What the Systems Development Life Cycle (SDLC)?

what is the system development life cycle


The systems development life cycle (SDLC) is defined as the methodology and process to develop and implement a software application.   Also, the systems development life cycle concept is commonly used for different hardware and software configurations.

There are usually seven (7) phases of the systems development life cycle SDLC: Planning, System Analysis & Requirements, System Design, Development, Integration and Testing, Implementation, Operation, and Maintenance.


Phase Name Description Typical Output Deliverables
1 Planning Find out the scope of the problem and determine the best solution(s) Feasibility Study, Change Control, Project Plan, and Validation Plan
2 System Analysis & Requirements Create the system configuration, requirements & specifications. System Configuration, Functional Requirements Specifications (FRS), User Requirement Specifications (URS), and Request For Quotation (RFQ)
3 System Design Select the best solution based on price, features, and operations. Place the order. Traceability Matrix (TM), Requisition, and Purchase Order (PO).
4 Development Create the solution and install it. Hardware or Software Application Code
5 Integration and Testing Validate to confirm that the installation and integration are correct. Installation Qualification, Operational Qualification, and Performance Qualification. Traceability Matrix Updated, Validation Report, Change Control Closure Report.
6 Implementation Go-live process with the end-users Procedures and Training


7 Operation and Maintenance The audit trail and the change control management system shall handle any modification into the system to keep it in the validation state. Change Control Documents and Audit Trails Records

Phase 1. Planning

The purpose of the planning stage is to make a feasibility study to find out the scope of the problem and determine the best solution(s). In some cases, it may include a study of necessity, change control, project plan, and validation plan considering the resources, costs, time, benefits, and other items.

Phase 2. System Analysis and Requirements

This stage considers the creation of the system configuration and functional requirements specifications (FRS) of all different solution(s), application(s), or alternative(s) either hardware or software.   It’s also considered the system analysis of the end user’s needs, called user requirement specifications (URS) to ensure that the solution(s) can meet their expectations.  A request for quotation (RFQ) is typically solicited to all different vendors or developers available to build the potential application solution(s).

Phase 3. System Design

Once all different proposals and quotations are received from vendors and suppliers, they shall be evaluated with their pros and cons.  In this stage, the desired RFQ product system design is chosen and selected based on price, features, and operations as described in detail, including screen layouts, business rulesprocess diagramspseudocode, and other documentation. Besides, this stage may include the preparation of the traceability matrix document to make sure that all user’s requirements specifications match the functional requirements specifications.  Finally, the decision to obtain and buy the solution is taken at this moment. Typically, a requisition and purchase order is formally placed to the selected vendor to pay for the solution or to create it.

Phase 4. Development

In this phase, the solution (hardware or software) shall be received and installed as planned. (in case it is an off-the-shelve)

Otherwise, if the solution is not an (off-the-shelve already built), then, here start the process to write the code and create the solution either software or hardware.

At this moment is when programmers, network engineers, or database developers are working on doing the major work on the creation and installation in the development environment. Their work may include flow charts to ensure that the process of the system is properly organized and done as planned and described in the approved User Requirement Specifications and Functional Requirement Specifications.

Phase 5. Integration and Testing

In this phase, the application solution is verified and validated by the Quality Department (or a third party entity independent of the developers) to confirm that the installation and integration are tested.

It must meet the established and approved URS User Requirement Specifications and Functional Requirement Specifications.

Testing may be repeated several times at the worst-case conditions or stress scenarios, specifically to check for errors, bugs, and interoperability until the end-user finds it acceptable in the quality/testing environment.  The following diagram shows how the:

(1) System Configuration is verified in the Installation Qualification (IQ),

(2) Functional Requirement Specifications (FRS) are verified in the Operational Qualification (OQ) and

(3) User Requirement Specifications (URS) are verified in the Performance Qualification (PQ).


Testing Types

The application is tested at various levels in software testing.

