Disciplines
Understanding the 24 NUP disciplines that organize software engineering and business operations
A discipline is a collection of related tasks that define a major "area of concern" in software engineering and business operations. Disciplines organize work by subject matter, making it easier to understand what skills are needed and how different types of work relate to each other.
What is a Discipline?
Disciplines provide a way to organize and understand the various types of work that occur during software development. Unlike phases (which are temporal), disciplines represent ongoing concerns that span the entire project lifecycle.
A discipline is a collection of related tasks that define a major "area of concern."
NUP extends traditional software development disciplines to cover the complete spectrum of regulated software delivery, including compliance, security, business operations, and emerging technologies.
The 24 NUP Disciplines
NUP organizes work across 24 disciplines, grouped into five categories:
Discipline Categories
| Category | Disciplines |
|---|---|
| Core Engineering | Requirements, Design, Coding and Implementation, Testing, Integration |
| Operations & Infrastructure | Deployment and Maintenance, Configuration Management, Infrastructure Management, DevOps, SecDevOps |
| Architecture & Strategy | Enterprise Architecture, Project Strategy, Project Management |
| Compliance & Security | Regulatory and Legal Compliance, Information Assurance and Security |
| Business & Growth | User Experience, User Onboarding, Marketing and Communication, Media Relations, Client Communication, Sales, Growth Hacking |
| Advanced Technologies | Data Science, Machine Learning |
Core Engineering Disciplines
1. Requirements
Purpose: Define what the system needs to do
Key Activities:
- Elicit stakeholder needs
- Define system features
- Develop use cases and scenarios
- Manage requirements changes
- Maintain traceability
Key Artifacts:
- Vision document
- Use-case model
- Requirements specifications
- Glossary
2. Design
Purpose: Define system structure, component design, and architectural decisions
Key Activities:
- Outline and refine architecture
- Design components and interfaces
- Create design documentation
- Validate design against requirements
- Document architectural decisions (ADRs)
Key Artifacts:
- Architecture Notebook
- Architecture Decision Records (ADRs)
- Component diagrams
- Interface specifications
3. Coding and Implementation
Purpose: Build the system according to requirements and design
Key Activities:
- Implement source code
- Conduct code reviews
- Perform unit testing
- Implement developer tests
- Run developer tests
Key Artifacts:
- Source code
- Unit tests
- Code review records
- Build scripts
4. Testing
Purpose: Verify the system meets requirements and identify defects
Key Activities:
- Plan testing approach
- Create test cases
- Implement test scripts
- Execute tests
- Report and track defects
Key Artifacts:
- Test plan
- Test cases
- Test scripts
- Test results
- Defect reports
5. Integration
Purpose: Combine system components into a cohesive, working system
Key Activities:
- Integrate components
- Create builds
- Perform integration testing
- Resolve integration issues
- Manage build artifacts
Key Artifacts:
- Build artifacts
- Integration test results
- Deployment packages
- Integration documentation
Operations & Infrastructure Disciplines
6. Deployment and Maintenance
Purpose: Deploy and maintain systems in production environments
Key Activities:
- Plan deployments
- Execute deployments
- Monitor production systems
- Perform maintenance activities
- Handle incident response
Key Artifacts:
- Deployment plans
- Release notes
- Maintenance records
- Incident reports
7. Configuration Management
Purpose: Manage changes to artifacts and control versions
Key Activities:
- Establish configuration management environment
- Manage baselines
- Track change requests
- Perform configuration audits
- Ensure artifact versioning
Key Artifacts:
- Configuration management plan
- Change requests
- Baseline records
- Version control records
8. Infrastructure Management
Purpose: Manage the technical infrastructure supporting software systems
Key Activities:
- Provision infrastructure
- Configure environments
- Monitor infrastructure health
- Optimize performance
- Ensure availability
Key Artifacts:
- Infrastructure documentation
- Environment configurations
- Monitoring dashboards
- Capacity plans
9. DevOps
Purpose: Integrate development and operations for continuous delivery
Key Activities:
- Implement CI/CD pipelines
- Automate deployments
- Monitor applications
- Implement infrastructure as code
- Facilitate collaboration between dev and ops
Key Artifacts:
- Pipeline configurations
- Automation scripts
- Monitoring configurations
- Runbooks
10. SecDevOps
Purpose: Integrate security practices into the DevOps pipeline
Key Activities:
- Implement security scanning in CI/CD
- Automate vulnerability assessments
- Integrate security testing
- Monitor security posture
- Respond to security incidents
Key Artifacts:
- Security scan configurations
- Vulnerability reports
- Security policies
- Incident response procedures
Architecture & Strategy Disciplines
11. Enterprise Architecture
Purpose: Define and govern enterprise-wide architecture decisions
Key Activities:
- Establish architecture project
- Identify stakeholders, concerns, and business requirements
