When the SDLC is done correctly, which statement is true?

• A. All steps are done in order for all areas.
• B. End users have final say on all aspects of the project.
• C. There is only one phase of implementation.
• D. There is a formal change management process throughout to address new information as it comes to light.

Answer: (D)

In the SDLC, changes and new information are expected to emerge as a project progresses, so the key idea is having a formal change management process that runs throughout the lifecycle. This governance framework ensures that any proposed change is carefully evaluated for its impact on scope, schedule, cost, safety, privacy, and data integrity before it’s approved. It involves documenting the change, conducting impact analysis, obtaining appropriate approvals (often through a change control board), communicating decisions, and updating baselines and documentation. This keeps the project aligned with patient safety and regulatory requirements while maintaining quality and traceability.

Why this approach works best: it provides control over how modifications are introduced, preventing scope creep and unmanaged risks. It also keeps stakeholders informed and ensures that changes are implemented in a controlled, verifiable way, with clear versioning and traceability.

Why the other options don’t fit as well: SDLC activities aren’t always executed in a strict, linear order; many projects use iterations and revisit earlier phases as new information becomes available. End users contribute input, but final decisions are governed through a formal change process rather than being the sole determinant. And there isn’t typically just one implementation phase—there are often multiple deployment steps, pilots, training, and post-implementation support, with changes continuing to be managed as updates are needed.