• Decrease font size
  • Return font size to normal
  • Increase font size
U.S. Department of Health and Human Services

About FDA

  • Print
  • Share
  • E-mail

SMG 3210.3





Effective Date: 04/2004

[PDF Version]

 1. Purpose
 2. Background
 3. Definitions
 4. Policy
 5. Responsibilities
 6. Supersession
 7. Effective Date


This document establishes the Agency IT governance policy as it applies to Project Management (PM) activities for all Information Technology (IT) projects within the FDA. The purpose of this policy is to provide an outline of the various roles and responsibilities associated with IT projects as well as the quality framework structure for project managers to follow throughout the life cycle of all IT projects. This framework is critical to the interaction between the business and IT communities as well as assisting IT project managers understand what the Agency requires with regard to project management processes.

This policy is issued to government and contractor staff in order to establish and sustain a common understanding of the policy to be followed throughout the organization.


The Clinger-Cohen Act (CCA) of 1996 was passed to compel Federal organizations to be fully accountable for economic and efficient management of IT and directed agencies to establish a Chief Information Officer (CIO) position specifically for that purpose.

To be in compliance with the CCA, the FDA CIO requires that IT solutions be driven by FDA business needs / priorities and follow both Federal and Agency guidelines for Capital Planning and Investment Control (CPIC), Enterprise Architecture (EA) and Security. The actual delivery of IT solutions is realized through sound project management that incorporates the requires of CPIC, EA and Security.


The word and term definitions to be used for all IT policy are provided in the FDA Master IT Glossary located on the Office of the CIO Intranet website


It is FDA policy for all IT projects adhere to the following guidelines in order to implement and maintain repeatable, sustainable, measurable, and continuously improvable project management practices:

a. Compliance. All IT investments must comply with the Enterprise Architecture, Investment Management, and IT Security policies.

b. Project Organization. All IT projects are required to be organized in the following manner and documented in a Project Charter signed off by both business and IT organizations:

1. Formal identification of a Business Sponsor who is responsible for ensuring that organizational support and funding for the project is obtained.

2. Formal identification of a Business Program Manager (through the Business Sponsor) to be responsible for ensuring that business process needs are documented prior to being addressed by the IT project team.

3. Formal assignment of an IT Project Manager (through the CIO or appropriate Center / Office IT Director) to plan and oversee the IT project.

4. Project plans that define appropriate interactions between the IT Project Manager and the Business Program Manager or a designated agent.

5. Formal assignment of Business Subject Matter Experts (BSMEs) by the Business Program Manager in order to identify and document the business processes for each project.

6. Formal assignment of BSMEs to serve as liaisons between the business users and the IT project team to ensure that business needs are being satisfied in the IT solution.

Diagram 1 illustrates the general organizational structure, the relationships of the parties listed in section 4.B, and the parties responsible for the assignment of the various members for all IT projects at the FDA.

Diagram 1 illustrates general organizational structure, relationships of the parties listed in section 4.B, and parties responsible for assignment of various members for all IT projects at the FDA.


Diagram 1: Project Roles and Relationship Structure

c. Methodology. The CIO requires all IT projects, regardless of size, to complete all phases of the SDLC as defined in the "FDA System Development Lifecycle" document. The level of rigor and documentation generated under the SDLC should be commensurate with the complexity, size and cost of the project.

d. Project Planning. IT Project managers shall establish and maintain documents that clearly define and communicate all project activities. This requirement includes establishing cost, schedule and performance estimates, developing a project plan and obtaining commitment to the plan.

e. Analysis of Alternatives. Business requirements shall be addressed and satisfied through the following priorities, consistent with analysis of alternatives and economic analysis: (a) re-use of existing FDA systems, (b) use of existing software owned by the Government, known as "Government off-the-shelf" (GOTS) software, (c) use of "commercial off-the-shelf" (COTS) software, and (d) FDA sponsored software development-organic or contract. Re-use of existing systems is the most preferred mechanism for satisfying business needs through IT solutions. New software development is the least preferred mechanism. The Agency's Enterprise Architecture program must be consulted before an alternative is formally selected.

f. Communication and Management Across Integrated Projects. The CIO requires Project Managers to ensure the project is properly coordinated with all stakeholders. This requirement must include the following:

1. Communication of the project plan and change control processes.

2. Communication and written agreement between the IT Project Manager and IT Shared Services (ITSS) on the estimated implementation and steady state requirements/cost estimates prior to entering full-scale development.

