CollabNet VersionOne had the pleasure of recently welcoming industry luminary Dr. Steve Mayner, fellow and principal consultant at Scaled Agile, as a guest expert to discuss implementing lean Agile at scale in highly regulated industries. Dr. Mayner is eminently qualified to guide organizations through this process, as he was responsible for the first official use of the Scaled Agile Framework® (SAFe) in a government program. His contribution led to the successful turnaround of a large, mission-critical Department of Homeland Security mainframe modernization initiative. In his work as a scrum master and program manager, he developed a deep interest and passion for the SAFe framework and the benefits it provides. As a result, he ultimately decided to join the Scaled Agile team and help others implement this transformative model.
Many of CollabNet VersionOne’s customers live in a world where regulations and compliance are of foremost importance for all software projects. Whether this means automotive manufacturers meeting safety requirements, defense and military applications adhering to security regulations, or financial institutions and healthcare organizations complying with privacy mandates – the list of scenarios runs far and wide. It is a primary concern for our customers to not only innovate quickly and meet customer needs, but to ensure that regulations and quality standards are met, all without sacrificing business goals.
Now, as we're all moving into faster moving markets, higher competition, and digital disruption are affecting pretty much every industry out there. We know there is a common need for faster time to market and for agility to innovate and bring solutions faster. Dr. Mayner recommends a Lean and Agile approach to compliance for these kinds of organizations. As explained in the webinar, the key is working smaller and incorporating compliance considerations throughout the entire lifecycle.
This approach goes against the current norm, which is to address compliance at the end of development. Developers and engineers work diligently to build some new product or service and then at the very end it, it's run through the compliance hoops. Of course, the problem with that is that it tends to lead to a surge of activity at the very end. If problems are uncovered, teams must loop back to address them. They must uncover all the impacted areas, and then, if the team didn't plan appropriately, miss deadlines for delivery to customers. This creates problems both in customer expectation as well as in the markets for publicly held companies.
The way to prevent that is to build and address compliance by working in smaller batches and creating a small but fully functioning component, then testing, releasing and gathering feedback. See Figure 1. That’s the better way to go. This makes it easier for teams to confirm that the product is meeting standards and achieving business goals before the stakes are too high. Also, errors are easier see coming and prevent, and when they creep in and are uncovered after, then the trouble spots can be identified faster, and the solution can be altered on a smaller scale.
Figure 1. This image taken from the webinar highlights some of the benefits of including compliance work throughout the process.
NASA is one example of an organization that made this transition to a lean Agile approach several years ago. By building the solution differently and inviting quality assurance and compliance experts to evaluate the product when the cost of making changes is low, it created a much more efficient and sustainable process.
SAFe experts have found that management is typically open to approaching this issue a different way. Over time, they are often willing to transition to this new approach because it’s clear it improves the safety and compliance. Internal auditors find it much easier to inspect the system in increments, a small batch rather than trying to deconstruct a giant solution at the end. It ultimately makes their jobs easier.
In a high assurance world, managers and executives who take ultimate responsibility for quality management/compliance must have traceability in the software development lifecycle. The artifacts that prove your system is able to do this could be testing, data capture, but where is the best place for an auditor or QA person to go in and find all that? That’s where a tool like VersionOne comes in.
VersionOne allows for the tracking and management of all governance and compliance pieces. gives you 100% visibility into your complete software delivery lifecycle, so you can know what happened with every person, every tool, and every process. Get real-time visibility and on-demand audit reports that let you know what happened to your code, from the time it was checked in to the time it was released to Production. This audit visibility is across teams and levels of responsibilities:
Release Managers & Application Teams – Can automate their entire data collection process and create on-demand, real-time reports that enable them to meet audit and compliance requirements.
Compliance, Security, and Audit Groups – They now have all the data to paint a complete compliance picture of what happened in a release, understand risk, and map back to strategic business objectives and outcomes
CXOs – Have full visibility across the entire software factory, and can leverage data to understand what are the objectives of value that drive business outcomes, understand where the risk and bottlenecks are, and guarantee compliance.
Figure 2. This image is taken from a screenshot of the Audit Report in VersionOne detailing package changes from Plan to Release.
Figure 3. This image is taken from an example screenshot of VersionOne tracking compliance
Understanding the process, tracking and reporting on how work is done is the last mile to making the approach to compliance presented by Dr. Mayner a reality for organizations. Managers and IT leaders are empowered by the visibility and traceability that our platform provides.
Get a deeper understanding in Dr. Mayner’s full presentation, plus see a demonstration of the concepts in this session titled Implementing Lean-Agile at Scale in Highly Regulated Industries.
To learn more about our Agile Management solution enabling highly regulated organizations to implement this approach to compliance with VersionOne, please visit: https://www.collab.net/products/versionone.
About the AuthorMore Content by Eric Robertson