Measures to implement when upgrading software

The following should be considered when upgrading software to minimize the risks involved in the process such as data loss or security risk.

Impact analysis [Mandatory] - Conduct an analysis to fully understand the impact of decommissioning the software. This includes an understanding of impact to operations of the institution and users as well as cataloging all internal and external systems and interfaces that integrate with the current system. Risks and mitigations should also be identified and document.
Secure the data[Mandatory] - Data should be secured from loss or unauthorized exposure. The institution should determine what data needs to be migrated to new systems or archived based on the institution's data retention requirements as well any legal requirements. This should be documented as part of the data migration strategy. Data should be securely backed up prior to decommissioning of the software and any data being migrated should be protected from unauthorized access. Hardware should also be properly cleansed of the old software and any sensitive data.
Software archival [Mandatory] - Consider if the software needs to be archived for future reference. If required, the software being replaced should be secured by copying the software to a secure location so that it can be accessed if needed in the future. This should be done in accordance with any license or IP requirements.
Stakeholder communication [Mandatory] - All relevant stakeholders such as user departments and IT teams should be involved in the decision to replace the software and should be informed of the transition plans. They should also be informed of how their data will be managed and retained during the transition process.
Documentation update [Mandatory]- Any documents in the organization referring to the replaced software such as policies and procedures should be updated accordingly.

Outputs: Business case/justification for upgrading or replacing the software, Impact analysis including risks and mitigations, Data migration strategy covering data security controls, data migration and archival plans, Stakeholder communication plan, Archived software and data

Concept note for projects below USD 1 M [Mandatory]

Feasibility study for projects above USD 1M [Mandatory]

Approval process for concept note / feasibility study [Mandatory]

Software requirements [Mandatory]

Terms of reference [Mandatory]

RISA framework contract [Mandatory]

Inhouse Development [Recommended]

External Procurement Process [Mandatory]

Request for Proposal [Mandatory]

Technical evaluation [Mandatory]

Financial evaluation[Mandatory]

Negotiations and Contracting [Mandatory]

Test planning [Mandatory]

Test design [Mandatory]

Test execution[Mandatory]

Test closure [Mandatory]

Factors influencing the decision to upgrade or replace software

Measures to implement when upgrading software

Planning and scoping [Recommended]

Vendor management [Recommended]

Governance, roles and responsibilities [Recommended]

Adopt agile software delivery approach [Recommended]

Adoption / change management plan [Mandatory]

Measures to implement when upgrading software