3. OCIO Representatives from CPIC, Enterprise Architecture, Security Officer, and ITSS shall be included in stage gate reviews throughout the CPIC / Systems Development Life Cycle (SDLC) lifecycle.

g. Project Monitoring and Control. The CIO requires project managers to provide regular status and progress reports to the Business Sponsor and Program Manager so that appropriate actions can be taken if the project's performance deviates significantly from the baseline plan. This requirement includes monitoring the project against its plan and managing corrective actions through closure. Status reporting includes:

1. Earned value management (EVM) data collection and reporting consistent with the EVM requirements found in the Office of Management and Budget (OMB) "Circular Number A-11".

2. All major or high visibility projects as determined by the Agency ITIRB or CIO will include representatives from the OCIO as members of the CPIC Control Phase stage gate/lifecycle review boards.

3. If appropriate, as determined by the size and importance of the project, an Integrated Project Team (IPT) will be formed according to the guidelines in OMB "Circular Number A-11," Part 7, "Capital Programming Guide."

h. Management of Project Scope, Time, and Cost. The CIO requires that Project Managers ensure their project:

1. Includes all of the work required, and only the work required. This requirement includes project/ phase initiation, scope planning, scope definition, scope verification, and scope change control.

2. Is completed on time. This requirement included activity definition, activity sequencing, activity duration estimating, schedule development, and schedule control.

3. Is completed within the approved budget. This requirement includes resource planning, cost estimating, cost budgeting, and cost control, as well as providing regular updates to the FDA Portfolio Management System.

i. Funding of Crosscutting Services - The CIO also requires that IT projects allocate funding for agency-wide IT management support services. These services include Portfolio Management, Enterprise Architecture, and Security. Actual funding may be a standard percentage of each project's overall budget.

j. Project Human Resource Management. The CIO requires Project Managers to effectively use the skills of the project team members. This requirement includes organizational, project staff acquisition, and team development.

1. IT Project Managers who are responsible for major or high visibility projects must complete the FDA project manager certification program and/or provide documentation that an approved Project Management certification equivalent has been attained within the last 5 years or will be completed within 1 year.

2. Project Managers are accountable for the use of FDA Project Management processes.

3. Project Managers are responsible for obtaining written approval for the allocation of project team resources from the appropriate managers.

4. Project Managers must provide estimates of resource time needed to perform project activities to the organization potentially loaning the resource.

5. Program Managers are required to consider resource constraints when approving resource allocations to IT projects.

k. Project Documentation. The CIO requires that Project Managers must generate, collect, disseminate, store, and ultimately dispose of project artifacts and information in a timely and appropriate manner. Business users must be actively involved throughout the IT development lifecycle, including budgeting and investment analysis, project planning, requirements analysis, design, development, integration and testing, and implementation. The CIO requires Project Managers to utilize standardized procedures and templates available in the Process Asset Library (PAL). The PAL is to be maintained by the OCIO Project Management Office (PMO). Final versions of project artifacts are to be stored in the PAL for review or audit purposes.


To meet the requirements of the CCA and OMB Circular A-11 guidance, the CIO requires a strong partnership between the FDA business (i.e., programs) and IT entities. In order to accomplish this, both business and IT must be involved throughout an investment's lifecycle and have a common understanding of their responsibilities.




The effective date of this guide is April 2004.

Document History -- SMG 3210.3, IT Project Management Policy
Initial03/31/2005N/aStrategy and Planning Staff, OCIO, HFA-83Rod Bond, Director