- Evaluate business capabilities
- Assess readiness for business transformation
- Develop architecture vision
- Define scope and architecture principles
- Develop business, data, application, and technology architectures
- Perform gap analysis
- Create architecture definition documents
- Define candidate roadmap components
- Conduct formal stakeholder reviews
Key Artifacts:
- Architecture Vision Document
- Architecture Definition Document
- Business Architecture
- Data Architecture
- Application Architecture
- Technology Architecture
- Architecture Roadmap
- Gap Analysis Reports
12. Project Strategy
Purpose: Define strategic direction and objectives for projects
Key Activities:
- Conduct market research
- Define objectives and key results (OKRs)
- Develop product roadmaps
- Align projects with business goals
- Establish governance frameworks
Key Artifacts:
- OKR Documentation
- Market Analysis
- Product Roadmap
- Strategic Plans
13. Project Management
Purpose: Plan, track, and control project execution
Key Activities:
- Plan project
- Plan and manage iterations
- Assess results
- Request changes
- Track progress and quality
Key Artifacts:
- Project Plan
- Iteration Plans
- Progress Reports
- Project Estimates
- Hours Expended Records
- Product Readiness Review
Key Templates:
- Project Estimation Template
- Progress Report and Activity Stream Template
- Development Approach
- Project Plan with Time Estimation
- Detailed Schedule
- Release Scope and Enhancements
Compliance & Security Disciplines
14. Regulatory and Legal Compliance
Purpose: Ensure systems meet regulatory requirements and legal mandates
Key Activities:
- Identify applicable regulations
- Implement compliance controls
- Document compliance evidence
- Conduct compliance audits
- Maintain compliance certifications
Key Regulatory Frameworks Covered:
- HIPAA: Healthcare data protection
- PCI DSS: Payment card data security
- SOX (Sarbanes-Oxley): Financial reporting
- FISMA: Federal information security
- GLBA: Financial data protection
- 508 Compliance: Accessibility requirements
- EU Data Protection Directive / GDPR: Privacy regulations
- BASEL II: Banking risk management
- CFR 21 Part 11: Electronic records and signatures
- IQ/OQ/PQ: Validation protocols
Key Artifacts:
- Compliance Documentation
- Audit Reports
- Validation Protocols
- Regulatory Submissions
Guidelines Include:
- Requirements for Safety and Life Critical Systems
- Design Requirements for Safety and Life Critical Systems
- Implementation and Coding Guidelines
- Testing Guidelines
- Software Maintenance Guidelines
- FMEA (Failure Modes and Effects Analysis)
15. Information Assurance and Security
Purpose: Protect information assets and ensure system security
Key Activities:
- Integrate security into SDLC
- Conduct security and risk assessments
- Implement secure coding practices
- Perform attack-driven defense
- Detect and respond to anomalies
- Prevent injection attacks
Key Topics:
- Application security and secure code
- DNS security threats and prevention
- Standard for securing infrastructure
- Hacked content detection and prevention
- Core security training
Key Artifacts:
- Security Assessments
- Risk Analysis Reports
- Security Policies
- Incident Response Plans
- Vulnerability Reports
Business & Growth Disciplines
16. User Experience
Purpose: Design intuitive, effective user interactions
Key Activities:
- Understand users and their needs
- Use customer journey maps
- Design user interfaces
- Conduct usability testing
- Iterate on user feedback
Key Artifacts:
- User Personas
- Customer Journey Maps
- Wireframes
- Prototypes
- Usability Test Results
17. User Onboarding
Purpose: Guide new users to successfully adopt the product
Key Activities:
- Design onboarding flows
- Create welcome experiences
- Implement progressive disclosure
- Measure onboarding success
- Optimize conversion funnels
Key Artifacts:
- Onboarding Documentation
- Tutorial Content
- Onboarding Analytics
18. Marketing and Communication
Purpose: Position and promote products effectively
Key Activities:
- Develop product messaging
- Create marketing materials
- Plan product launches
- Manage communication channels
- Track marketing effectiveness
Key Artifacts:
- Product Marketing Plan
- Launch Plan
- Marketing Materials
- Communication Strategy
19. Media Relations
Purpose: Manage relationships with media and press
Key Activities:
- Develop press strategies
- Create press releases
- Manage media inquiries
- Monitor media coverage
- Build media relationships
Key Artifacts:
- Press Releases
- Media Kits
- Coverage Reports
20. Client Communication
Purpose: Maintain effective communication with clients
Key Activities:
- Establish communication channels
- Provide regular updates
- Manage expectations
- Gather client feedback
- Resolve client concerns
Key Artifacts:
- Status Reports
- Meeting Minutes
- Feedback Records
21. Sales
Purpose: Drive revenue through effective sales processes
Key Activities:
- Qualify leads
- Demonstrate product value
- Manage sales pipeline
- Close deals
- Maintain customer relationships
Key Artifacts:
- Sales Pipeline Reports
- Proposals
- Contracts
22. Growth Hacking
Purpose: Achieve rapid growth through experimentation and optimization
Key Activities:
- Identify growth opportunities
- Design growth experiments
- Implement viral loops
- Optimize conversion rates
- Analyze growth metrics
