Application Development Service Offering

Purpose

The purpose of this document is to help agency partners understand how MaineIT’s Enterprise Shared Services supports the planning, development, and long-term success of applications. It provides a clear overview of the services we offer, what you can expect from our teams, and what we’ll need from you throughout the lifecycle of an application. By outlining roles, responsibilities, processes, and support options, this guide is designed to make it easier for you to navigate the development process, make informed decisions, and work closely with us to deliver secure, reliable technology solutions that meet your business needs

Overview

Maine State Statute Title 5, Chapter 163 §1982 generally establishes the CIO as the head of the Office of Information Technology and gives them authority over information technology policy, standards, and planning for executive branch agencies. This includes:

  • Developing and enforcing statewide IT policies and standards

  • Approving technology acquisitions and implementations

  • Coordinating IT systems to ensure compatibility and efficiency

  • Managing enterprise architecture and security standards

Because the statute explicitly tasks the CIO with setting policies and standards for IT systems, that authority inherently includes determining how systems are developed and who can perform a development task. 

The Application Development Service Offering provides agencies with professional development services targeted at improving business processes through the implementation of technology. There are a wide range of services that support the planning, creation, deployment, and maintenance of software available including:

  • Planning & Consulting Services

  • Design Services

  • Development Services

  • Integration Services

  • Testing & Quality Assurance

  • Deployment & DevOps

  • Maintenance & Support

  • Security & Compliance   

All development and consultation services are time and materials based and are dependent on the type of resources required for both project and maintenance services. Platforms and infrastructure are rate-based services. See the on the bill section of this service offering for examples. If the application is vendor developed the Technology Vendor Oversight service applies. 

IT Projects often involve more work from business processes than IT processes, and these parts of the project are often much more intensive and difficult to manage. Significant investiture in time from both OIT and partner agencies is necessary to ensure that the application provides the functionality to support business operations. This cannot be done in a vacuum by either party. Before embarking on the implementation of a solution, it is important for IT and agency partners to work in consultation to identify the appropriate solution.

Definitions

Executive Sponsor

The Agency Partner representative that has accountability for the strategic direction and budget of the program within the Agency that the application

Product Owner

The Agency Partner representative with the authority to determine the business objectives of an application and the priority of the product features that are developed.

Product Manager

The OIT representative who works with the Agency Partner whose responsibilities include the business objectives of an application are met.

Subject Matter Expert

The Agency Partner representative, whose responsibilities include articulating the business rules and can speak to the functionality required of the application being developed and maintained.

Data Custodian

The agency designee, that determines what the access rules and security requirements of the data contained in the application. 

Application

A computer program, either specifically created or configured, to assist State of Maine users to perform a useful business function.

Least Privilege

An information security concept which maintains that a user or entity should only have access to the specific data, resources and applications needed to complete a required task.

Support Model

A collection of documented methods and resources used by the Application Owners to provide and manage end-to-end service and product delivery following deployment.

Customer Expectations

A shared understanding of roles is required for any successful project. The table below identifies the responsibilities of participants in a typical ESS application development effort. While each item is distinct from another, they are dependent on each other, and all require collaboration from each side of the house, IT and the requesting agency. The interplay of these functions illustrates the need for a close working relationship between IT and agencies throughout the entire process. 

Services Requested

What Enterprise Shared Services Provides

What Agency Provides

Technology Management & Consulting Services

  • Requirements development: Understanding business needs and translating / documenting them into technical requirements.

  • Feasibility analysis: Assessing technical and financial viability of proposed applications.

  • Budget Development: creating application budgets for projects and operations.

  • Backlog grooming: 

  • Technology Roadmap communication

  • Technology planning 

  • Documenting appropriate application details in the enterprise application repository

  • Supervision of technical staff

  • Systems Analysis of requirements documentation

 

  • Describe what you are trying to achieve using technology.

  • Articulate and Define business processes and business rules to analysts developing requirements. 

  • Review requirement documents to ensure planned functionality meets business needs.

  • Prioritize agency needs for technology services by participating in backlog reviews 

  • Articulate and advocate for appropriate budget for technology needs by participating in and budget development.

  • Articulate future technology for planning purposes

Design and Development Services

  • User Interface /User Experience design: Creating user-friendly and visually appealing interfaces.

  • Architecture design: Defining the structure and technology stack.

  • Prototyping: Building interactive mockups to validate design concepts.

  • Branding alignment: Ensuring the app reflects the organization’s identity.

  • Frontend development: Building the user interface (e.g., using React, Angular, Vue).

  • Backend development: Creating server-side logic, APIs, and databases (e.g., Node.js, .NET, Java, Python).

  • Mobile development: Native (iOS/Android) or cross-platform (Flutter, React Native).

  • Cloud-native development: Leveraging cloud platforms like AWS, Azure, or GCP.

  • Systems Analysis of requirements documents

  • Provide branding graphics and graphic design requirements

  • Collaborate with design team on interface requirements

  • Provide user acceptance testing on user interfaces

  • Review prototypes for suitability to business processes

Integration Services

Follow the Data Exchange Policy

  • API development & integration: Connecting with third-party services or internal systems. MSB

  • Middleware services: Facilitating communication between different applications.

  • Data integration: Syncing with databases, data lakes, or enterprise systems in consultation with Enterprise Data Systems (EDS)

  • Monitoring and logging of data transfers 

Follow the Data Exchange Policy

  • Ensure all data exchanges have a signed Memorandum of Agreement (MoA) or Data Sharing/Use Agreement. (DUA)

    amongst the Authorized Custodians of the transacted data.

Maintenance & Support Services

  • Bug fixes and updates: Ongoing improvements and patching.

  • Performance monitoring: Ensuring uptime and responsiveness.

