Development Activities

Product Development Activities

The software product development lifecycle comprises a set of interconnected activities that take a product from concept through delivery and beyond. These activities are not strictly sequential — they overlap, iterate, and recur throughout the product’s life.

Discovery & Requirements

Understand stakeholder needs, define the problem space, and capture what the system must do. This activity produces the foundation that all downstream work builds on.

• Stakeholder interviews and workshops
• Market research and competitive analysis
• Use case and user story authoring
• Requirements elicitation, analysis, and prioritization
• Acceptance criteria definition
• Feasibility studies and proof-of-concept spikes
• Requirements traceability matrix creation

Analysis & Design

Transform requirements into a technical blueprint. Make architectural decisions, define component boundaries, and specify interfaces.

• Architecture selection and documentation (C4 diagrams, ADRs)
• Component and service decomposition
• API contract and interface design
• Data modeling and schema design
• Technology evaluation and selection
• Security threat modeling
• Design reviews and trade-off analysis
• Prototype development

Implementation

Build the system according to the design. Write code, create unit tests, and integrate components.

• Feature development and coding
• Unit test authoring and execution
• Code review and pair programming
• Component integration
• Database migration scripting
• Build system configuration
• Dependency management
• Technical debt tracking and resolution

Verification & Validation

Confirm the system meets its requirements (verification) and satisfies its intended use (validation). Catch defects before they reach production.

• Integration testing
• System and end-to-end testing
• Performance and load testing
• Security testing and vulnerability scanning
• Accessibility testing
• User acceptance testing (UAT)
• Regression test suite maintenance
• Test environment management

Deployment & Release

Package, deliver, and activate the system in target environments. Manage the transition from development to production.

• CI/CD pipeline construction and maintenance
• Environment provisioning and configuration
• Release packaging and versioning (semantic versioning, changelogs)
• Deployment automation (blue-green, canary, rolling)
• Database migration execution
• Feature flag management
• Rollback planning and execution
• Release notes and communication

Operations & Monitoring

Run the system in production. Observe health, respond to incidents, and ensure service-level objectives are met.

• Infrastructure management (compute, networking, storage)
• Application and infrastructure monitoring (metrics, logs, traces)
• Alerting and on-call rotation
• Incident detection, triage, and response
• Capacity planning and autoscaling
• Backup and disaster recovery
• Runbook maintenance
• Post-incident reviews

Maintenance & Evolution

Sustain and improve the system over time. Fix defects, adapt to changing requirements, and reduce accumulated technical debt.

• Bug triage, diagnosis, and resolution
• Feature enhancements and minor improvements
• Dependency updates and security patching
• Performance optimization
• Refactoring and technical debt reduction
• Documentation updates
• Compatibility adaptation (OS, browser, API changes)

Retirement

Plan and execute the end of life for a system or component. Ensure data is preserved or migrated and dependent systems are transitioned.

• End-of-life impact analysis
• Data migration and archival
• Dependent system notification and transition planning
• Service decommissioning and resource reclamation
• DNS, certificate, and credential cleanup
• Final documentation and knowledge transfer

Cross-Cutting Concerns

Several disciplines span multiple lifecycle activities rather than belonging to a single phase:

• Configuration Management — version control, baselines, change control
• Project Management — planning, estimating, tracking, risk management
• Quality Assurance — process compliance, standards adherence, audit
• Security — secure coding, vulnerability management, access control
• Documentation — specifications, API references, operational runbooks

Product Development References

1. ISO/IEC/IEEE 12207:2017. Systems and software engineering — Software life cycle processes. International standard defining 30+ processes grouped into agreement, organizational, technical, and project-enabling categories.
2. ISO/IEC/IEEE 15288:2023. Systems and software engineering — System life cycle processes. Systems-level counterpart to 12207; useful when software is part of a larger system.
3. IEEE Computer Society. SWEBOK V4: Guide to the Software Engineering Body of Knowledge. 2024. Comprehensive reference for software engineering knowledge areas. Available at https://www.computer.org/education/bodies-of-knowledge/software-engineering.
4. Sommerville, Ian. Software Engineering. 10th ed. Pearson, 2015.
5. Bass, Len, Paul Clements, and Rick Kazman. Software Architecture in Practice. 4th ed. Addison-Wesley, 2021.
6. Humble, Jez, and David Farley. Continuous Delivery. Addison-Wesley, 2010.
7. PMI. A Guide to the Project Management Body of Knowledge (PMBOK Guide). 7th ed. 2021.

CMMI V3.0 Process Areas - Development & Data

Summary of CMMI V3.0 practice areas for the Development (DEV) and Data (DATA) domains, organized by maturity level. CMMI V3.0 was released April 2023 by ISACA (successor to the CMMI Institute / SEI at Carnegie Mellon University).

Model Structure

CMMI V3.0 organizes practice areas into four category areas, each containing capability areas that group related practice areas. A domain view consists of 17 shared core practice areas plus domain-specific practice areas.

Key V3.0 change: Maturity Level 2 now requires all practice areas in the domain view at Capability Level 2 (previously only a project-management subset). ML3 requires all at CL3.

Domain-Specific Practice Areas

Each domain adds 2 practice areas on top of the 17 shared core, for 19 total per domain.

