2

Does anyone know of a template / checklist that can be used to conduct a software health check. My team supports a number of legacy applications and we have been asked to present a score card to senior management on the health of the applications.

The template would be used to:

  • Identify you have performance or stability issues that may cause production outages, delays or financial impacts.
  • Identify data, authorization or authentication security holes / shortcomings in the application / service.
  • Identify the backup, disaster recovery and business continuity compliance of the application / service.
  • Identify the compliance of the application / service to a reference architecture or predefined set of technical standards.
  • Identify the current and required monitoring and alerting of the application / service.
  • Identify the level of transaction support and potential for data corruption or error of the application / service.
  • Identify licensing concerns of the application / service.
  • Identify the minimum hardware requirements of the application / service.
  • Identify the technology, vendor support and community support for the application / service.
  • Provide a recommendation on all findings.

A quick search on Google didnt seem to realize anything useful, other than this template to purchase http://www.it-checklists.com/application_health_check_toc.html

Kane
  • 799
  • 1
  • 10
  • 15
  • 1
    What's wrong with the excellent list you provided? It seems perfect. What more do you want? Are you looking for ITIL material? – S.Lott Jul 06 '11 at 13:40
  • The list above seems to be a good starting point. – armitage Jul 06 '11 at 13:42
  • I was hoping that someone would be kind enough to have an existing document or power point presentation that covered most of what I was looking for. If there isn't one available within the communit then will happily share mine once I write it. – Kane Jul 06 '11 at 13:44
  • (Opps hit enter too quick) The list above seems to be a good starting point but you might also want to record the software dependencies i.e. only runs on Windows 2000 server which is due to depreciated in XX years, on the backups you may also want record how often a restore is done and when was the last one done. – armitage Jul 06 '11 at 13:44

1 Answers1

3

Some ideas:

  • For comprehensive checklist on security you can look towards the OWASP ASVS.
  • For a risk analysis model, largely focused on security, you can look at microsoft's SDL.
  • For hardware requirements, you're going to have to do benchmarking on a running system under normal use. We did this for our software and derived figures from that on minimum hardware requirements, concurrent users, and so on.
  • For licensing concerns, you need to trace the origin of each software component (OWASP ASVS includes this), and then specify the license for each component, possibly adapting the code in case of non-compliance. You don't need a methodology for this, it's just a lot of boring work.
  • You may want to read up on risk analysis methodologies (separate from software), and apply them to the feature domains you are interested in.

I sincerely doubt that there's actually a ready-made document that you can apply to an arbitrary software project that covers all of what you ask.

Joeri Sebrechts
  • 12,922
  • 3
  • 29
  • 39
  • 1
    I wouldn't be so pessimistic, I'm sure the ACM, IEEE and a bunch of research papers have done the legwork for this. –  Sep 17 '13 at 19:02