  • User support: Helpdesk or in-app support services. 

  • Issue resolution / escalation

  • Prioritize agency needs for technology services and issue resolution

  • Articulate business needs for availability of production systems 

  • Assist with the scheduling of system outages for maintenance

  • Ensure funds are available to maintain the currency of your application.

Security & Compliance Services

  • Authentication & authorization: Implementing secure login systems (OAuth, SSO).

  • Data encryption: At rest and in transit.

  • Compliance: GDPR, HIPAA, SOC 2, etc.

  • Follow the waiver policy.

  • Articulate the sensitivity of data and any compliance requirements for the system.

  • Articulate access rules for users of the system and data.

  • Follow the waiver policy

Data Analysis

  • Analysis of data for the sole purpose of staging and modeling it into an appropriate data model especially when transitioning from legacy systems to newer systems.

  • Develop processes for businesses to analyze the quality of data during modernization projects.

  • Define business rules for data.

  • Review data quality outputs

  • Determine acceptable levels of error in data

  • Correct any invalid data in source systems.

Data Governance

  • Follow the guidelines of the Chief Data Officer

  • Follow the guidelines of the Chief Data Officer

  • Establish and document data sharing and access rules 

Hosting platforms & Development Toolsets

  • Bring proposed new technology to Enterprise Architecture for vetting.

  • Ensure platforms remain current and secure

  • Consult with MaineIT on available tools. 

Testing, Deployment & Change Management

Follow Change Management Policy and

Application Deployment Certification Policy

Run the following tests as deemed appropriate by the application director and the CIO.

  • Accessibility Test

  • Data Conversion and Migration Test

  • Interfaces Test

  • Security Test

  • Performance Test

  • Restoration Test

  • Regression Test

Follow  Change Management Policy and

Application Deployment Certification Policy

  • Participate in the Product Owner role as defined in policy

  • Perform User Acceptance Testing prior to deployment.

  • End-to End Test

Project Management 

  • Assist in the development of a business case with the PMO.

  • Engage with the PMO in identifying potential projects.

  • Secure project management resources with the PMO to facilitate the execution of projects 

  • Engage with the PMO in the execution of projects.

  • Supply subject matter expertise.

  • Supply user acceptance testing

Database Access

CRUD

Follow principles of Least Privilege 

  • Create objects in the database

  • Read data in the database

  • Update data in the database

  • Delete data in the database

Follow principles of Least Privilege

  • Read data in the database

SLA

Application uptimes and recovery times are covered by the standard production published service level agreement can be viewed at the following link: Standard SLA CTS Production Services. Systems hosted outside of MaineIT data centers, i.e. cloud datacenters have their own SLAs by contract. Off-hour production application support can be arranged through the budgeting process by including standby time when the budget is created. 

Application Development Delivery SLAs

Scope

Covers delivery expectations, timelines, quality standards, and support for new application development, enhancements, and project-based work. Does not apply to break/fix, maintenance, or operational support.

Delivery Timeframes

Timeframes vary by project size. Typical definitions could include:

  • Small Change (Low Complexity): 1–2 weeks from requirements acceptance
  • Medium Change (Moderate Complexity): 4–6 weeks from requirements acceptance
  • Large Project (High Complexity): Timeline established during project initiation, typically 3+ months with formal project planning
  • Emergency Enhancements: Assessed case-by-case, with delivery targets agreed jointly by stakeholders

Requirements Acceptance Criteria

Delivery timelines begin only after:

  • Requirements are documented and approved
  • Scope is validated with stakeholders
  • Priorities are confirmed
  • Dependencies and resource availability are identified

Quality and Testing Standards

Each deliverable will include:

  • Unit testing (minimum coverage standard, e.g., 80 percent if applicable)
  • Integration and regression testing
  • User acceptance testing (UAT) support
  • Defect resolution before deployment

Deployment SLAs

Communication and Status Updates

  • Weekly status reports for medium and large efforts
  • Visibility into project progress, risks, and blockers
  • Change requests formally tracked and approved

Success Metrics

  • Deliverables completed within agreed timelines
  • Defect rate within acceptable thresholds
  • Stakeholder satisfaction metrics
  • Post‑implementation stability (example: no P1 production defects within 7 days of release)

Out-of-Scope Items

  • Requests submitted without clear business requirements
  • Work dependent on third-party vendors’ timelines
  • Unsupported platforms or technologies unless otherwise documented and approved by MaineIT Enterprise Architecture.

Because the needs of each application are quite varied and platform dependent, each constituent piece of the solution is managed by its own SLA. For instance, if a database is created in an Oracle environment and Apex is used for the front end, the SLA for Oracle databases and Oracle Middleware are relevant. However, if SQL Server and PowerApps are utilized, their SLAs are relevant instead.

To get help, or to order this service

For a new Application Development request contact MaineIT Enterprise Shared Services Directors to get started.

A ticket in the Enterprise Ticketing System is required for all work requests. All production changes require an authorized RFC. A billing code is required for those items that are not part of the base published rate.

If the published Service Level Agreement is not met, issues can be escalated to the next priority level by contacting any of the following individuals: 

  • The Enterprise Shared Services Director for your application, or your friendly Account Managers.

Priority Levels for Monitoring

  • The standard production published service level agreement can be viewed at the following link: Standard SLA Maine IT Production Services.
  • Standard business hour coverage is 7:00AM – 5:00PM Monday through Friday, excluding holidays, please contact MaineIT Operations.
  • If service is required for non-production systems outside of the standard business hours, prior arrangements will be required with the director of the service area and associated fees will apply.

On the Bill 

For staff time the service category use is either Personnel Services or Personnel Services – Non-State Resource. Infrastructure could be SQL Database Services, Oracle Database Services, Storage or another service such as Tableau.