Date: 05/06/11 (SQL Server)    Keywords: database, security

In our last entry, we introduced the concept of code review procedures.  Our first topic to consider in this life cycle is for the developer to take some time to understand the Business Requirements and Functional context.  These two critical tasks should in a perfect world be understood by all dba's in the SDLC of database code, but the developer has a unique opportunity to let his/her code communicate these requirements and context though coding best practices and adequate documentation.  Some items a developer, or a peer can look for in performing these 2 steps are the following:

Satisfying Business Requirements & Functional Context

• Has a knowledgeable user been consulted during the planning/architecture phase of code creation?

• Did the architect make specifications for future growth and change needs of the application?

• Has the developer reviewed the business requirements?

• Do the developer and the business have the same understanding for required performance of the application?

• Does the reviewer understand the code being reviewed?

• Does your code adhere to corporate coding specifications (Yes, this is a business requirement, too)

• At what layer in your business environment does the code execute?

• Does the piece of code functionally achieve the stakeholder's need as documented in the project charter ?

• What is the data size and volume worked with in this code?

• What are the data archival requirements?

• Have company security policies been complied with?

• How will the application or change be installed and configured?

• By what method will the development team preserve and version the code and objects affected?

adina_atl

Source: http://sqlserver.livejournal.com/74884.html