Development, Acquisition, and Maintenance
The "Development, Acquisition, and Maintenance" booklet is one in a series of booklets that compose the Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook (IT Handbook).
Booklet Contents
- Introduction
- I Overview of Development, Acquisition, and Maintenance
-
II Governance of Development, Acquisition, and Maintenance
- II.A Policies, Standards, and Procedures
-
II.B Roles and Responsibilities
- II.B.1 Board, Senior Management, and Other Common Roles
- II.B.2 IT Project Management Roles
- II.B.3 Development Roles
- II.B.4 Acquisition Roles
- II.B.5 Maintenance Roles
- II.B.6 Other Common Development, Acquisition, and Maintenance Roles
- II.B.7 Supply Chain Roles
- II.B.8 Other Support Functions
- II.B.9 Audit's Role
- III Risk Management of Development, Acquisition, and Maintenance
-
IV Common Development, Acquisition, and Maintenance Risk Topics
- IV.A Open-Source
- IV.B Commercial-off-the-Shelf
- IV.C Licenses, Agreements, and Copyright Protection
- IV.D Secure Development
- IV.E Data
- IV.F Secure Operating Environments
- IV.G Microservices
- IV.H Containers
- IV.I Application Programming Interfaces
- IV.J Methodologies
- IV.K Quality Management
- IV.L Documentation Standards
- IV.M Post-Implementation Review
- IV.N IT Project Management
- IV.O System Development Life Cycle
- IV.P Third-Party Relationship Risk Management
- IV.Q Supply Chain Considerations
- V Development
- VI Acquisition
- VII Maintenance
- Appendix A: Examination Procedures
- Appendix B: Glossary
- Appendix C: Abbreviations
- Appendix D: References