Domain	Practice Area	Abbrev	Capability Area
DEV	Technical Solution	TS	Engineering & Developing Products
DEV	Product Integration	PI	Engineering & Developing Products
DATA	Data Management	DM	Managing Data
DATA	Data Quality	DQ	Managing Data

Shared Core Practice Areas (17)

Doing — Ensuring Quality

Practice Area	Abbrev	Description
Requirements Development & Management	RDM	Elicit, analyze, validate, and manage requirements throughout the product lifecycle. Ensure requirements are traceable, unambiguous, and aligned with stakeholder needs.
Process Quality Assurance	PQA	Evaluate processes and work products against applicable standards, procedures, and requirements. Identify non-compliance and ensure corrective action.
Verification & Validation	VV	Confirm that work products meet their specified requirements (verification) and fulfill their intended use in the target environment (validation).
Peer Reviews	PR	Conduct structured reviews of work products by peers to identify defects early. Includes inspections, walkthroughs, and technical reviews.

Managing — Planning & Managing Work

Practice Area	Abbrev	Description
Estimating	EST	Develop and maintain estimates of effort, cost, and schedule for work products and tasks. Use historical data and models to improve accuracy.
Planning	PLAN	Establish and maintain plans that define activities, resources, schedule, and commitments. Ensure plans are realistic and aligned with organizational objectives.
Monitor & Control	MC	Track project performance against plans. Identify deviations and take corrective action when actual results differ significantly from planned values.

Managing — Business Resilience

Practice Area	Abbrev	Description
Risk & Opportunity Management	RSK	Identify, analyze, prioritize, and mitigate risks. Identify and pursue opportunities that could benefit objectives. Maintain risk strategies throughout the lifecycle.

Managing — Workforce

Practice Area	Abbrev	Description
Organizational Training	OT	Develop skills and knowledge of personnel so they can perform their roles effectively. Identify training needs, deliver training, and assess effectiveness.

Enabling — Supporting Implementation

Practice Area	Abbrev	Description
Causal Analysis & Resolution	CAR	Identify root causes of defects and problems. Systematically address causes to prevent recurrence and improve process performance.
Decision Analysis & Resolution	DAR	Apply structured decision-making methods to evaluate alternatives against established criteria. Ensure key decisions are made objectively and traceably.
Configuration Management	CM	Establish and maintain integrity of work products using configuration identification, control, status accounting, and audits.

Improving — Sustaining Habit & Persistence

Practice Area	Abbrev	Description
Governance	GOV	Provide senior management oversight and direction to ensure organizational objectives are met. Establish policies, monitor compliance, and allocate resources.
Implementation Infrastructure	II	Establish and maintain the organizational infrastructure (tools, standards, environments) that supports consistent implementation of processes.

Improving — Performance

Practice Area	Abbrev	Description
Process Management	PCM	Establish, maintain, and deploy the organization’s set of standard processes. Manage process improvement based on quantitative understanding of performance.
Process Asset Development	PAD	Develop and maintain organizational process assets (templates, guidelines, measurement repositories) that support consistent process implementation.
Managing Performance & Measurement	MPM	Align measurement and analysis activities with organizational information needs. Use statistical and quantitative techniques to manage process performance.

DEV Domain-Specific Practice Areas

Practice Area	Abbrev	Description
Technical Solution	TS	Design, develop, and implement solutions to requirements. Evaluate and select among design alternatives. Includes architecture, detailed design, coding, and integration approaches.
Product Integration	PI	Assemble product components into the complete product, ensure interfaces are compatible, and verify that the integrated product functions correctly.

DATA Domain-Specific Practice Areas

Practice Area	Abbrev	Description
Data Management	DM	Plan, acquire, store, govern, and retire organizational data assets. Define data architectures, policies, and lifecycle management practices.
Data Quality	DQ	Define data quality requirements, measure data quality against those requirements, and implement corrective actions to maintain data fitness for use.

CMMI References

1. ISACA. “ISACA Updates CMMI Model With Three New Domains.” Press release, April 6, 2023. https://www.isaca.org/about-us/newsroom/press-releases/2023/isaca-updates-cmmi-model-with-three-new-domains-that-help-organizations-improve-quality
2. CMMI Institute. “CMMI Levels of Capability and Performance.” https://cmmiinstitute.com/learning/appraisals/levels
3. CMMI Institute. “CMMI V3.0 Model Viewer.” https://cmmiinstitute.com/cmmi (detailed practice area content requires ISACA login)
4. Process Group. “Changes in CMMI V3.” https://processgroup.com/changes-in-cmmi-v3/
5. Process Group. “CMMI Model Quick Reference Guide V3.0.” https://processgroup.com/CMMI-Model-Quick-Reference-Guide_Digital-1024.pdf
6. ABS Certifications & Advisory. “CMMI V3.0.” https://abscerts.com/cmmi-v-3-0/
7. Theoris Group. “CMMI V3.0: A Guide to Excellence in Organizational Processes.” https://www.theoris.com/cmmi-v3-0-a-guide-to-excellence-in-organizational-processes/
8. ActioNet. “First Company Appraised at CMMI V3.0 Level 4 in DEV, SVC, DATA, and SEC.” https://www.actionet.com/actionet-is-the-first-company-in-the-world-appraised-at-cmmi-v3-0-level-4-in-dev-svc-data-and-sec/