget proposal for IT developments based on IT development orders;
3.10.7.5 plans the execution of IT development orders in cooperation with business and IT project managers;
3.10.8 approves and supplements procurements of IT developments and management partners;
3.10.9 is a member of the IT development steering group;
3.10.10 appoints IT project managers and system administrators for information systems and applications.
3.11 The IT development steering group:
3.11.1 is responsible for prioritising IT development orders and IT projects and submits an IT development budget proposal to the Rectorate for approval;
3.11.2 decides on the initiation, implementation and termination of IT projects;
3.11.3 receives reviews and monitors the progress of IT development orders and IT projects;
3.11.4 makes proposals to improve the IT development process if necessary.
3.12 The IT development steering group is led by the head of the IT Services Office.
3.13 The IT development group consists of all the heads of the administrative and support structure units (except for the FinEst Centre for Smart Cities), the IT development manager, the IT architect and the head of the IT Services Office. Business and IT project managers will be involved in the steering group if necessary. [entry into force 13.07.2023]
4. IT development process
4.1 Initiation
4.1.1 Members of the university can make IT development proposals on the intranet (through the support portal).
4.1.2 An IT development proposal is reviewed by the IT development manager, who directs it to the business project or process manager for processing.
4.1.3 The IT development proposal is processed by the business project manager and the process manager. If necessary, the person making the IT development proposal, the IT development manager or the IT architect will be involved in the development of a possible solution.
4.1.4 The business project manager organises communication and feedback related to the IT development proposal. The final status of an IT development proposal can be either rejected or accepted for development.
4.1.5 If a development proposal is accepted for development, the business project manager, in cooperation with the IT project manager, decides whether it is a small-scale development, an IT development order or an IT project. Implementation of the IT development will proceed accordingly.
4.1.6 The business project manager, in cooperation with the process manager, prepares an IT development order and terms of reference based on the IT development proposal or development need.
4.1.7 The IT development manager approves the development order (approved or returned to be supplemented);
4.1.8 Small-scale IT developments are implemented directly through the IT project manager, not by following the procedure for processing IT development orders, however, the technical, architectural, documentation and testing requirements must be fulfilled also in the case of small-scale IT developments.
4.2 Prioritising and planning IT development orders
4.2.1 The prioritisation of IT developments involves IT development orders and IT development projects, for which proper terms of reference have been prepared and which have been approved by the IT development manager.
4.2.2 The IT development manager holds meetings with all the heads of the units of the administrative and support structure and business project managers who have placed IT development orders once a quarter to jointly review the current status, priorities, feasibility, time frame and estimated cost of the IT development orders. If necessary, adjustments are made in the IT development orders and the corresponding agreements and changes shall be indicated in the work. A budget for small-scale developments is planned for information systems or applications for the next calendar year. The scope and costs of IT management are discussed and service level agreements are specified.
4.2.3 The IT development manager consolidates the IT development orders, incl. the budget of small-scale IT developments for the IT development steering group and prepares the initial budget proposal for IT developments. The proposal shall be prepared based on the priority, feasibility and time frame of the IT development orders.
4.2.4 The IT development budget proposal is processed by the IT development steering group, who proposes amendments if necessary. The head of the IT development steering group submits the IT development budget proposal to the Rector for approval.
4.2.5 The IT development budget is approved based on IT development orders and is broken down by IT development orders, IT projects and small-scale IT development work in accordance with the approved budget. The IT project manager is responsible for the use of the budget.
4.2.6 After approval of the budget for IT development work, the IT development orders are scheduled in the order in which the work is to be carried out. Business project managers schedule IT development work in cooperation with IT project managers and the IT development manager, taking into account the IT developments already underway and the capacity of the IT development partners to perform the work.
4.2.7 The priority, schedule and budget of an IT development order can be changed if necessary with the approval of the IT development manager and head of the IT Services Office.