The following are types of testing that may be relevant, depending on the type of system under development:

Defect testing the failed scenarios, including

Once the verification and validation activities are completed, the following documents can be generated and approved:

  1. Traceability Matrix Updated.
  2. Validation Report.
  3. Procedures and Training
  4. Change Control Closure Report.

Phase 6. Implementation

The sixth phase is when the program is written, installed, and validated. Additionally, this phase involves the actual installation of the newly-developed system into the production environment to start the go-live process with the end-users. This step puts the application into real operation by moving the data and components from the old system and placing them in the new system via a planned direct cutover.

Phase 7. Operations and Maintenance

This final phase involves maintenance and regular required updates. This step is when the change control management system takes control of any improvement or modification into the system to keep it in the validation state.  Also, in this phase, all applicable procedures and training must be completed and finally approved.  In addition, the audit trail system shall be monitoring and documenting any change into the system to keep tracking of its performance and use.

Importance of the SDLC

It is called the “life cycle” because if the company needs to change or improve the application system, then the company must start in Phase 1 Planning and pass through each phase again.

brought to you by CIQA logo


For more details on specific FDA expectations and how to perform a Computer System Validation SDLC, follow us.

validation templates online

Three (3) Options to Create a Computer System Validation Protocol following the Systems Development Life Cycle:

Option 1. You Can Create CSV Protocol, using a Template.

You can download samples of the validation templates in .pdf format. 

To see the complete list of the most popular validation templates, click here.

In addition, you can request a quotation to buy online a full validation template document in MS Word format that is completely editable, ready to fill and adapt to your needs.

Option 2. We Can Bring You a Formal Training on the Systems Development Life Cycle.

This option is recommended if you want to learn more about how to build a robust validation protocol. One of our expert(s) will provide online step-by-step training to your team (unlimited assistance) on how to build a reliable validation protocol using a template. You can improve your corporate validation procedures and policies incorporating our template sections.  It includes the template, an exam, and a training certificate for each assistant.  Request a quote now.

Option 3. We Can Create Customized Test Scripts and Computer System Validation Protocol.

One of our expert(s) will create and prepare for you a customized validation protocol with the inputs and specific information of your company. It may include, online support in document creation, execution, or final reporting, Request a quote online.


References: Systems Development Life Cycle


Food and Drug Administration References

  1. Glossary of Computerized System and Software Development Terminology (Division of Field Investigations, Office of Regional Operations, Office of Regulatory Affairs, FDA 1995)
  2. General Principles of Software Validation; Final Guidance for Industry and FDA Staff (FDA, Center for Devices and Radiological Health, Center for Biologics Evaluation and Research, 2002)
  3. Guidance for Industry, FDA Reviewers, and Compliance on Off-The-Shelf Software Use in Medical Devices (FDA, Center for Devices and Radiological Health, 1999)
  4. Pharmaceutical CGMPs for the 21st Century: A Risk-Based Approach; A Science and Risk-Based Approach to Product Quality Regulation Incorporating an Integrated Quality Systems ApproachExternal Link Disclaimer (FDA 2002)
  5. httpss://www.fda.gov/regulatory-information/search-fda-guidance-documents/part-11-electronic-records-electronic-signatures-scope-and-application
  6. httpss://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=11&showFR=1

Industry References

  1. The Good Automated Manufacturing Practice (GAMP) Guide for Validation of Automated Systems, GAMP 4 (ISPE/GAMP Forum, 2001) (https://www.ispe.org/gamp/)
  2. ISO/IEC 17799:2000 (BS 7799:2000) Information technology – Code of practice for information security management (ISO/IEC, 2000)
  3. ISO 14971:2002 Medical Devices- Application of risk management to medical devices (ISO, 2001)
Picture of Ramon Cayuela, MS, BS, Chemical Engineering

Ramon Cayuela, MS, BS, Chemical Engineering

CIQA President and CEO.
I've been working in validation engineering since 1992 with many multinational pharmaceutical companies. I love sharing my passion and knowledge with others. If you have any questions about anything (or just have general questions). I will be more than happy to assist you. You can count on the BEST customer service on CIQA. I go to great lengths to make sure my clients are 100% satisfied with their purchases and check emails/messages consistently throughout the day. You can rest assured that everything being sold here is as-described or your money back. I look forward to working with you!