Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Like this? Share it with your network

Share

Agility meets regulatory compliance

  • 2,101 views
Uploaded on

How can we reconcile the light touch approach of agile development teams to the governance and information security requirements such as Data Privacy and Regulatory Compliance? I discuss how to bring ...

How can we reconcile the light touch approach of agile development teams to the governance and information security requirements such as Data Privacy and Regulatory Compliance? I discuss how to bring together the apparently conflicting needs of information security and agile, and show by example how agile teams actually approach tough regulatory requirements and good governance.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • I like the presentation but I am at odds at to the use of 'governance' as opposed to stating the process used. Governance deals with four aspects: leadership, decision making, feedback, and accountability. All these aspects are also found in Agile processes (agile is a paradigm, Scrum is a process). Leadership: Scrum master. Decision making: agile team. Feedback: stand-up meetings, retrospectives. Accountability: working software at the end of each sprint. So there is, in fact, agile governance...
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
2,101
On Slideshare
1,768
From Embeds
333
Number of Embeds
7

Actions

Shares
Downloads
70
Comments
1
Likes
4

Embeds 333

http://www.agile42.com 305
http://feedly.com 12
http://www.linkedin.com 5
https://www.linkedin.com 4
http://www.agileandlean.de 4
http://reader.aol.com 2
http://digg.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. agility meets regulatory compliance agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 2. Why should it be more difficult to apply Scrum where IT governance & regulatory compliance is enforced? agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 3. what is driving growth in agility? agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 4. Software lines in FORD vehicles over the past 5 years 10 10 7.5 6 x4 5 4.5 3.4 2.8 2.4 2.5 0 2005 2006 2007 2008 2009 2010 Software complexity in FORD vehicles Growing Software quadrupled in 5 years Complexity agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 5. F-22 Raptor 1.7 F-35 Joint Strike 5.7 x1 0 Boeing 787 Dreamliner 6.5 S-Class Daimler 98.6 Compared software complexity growth in Growing Software aerospace and automotive Complexity agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 6. years 13.5 3 m on th s 1915 1939 1972 1976 1983 1994 1998 2000 2002 2004 Deepa Chandrasekaran, Gerard J. Tellis - Marshall School of Business, University of Southern California, Los Angeles, California Due to globalization effects, and other economical changes, the time to market over Time to Market time decreased significantly agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 7. why does that matter? agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 8. Defined Process, suited to produce faster with constant inputs Change from this... agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 9. R&D based process suited to uncertain and changeable environments ... to this agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 10. what is governance and regulatory compliance? agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 11. IT Governance Goals The primary goals for information technology governance are to: 1. Assure that investment in IT generates business value, and 2. Mitigate the risks associated with IT agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 12. Comparing the goals 1 Quality 2 Productivity 3 Predictability 4 Business Value Business Value Risk Management Effectiveness Exceed requirements governance agility agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 13. Interpreted to be prescriptive "… the leadership and organisational “The structure, structures and oversight and "The system by which the processes that ensure management processes current and future use of that the organisation’s which ensure the ICT is directed and IT sustains and extends delivery of the expected controlled. It involves the organisation’s strategies and benefits of IT in a evaluating and directing objectives" controlled way to help the plans for the use of IT Governance Institute enhance the long term ICT to support the sustainable success of organisation and the enterprise.” monitoring this use to ISACA achieve plans. It includes the strategy and policies for using ICT within an organisation." Australian Standard agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 14. Achieving agility vs. compliance Communica)on Empowerment Transparency Adaptability Itera)ve  &  Incremental Defined  Process  &  Standards Plan  ›  Analyze  › Develop  › Test Traceability Formal  review  and  approval Configura)on  Management governance agility agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 15. how to reconcile agile and governance processes agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 16. Scrum process agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 17. The wrong way to manage governance 0 1 2 3 agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 18. Scrum process 1.  Documenta)on 2.  Interac)ons agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 19. Documentation agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 20. Is documentation waste? “Everything that does not add value to the product is waste” 1st  principle  of  lean   development agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 21. Is documentation waste? “If you must produce paperwork that adds little customer value, there are three rules to remember: Keep it short. Keep it high level. Do it offline.” “Safety-critical systems are frequently regulated and are often required to have written requirements, traceable to code. In this case, formatting the requirements so that they can easily be evaluated and checked for completeness may qualify as a value-adding activity. Look for a table driven or template driven format that reduces the requirements to a condensed format that both users and development can rapidly understand and validate.” Mary Poppendieck, Lean Software Development agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 22. Changing role of specifications Requirements  Specifica7ons Requirements Specifica7ons Epics User  Stories Acceptance  Criteria Validate  / Update Design Tests Tests Code Design Define  / Execute Code Requirements  Specifica)ons   drive  implementa)on Requirements  document  system  as-­‐built governance agility agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 23. Changing role of standard operating procedures A  Standard  defines   Standards  reduce   goals  for  a  team  to   varia)on  and  allow   reach,  and  constraints   untrained  people  to   to  observe.   make  decisions. An  Agile  Team  will  use   WriKen  standards  are   it  as  a  baseline  for   to  be  followed,  not   con)nuous  process   changed. improvement. governance agility agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 24. Changing role of document review and approval This  document  is  now   part  of  a  consistent   product  increment. This  document  is  now   approved  as  input  for  the   The  Defini)on  of  Done   next  development  phase.   and  Defini)on  of  Ready   allow  sePng  of  minimal   requirements  to  pass  to   the  next  phase. governance agility agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 25. Merging agile and governance needs 1.  Documenta7on • Document  system  as-­‐ built • Opera)ng  procedures   serve  as  baseline • DoR,  DoD  serve  as   minimal  requirements • Document  is  part  of   product  increment agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 26. Interactions agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 27. A typical product development process CONCEIVE DESIGN IMPLEMENT DEPLOY time-to-market agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 28. Mapping the value stream CONCEIVE DESIGN IMPLEMENT DEPLOY value adding non-value adding time-to-market agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 29. Common non-value adding steps include... CONCEIVE DESIGN IMPLEMENT DEPLOY value adding non-value adding time-to-market agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 30. Merging agile and governance needs 2.  Interac7ons • Role  of  involved   stakeholder • Defines  minimum   requirements  to  be  met • Reviews  Requirements  &   User  Stories • Provides  reviews/ direc)on  within  Sprint agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 31. so what? agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 32. Conclusions • Agility and IT Governance & Regulatory Compliance share the same objectives • Differences in HOW they are implemented drives potential conflict • Agility and IT Governance can co-exist: • Definition of Ready and Definition of Done server as minimal requirements (replacing Standards) • Involve IS/Compliance Manager as involved Stakeholder, providing reviews/direction within Sprint • Deliver compliance documentation is part of product increment agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.
  • 33. Questions? & Answers! For any further comment and or question, feel free to contact us info@agile42.com Further References: Scrum Alliance: http://www.scrumalliance.org Control Chaos: http://www.controlchaos.com Implementing Scrum: http://www.implementingscrum.com Jeff Sutherland Blog: http://jeffsutherland.com/scrum Mike Cohn “User Stories”: http://www.mountaingoatsoftware.com agile42 Website: http://www.agile42.com/ agile42 | We advise, train and coach companies building software www.agile42.com | All rights reserved. Copyright © 2007 - 2009.