4.3 Analysing and planning IT development orders
4.3.1 A business analysis is prepared for IT development orders, a new solution is planned and a system analysis is prepared. For each IT development order, the business project manager and the IT project manager decide which outputs need to be produced in these stages taking into account the requirements.
4.3.2 The IT architect approves the final solution and obtains approval from the IT infrastructure information security expert regarding compliance with the information security requirements.
4.4 Executing IT development orders
4.4.1 The IT project manager requests a quote for the IT development order and obtains approval of the IT development manager and the head of the IT Services Office. In the course of it, the exact financial value of the IT development order is confirmed.
4.4.2 The IT project manager forwards the IT development order to the IT development partner for execution.
4.4.3 The IT development partner delivers the completed work to the IT project manager.
4.4.4 An IT development order is deemed to be fulfilled when the system manager has installed the work carried out in the framework of the IT development order in the production environment of the information system or application and the IT project manager has signed a record of acceptance. A record of acceptance need not be signed for IT developments carried out within the university. The record is the basis for invoicing.
4.4.5 Payments for IT development work are made according to the IT development budget. Any potential changes to the budget shall be approved by the IT development manager and the head of the IT Services Office.
4.4.6 Invoices for IT development work shall be approved by the IT development manager, the IT project manager and the head of the IT Services Office. IT project managers shall add the agreed project and activity codes to purchase invoices.
4.5 Implementing IT projects
4.5.1 The process manager makes a proposal to initiate an IT project and the process owner formulates the goal. The area director verifies that the outputs comply with the organisation’s goals and users’ needs.
4.5.2 The process manager coordinates the objectives and measurable outputs with the beneficiaries.
4.5.3 Before launching an IT project, the roles set out in the Rules for Information Technology Development Work: the process manager, business project manager, IT project manager shall be defined and manned.
4.5.4 The business project manager, in cooperation with the project team, prepares an IT project plan, which shall be approved by the IT development steering group.
4.5.5 After its launch, the IT development project is divided into smaller IT development orders, fixing also the scope of the IT project based on the initiation proposal.
4.5.6 An IT project shall be implemented by applying an agile approach, i.e. the development process is divided into a number of iteration cycles, by delivering intermediate results at the end of each cycle, on the basis of which it can be validated whether the steps have been taken in the right direction and the scope can be completed. The business project manager, IT project manager and IT development partner review the progress of the work at agreed intervals and, if necessary, specify the requirements.
4.5.7 When the agreed scope is completed, the IT project is terminated.
5. Table of an IT development process
| Stage | Input | Activity | Output | Executor | Where |
| Initiation | Idea/problem | Making an IT development proposal; | IT development proposal | Members of the university | Support portal (IT development proposal form) |
| IT development proposal | Processing, deciding and providing feedback on the IT development proposal; | The IT development proposal has been processed and a decision on the proposal has been made | Business project manager | JIRA Service Desk (workflow of the IT development proposal) | |
| an IT development proposal or order submitted by the process manager | Preparation of an IT development order and terms of reference; | JIRA Story compiled for an IT development order | Business project manager | JIRA project TTD | |
| A JIRA Story has been compiled for an IT development order | Approving the IT development order | The IT development order and terms of reference have been approved | IT development manager | JIRA project TTD | |
| Planning and budgeting | An approved IT development order and terms of reference | Prioritisation and planning of the IT development order in cooperation with business project managers, process managers and area directors; | The IT development order has been prioritised | IT development manager | JIRA project TTD |
| A prioritised IT development order | Preparation of a budget proposal for IT development/proposing amendments | A budget proposal for IT developments | IT development manager | JIRA project TTD/ Excel | |
