Software Development

Summary: Baylor College of Medicine seeks to set a requirement that all software application development efforts adhere to an appropriate set of standards. Any department or vendor hired by the College that develops an application must consider the application of a development standard relevant to the tools being leveraged to build the application. Deciding the rigor to which these standards are applied depends on the nature of the application, not on who is developing it.

Approving Authority: Office of Information Technology

Last Updated: Dec. 20, 2018

Purpose: Any department or vendor hired by the College that develops an application must consider the application of a development standard relevant to the tools being leveraged to build the application. Deciding the rigor to which these standards are applied depends on the nature of the application, not on who is developing it.

Scope: All software application development efforts undertaken by or contracted by College employees on behalf of the College.

Definitions

Coding standards

A set of rules and guidelines for the formatting of source code, which define a programming style.

Responsibilities

This information is intended for all College offices and departments that wish to develop applications in support of their functional needs.

Coding standards define a programming style. They are simply rules and guidelines for the formatting of source code.

Common areas of consideration for a coding standards include:

  • Naming Conventions
  • File Naming and Organization
  • Formatting and Indentation
  • Comments and Documentation
  • Classes, Functions and Interfaces
  • Pointer and Reference Usage
  • Testing

Guidelines

Risk of the application

Determine how essential the system is to the operation of the College/department. A system is considered High Risk if a failure of the system to function correctly and on schedule could result in a major failure by the College/department to perform essential functions, a significant loss of funds to the College, or a significant liability or legal exposure to the College.

Size and complexity of the application

When considering the development of a system, evaluate the time and resources required to complete the application and the overall complexity of the technology and the solution being developed.

Guideline Benefits

Developing and implementing applications can be complex, expensive, and may expose the College to serious liabilities, especially if the failure of the system could result in the failure of the organization to perform essential functions. Leveraging a set of development standards seeks to mitigate these risks.

The benefits of coding standards are readability, maintainability and compatibility. Any member of a development team should be able to read the code of another member. The coder who maintains a piece of code tomorrow may not be the coder who programmed it today.

Specific areas of benefit are:

  • Improved Code Integration
  • Easier Team Member Integration
  • Simplified Maintenance
  • Uniform Problem Solving
  • Minimized Need for Communication
  • Minimized Performance Pitfalls
  • Minimized risk of Security Vulnerabilities

To help reduce the risk of security vulnerabilities in internally developed software, regardless of language, the College has developed a set of Secure Coding Practice Guidelines.

For applications to be designed and implemented with proper security requirements, secure coding practices and a focus on security risks must be integrated into day-to-day operations and the development processes.  Application developers must complete secure coding requirements regardless of the device used for programming.  

The Secure Coding Practice Guidelines documentation can be found here:

Secure Coding Practice Guidelines (KB0012885)

Or, by searching “Secure Coding” at the IT Service Portal.

Coding Standards are guidelines for a specific programming language that recommend a programming style, practices, and methods for each aspect of a program written in that language. Because the College is not prescribing the development language that must be used for application development, we are not adhering to a specific set of best practices for a required language. That said, application developers should seek to leverage a well-accepted coding standard for the technology they are using. Examples include:

Documentation

Documentation is a critical component of any development activity. You will realize benefits even in small low-risk projects if you maintain minimum documentation supporting the significant decisions in the lifecycle process. In large or high-risk projects, having a record of your specific progress, key decisions, test results, security considerations, etc. will assist significantly in the review, testing, and sign-off of the various phases of the project. Please ensure the creation of appropriate documentation throughout each phase.

*Note: Policies cited in the Digital Governance document (approved by the Board and published in March 2019) supersede any previous agreement, policy and/or guideline.

Contact

Cognizant Office: Office of Information Technology via BCM Service Portal

General questions should be directed to the Digital Governance Subcommittee.