1. One approach to system development that Reliable might take is to start one large project that uses a waterfall model to the SDLC to thoroughly plan the project, analyze all requirements in detail, design every component, and then implement the entire system, with all phases completed sequentially. What are some of the risks of taking this approach? What planning and management difficulties would this approach entail?
2. Another approach to system development might be to start with the first required component and get it working. Later, other projects could be undertaken to work on the other identified capabilities. What are some of the risks of taking this approach? What planning and management difficulties would this approach entail?
3. A third approach to system development might be to define one large project that will use an iterative approach to the SDLC. Briefly describe what you would include in each iteration. Describe how incremental development might apply to this project. How would an iterative approach decrease project risks compared with the first approach? How might it decrease risks compared with the second approach? What are some risks the iterative approach might add to the project?

In Chapter 1, you generated some ideas related to Reliable Pharmaceutical Service’s five-year information systems plan. Management has placed a high priority on developing a Web-based application to connect client facilities with Reliable. Before the Web component can be implemented, though, Reliable must automate more of the basic information it handles about patients, health-care facilities, and prescriptions.
Next, Reliable must develop an initial informational Web site, which will ultimately evolve into an extranet through which Reliable will share information and link its processes closely with its clients and suppliers. One significant requirement of the extranet is compliance with the Health Insurance Portability and Accountability Act of 1996, better known as HIPAA. HIPAA requires health-care providers and their contractors to protect patient data from unauthorized disclosure. Ensuring compliance with HIPAA will require careful attention to extranet security.