| A budget proposal for IT developments | Processing the budget proposal for IT developments | The budget for IT developments has been processed | The IT development steering group | Excel & PowerBI | |
| A processed budget for IT developments | Approving the budget for IT developments | The IT budget has been approved | Rector | JIRA project TTD / NAV project module / PowerBI | |
| An approved IT budget | Planning and sequencing of IT developments | IT development plan | Business project manager and IT project manager | JIRA project TTD | |
| Analysis | IT development order | Preparation of business analysis (consolidating functional and non-functional requirements) | Business analysis | Business project manager (organises the analysis) | Confluence |
| Business analysis | Designing | The solution has been designed | Business project manager (organises the analysis) | Confluence | |
| A designed solution | Preparation of a system analysis | System analysis | IT project manager (organises the analysis) | Confluence | |
| System analysis | Approving the results of the analysis | The analysis has been approved | IT architect | JIRA project TTD/ Confluence | |
| Implementation | IT development order | Requesting a quote for the IT development order and agreeing on the volume | The development order with the volume of the tender has been approved | Business project manager | JIRA TTD |
| IT development order | Forwarding the IT development order to an IT development partner | The IT development work has been forwarded to the IT development partner in JIRA | IT project manager | JIRA | |
| The IT development work forwarded to the IT development partner in JIRA | Execution of IT development orders | The work has been completed | IT development partner | The environments agreed with the IT development partner | |
| The completed work | Testing of the completed work | The work has been tested | IT development partner, business project manager, IT project manager | Confluence | |
| The tested work | Installing the solution | The IT solution has been installed | System manager | Confluence | |
| The IT solution has been installed | Signing a record of acceptance of work | A record of acceptance of work has been signed | IT project manager | Confluence | |
| A signed record of acceptance of work | Invoicing for work completed | An e-invoice | Business project manager | ||
| Introducing | The installed IT solution | Providing user training and preparation of guidelines | Guidelines have been prepared and user training has been provided | Business project manager | Confluence |
| The installed IT solution | Updating the process documentation and informing the stakeholders | Process manager |
6. Procurement of IT developments, IT development partners, including IT management
| Stage | Input | Activity | Output | Executor | Where |
| Procurement | A need to order IT development work | Preparation and conducting procurements for IT developments, development partners and IT management | Procurement documents, incl. the technical specification, draft framework agreement and procurement contract, evaluation methodology and eligibility criteria | IT project manager and business project manager | Confluence |
| Approved procurement of IT developments | Approving the procurements of IT development work | The procurement of IT developments has been approved | IT development manager | ||
| Framework Agreement | Execution of framework agreements and public contracts | Procurement contracts | IT project manager |
ANNEX
Requirements for IT development work
1. Requirements for documentation
1.1 General requirements for storing documents related to IT development
1.1.1 Materials related to an information system or application, its development and other necessary documentation shall be stored in the JIRA, JIRA Service Desk, Confluence and Gitlab environments managed by the IT Services Office.
1.1.2 In the course of execution of IT development orders (hereinafter referred to as “development order”), the documentation shall be recorded and/or updated in the case of small-scale developments in compliance with the requirements set out below.
1.1.2.1 The IT development manager has the right to allow exceptions to the requirements depending on the specificities of an information system or application.
1.2 Requirements for IT development proposals (hereinafter referred to as “development proposal”)
1.2.1 Development proposals shall be documented and processed in the JIRA ServiceDesk environment.
1.2.2 A development proposal shall be accompanied by the following information:
1.2.2.1 the description of the development proposal (the description of the problem, the description of a possible solution);
1.2.2.2 the benefits resulting from the implementation,
1.2.2.3 the related information system or application;
1.2.2.4 the related processes;
1.2.2.5 the decision on the IT development proposal.