Key Artifacts:
- Growth Experiments
- A/B Test Results
- Growth Metrics Reports
Advanced Technologies Disciplines
23. Data Science
Purpose: Extract insights from data to drive decisions
Key Activities:
- Collect and prepare data
- Perform exploratory analysis
- Build predictive models
- Visualize insights
- Deploy data solutions
Key Artifacts:
- Data Models
- Analysis Reports
- Dashboards
- Data Pipelines
24. Machine Learning
Purpose: Implement intelligent systems that learn from data
Key Activities:
- Define ML problem statements
- Prepare training data
- Train and validate models
- Deploy ML models
- Monitor model performance
Key Artifacts:
- ML Models
- Training Data Sets
- Model Performance Reports
- Feature Engineering Documentation
Discipline Effort Distribution
Work effort across disciplines varies by phase. NUP has seven phases:
Core Engineering Disciplines by Phase
| Phase | Requirements | Design | Coding | Testing | Integration |
|---|---|---|---|---|---|
| Strategy | Low | None | None | None | None |
| Envision | Medium | Low | None | None | None |
| Inception | High | Medium | Low | Low | None |
| Elaboration | High | High | Medium | Low | Low |
| Construction | Low | Low | High | High | High |
| Transition | Low | Low | Medium | High | Medium |
| Production | Low | Low | Medium | Medium | Low |
Operations & Management Disciplines by Phase
| Phase | Deployment | Config Mgmt | Infrastructure | DevOps | SecDevOps | Project Mgmt |
|---|---|---|---|---|---|---|
| Strategy | None | Low | Low | Low | Low | High |
| Envision | None | Low | Medium | Low | Low | High |
| Inception | None | Low | Medium | Medium | Medium | High |
| Elaboration | Low | Medium | Medium | Medium | Medium | Medium |
| Construction | Medium | High | Medium | High | High | Medium |
| Transition | High | High | High | High | High | Medium |
| Production | High | High | High | High | High | Medium |
Architecture, Compliance & Business Disciplines by Phase
| Phase | Enterprise Arch | Strategy | Compliance | Security | User Experience |
|---|---|---|---|---|---|
| Strategy | Low | High | Medium | Low | Low |
| Envision | High | High | Medium | Medium | Medium |
| Inception | Medium | Medium | High | Medium | High |
| Elaboration | High | Low | High | High | Medium |
| Construction | Low | Low | Medium | High | Low |
| Transition | Low | Low | High | High | Medium |
| Production | Low | Low | High | High | Medium |
Cross-Discipline Integration
Requirements → Design
- Requirements drive architectural decisions
- Design validates feasibility
- Both maintain traceability
Design → Coding and Implementation
- Design provides the blueprint
- Implementation realizes the design
- Deviations require design review
Coding → Testing
- Code must be testable
- Tests verify implementation
- Defects drive code changes
Testing → Integration
- Unit tests precede integration
- Integration tests validate assemblies
- System tests verify end-to-end
All → Configuration Management
- All artifacts are version-controlled
- Changes are tracked and approved
- Baselines are maintained
Compliance → All Disciplines
- Regulatory requirements influence all work
- Traceability spans all disciplines
- Audit evidence collected throughout
Security → DevOps = SecDevOps
- Security integrated into CI/CD
- Automated vulnerability scanning
- Continuous security monitoring
Discipline Alignment with Microsoft Playbook
| NUP Discipline | MS Playbook Coverage |
|---|---|
| Requirements | Backlog Management, User Stories |
| Design | Design, Design Reviews, ADRs |
| Coding and Implementation | Code Reviews, Developer Experience |
| Testing | Automated Testing |
| Integration | CI/CD, Continuous Integration |
| DevOps | Source Control, CI/CD, Observability |
| Project Management | Agile Development, Ceremonies |
| Configuration Management | Source Control, Branching Strategy |
Best Practices by Discipline Category
Core Engineering
- Requirements: Involve stakeholders early, keep requirements testable, maintain traceability
- Design: Document decisions with ADRs, review at milestones, keep documentation current
- Coding: Follow standards, conduct peer reviews, write unit tests with code
- Testing: Automate regression tests, test early and continuously
- Integration: Integrate frequently, automate builds, fix broken builds immediately
Operations & Infrastructure
- DevOps: Automate everything, monitor proactively, practice continuous improvement
- SecDevOps: Shift security left, automate security testing, respond rapidly to vulnerabilities
- Configuration Management: Version control everything, maintain clear branching strategy
- Infrastructure: Use infrastructure as code, automate provisioning
Compliance & Security
- Regulatory Compliance: Document everything, maintain audit trails, verify controls regularly
- Security: Integrate into SDLC, conduct regular assessments, train all team members
Business & Growth
- User Experience: Understand users deeply, test with real users, iterate on feedback
- Client Communication: Be proactive, set clear expectations, listen actively
Related Resources
Compliance
This section fulfills ISO 13485 requirements for QMS planning (5.4.2), design and development planning (7.3.2), and production control (7.5.1), and ISO 27001 requirements for security organization (A.5.1), secure development lifecycle (A.8.25), and operational planning (8.1).
How is this guide?
Last updated on