1.3 Requirements for development orders and terms of reference:
1.3.1 Development orders shall be entered in the JIRA project TTD environment in the form of stories.
1.3.2 A development order shall be accompanied by the following information:
1.3.2.1 the responsible structural unit (contracting entity);
1.3.2.2 the process;
1.3.2.3 the primary information system or application;
1.3.2.4 the related information systems or applications;
1.3.2.5 the business project manager (assignee in JIRA project TTD);
1.3.2.6 the process manager (reporter in JIRA project TTD);
1.3.2.7 the IT project manager;
1.3.2.8 the members of the team;
1.3.2.9 the estimated budget/cost,
1.3.2.10 the approved budget;
1.3.2.11 the expected completion date of the analysis (quarter);
1.3.2.12 the expected completion date of the work (quarter);
1.3.2.13 the description of the development order;
1.3.2.14 the description of the problem to be solved;
1.3.2.15 the proposed solution / market research;
1.3.2.16 the goal:
1.3.2.17 the expected benefits and cost-effectiveness;
1.3.2.18 the measurable result;
1.3.2.19 the priority;
1.3.2.20 the beneficiaries;
1.3.2.21 the key personnel/related parties;
1.3.2.22 the restrictions and risks;
1.3.2.23 the preliminary data protection impact assessment;
1.3.2.24 the information security risk analysis.
1.4 Requirements for JIRA and Confluence environments of an information system or application
1.4.1 Depending on the development order, epics, stories, tasks or bugs are created for the development works in the JIRA environment of each information system or application.
1.4.2 An IT development partner (hereinafter referred to as “development partner”) shall be included in the JIRA environment of the information system or application, to whom development tasks are communicated through the environment in order to obtain a quote and fulfil the order subsequently.
1.4.3 Communication related to development work between the contracting entity, development partner or members of the team shall be documented in JIRA under the corresponding work (commenting functionality).
1.4.4 Any of the following information related to an information system or application shall be entered in the Confluence environment in the form of a text, file or reference:
1.4.4.1 the parties involved in the development (the team, the development partner and other relevant persons);
1.4.4.2 the materials created upon the preparation and conducting of procurements;
1.4.4.3 the framework agreements and public contracts;
1.4.4.4 other legal documents or relevant materials;
1.4.4.5 if necessary, restriction on access to the materials shall be established in Confluence.
1.5 Requirements for analysis:
1.5.1 Business analysis involves defining, analysing and structuring of requirements:
1.5.1.1 expectations and feedback from users and stakeholders (what the future solution should be and what needs to be done);
1.5.1.2 a description of the current (as is) state of a process and the list of roles;
1.5.1.3 a description of the future (to be) state of a process and the list of roles;
1.5.1.4 descriptions of the functional requirements (what the system must do, what the user can do, what services the system should provide);
1.5.1.5 descriptions of non-functional requirements;
1.5.1.6 descriptions of integration solution requirements;
1.5.1.7 descriptions of business rules, restrictions and regulations;
1.5.1.8 descriptions of the data used or required in the business process;
1.5.1.9 data protection impact assessments;
1.5.1.10 a feasibility assessment and plan.
1.5.2 Planning involves the following:
1.5.2.1 market research carried out to find a more suitable solution and/or best practice;
1.5.2.2 a feasibility assessment and plan;
1.5.2.3 (a) draft design(s) (of an information system or application);
1.5.2.4 comparison of alternative proposed solutions and technologies;
1.5.2.5 an initial IT architecture model;
1.5.2.6 IT security risk assessment;
1.5.2.7 a sample model (mockup).
1.5.3 System analysis involves the following:
1.5.3.1 descriptions of data integrations and data sources;
1.5.3.2 a database model;
1.5.3.3 the final system architecture design (component diagram);
1.5.4 the results of the analysis shall be entered into the Confluence environment of the information system or application.
1.6 Requirements for testing and acceptance of work
1.6.1 The tested stories and tests performed shall be described based on functional and non-functional requirements.
1.6.2 After the development, load and security testing must be performed and the test results shall be saved in the Confluence environment of the information system or application.
1.6.3 The existence of appropriate deployment documentation (including deployment files, maintainability, availability and reliability requirements together with the associated access rights) is a prerequisite for deployment.
1.6.4 The documentation created or updated in accordance with the requirements is a prerequisite for accepting work.
1.6.5 A record of acceptance of work shall be signed.
1.7 Requirements for the use of the IT development fund and invoicing
1.7.1 Development work is covered from the corresponding financial source of the IT Services Office.
1.7.2 The IT development fund does not cover staff costs, secondments or economic costs.
1.7.3 Any maintenance and consultation costs shall be covered by the budget of small-scale development.
1.7.4 Invoices shall be settled based on a record of acceptance signed by both parties.
1.8 Requirements for IT project plans
1.8.1 An IT project plan shall include the following:
1.8.1.1 a description of the problem;
1.8.1.2 the possible damage caused if the problem persists;
1.8.1.3 the project objectives;
1.8.1.4 relevance of the project to the strategic goals of the university;
1.8.1.5 the expected results;
1.8.1.6 the project beneficiaries;
1.8.1.7 the project benefits;
1.8.1.8 the stakeholders;
1.8.1.9 the project risks (incl. data protection and information security risks);
1.8.1.10 the description of required resources;
1.8.1.11 the initial project budget;
1.8.1.12 the initial main phases of the project;
1.8.1.13 the description of the initial architecture of the technical solution;
1.8.1.14 the IT system or application management model (SLA-driven management) and the estimated IT management costs.
2. Requirements for an IT solution
2.1 Requirements for user interfaces
2.1.1 The user interface of a web application must comply with at least WCAG 2.0 level AA.
2.1.2 All the decisions regarding the design of user interfaces must be approved by the contracting entity before they are implemented.
2.1.3 A web-based user interface shall be compatible with the most common web browsers, including on smart devices (Android, IOS).
2.1.4 The colour scheme and logo used in the application design must correspond to the corporate visual identity (CVI) of the contracting entity.
2.1.5 An application must be designed to be scalable and easy to use with all the most common screen resolutions.
2.1.6 Exceptions to standard software or with the approval of the IT development manager are allowed.
2.2 Requirements for IT architecture and technical solutions
2.2.1 Modular architecture must be used for information systems and applications. Information systems must have completely decoupled front end (the presentation layer) and back end (business logic layer) architecture and must be independently deployable.
2.2.2 It must be possible for information systems or applications to communicate via service interfaces and the functionality of an information system or application must be supported by an API. The preferred standards are: REST, RESTful and JSON.
2.2.3 Application logic and data management functions shall be separated and independent.
2.2.4 Information systems and applications shall be designed and implemented based on the once-only data entry principle.
2.2.5 For authentication, the university’s Azure AD authentication shall be used.
2.2.6 The names of the tables and attributes in a database must be in English.
2.2.7 Applications and information systems must meet the OWASP ASVS requirements.
2.2.8 It must be possible to move an application from one domain or site to another without reprogramming.
2.2.9 UTF-8 encoding must be used for all data, databases, SQL scripts and applications.
2.2.10 The health check reports of an application shall be provided in the machine-readable JSON format.
2.2.11 Data creation/modification/deletion activities must be logged.
2.2.12 Exceptions to IT architecture and technical requirements are allowed with the approval of the IT development manager and IT architect.
2.3 Requirements for source codes
2.3.1 The codebase of an information system or application must be managed in the code version control system GitLab managed by the IT Services Office.
2.3.2 A code generated in the IT development process shall be validated through a code validation application.
2.3.3 A code generated must not contain user identifiers (a user ID or password) or configuration elements of an application or information system.
2.3.4 A program code created must comply with the clean code standards and shall, to the extent possible, be covered by unit tests.
2.3.5 All new software created and purchased shall be deployable through an automated continuous delivery process.
2.3.6 The names of variables, types and functions must be substantive and give an indication of their purpose.
2.3.7 It must be possible to configure the installation settings (e.g. a system that runs only on servers of a specific service provider or manufacturer cannot be accepted).
2.3.8 The IT development manager has the right to allow exceptions in the case of some information systems or applications.