SlideShare a Scribd company logo

Exploratory Testing Audit Survival

Download as PPTX, PDF
Griffin Jones
Griffin Jones

The document discusses heuristics for exploratory testing teams at FDA-regulated companies to survive regulatory audits. It introduces the "CHCMWCE" heuristic - being Congruent, Honest, Competent, using an appropriate Model, being Willing, maintaining Control, and providing strong Evidence. It discusses applying this heuristic by addressing potential "smells" or issues at each level and providing objective, clear evidence to satisfy auditors. The goal is for testing teams to understand auditors' perspectives and give them what they need to demonstrate compliance.

SoftwareBusinessTechnology
1 of 39
The audit survival heuristics of an FDA regulated exploratory testing team CAST August 8th, 2011 1Griffin Jones – Congruent Compliance LLC © 2011
Preliminaries  Who is in the room?  My goal:  Stimulate your interest to study the subject more  Leave with a heuristic to help you organize and present with confidence your ET results to regulatory auditors  Have a conversation and try to meet your needs  Quick Preview  The context  The heuristic and how to apply it  Some of the traps about ET in a regulated industry CAST August 8th, 2011 2Griffin Jones – Congruent Compliance LLC © 2011
Assumptions and Terms  This is a living presentation  Based on my experiences of auditing and being audited  More reference information here than I will present  Follow the for the key points  Much of this can be adapted to other contexts  i.e., not “FDA regulated, Exploratory Testing”  “Schools of Testing” by Bret Pettichord  Analytic , Standard, Quality, Context-Driven, Agile  Exploratory Testing:  Simultaneous learning, test design and test execution CAST August 8th, 2011 3Griffin Jones – Congruent Compliance LLC © 2011
Terms  Congruence  Being balanced between inner feelings & outer actions  Smells  Symptom that possibly indicates a deeper problem  5 Whys  Questions-asking method to investigate root causes  “Mary had a little lamb” heuristic  Emphasize each of the individual words in a statement  Checking: confirming existing beliefs; versus:  Testing - finding new information (Michael Bolton) CAST August 8th, 2011 4Griffin Jones – Congruent Compliance LLC © 2011
The Problem  Let’s assume that you are FDA regulated and trying to do compliant context driven, Exploratory Testing  You likely have these concerns about passing an audit:  Evidence is not sufficient  Documentation is not sufficient  Process control is not sufficient  Can’t clearly explain what you do and why  Auditors value different things than you, and speak a different language CAST August 8th, 2011 5Griffin Jones – Congruent Compliance LLC © 2011
Fast Takeaway  The regulator is not your business partner  The regulator has police powers  “Let the Wookie win”  Auditors are likely of the “Quality” (gatekeepers) or “Routine” (traceability matrix) testing school model  You are Context Driven testing school. Deal with it.  Auditors think “testing” is “demonstration and checking”  Don’t try and convert them. Deal with it. CAST August 8th, 2011 6Griffin Jones – Congruent Compliance LLC © 2011
Spoiler  The regulations are not the problem  How you are coping with the regulations is the problem  Give the Auditors what they want:  Clear traceable requirements and description of risks  Description and demonstration of control  Clear objective evidence  The ability to understand their concerns, speak their language, and explain how you are compliant  Abundant, quality evidence mitigates your other problems CAST August 8th, 2011 7Griffin Jones – Congruent Compliance LLC © 2011
Not going to talk about…  The Fear, Uncertainly, and Doubt swirling in the field  Vendor/Experts: “You should be scared, but I have…”  Silver Bullets and Big Magic  “… so trust me and just buy my wares. By the way, ..”  Persistent Myths  “… IMO the regulators “frown on” ET (… I don’t sell it).”  The “Typical” Regulatory Affairs Presentation CAST August 8th, 2011 8Griffin Jones – Congruent Compliance LLC © 2011
Regulatory Overview  Regulations  For the public good - because people died  Regulators  FDA regulates >25% of the Gross Domestic Product  Regulatory Auditors  Police Powers  Industry Auditors  Assessors and valued advisors to management  Audits CAST August 8th, 2011 9 Details Griffin Jones – Congruent Compliance LLC © 2011
Audit Survival Heuristics  CHCMWCE “Chocolate Mousse”  Congruent  Honest  Competent  Model (Appropriate)  Willing  Control  Evidence CAST August 8th, 2011 15 Model Competent Honest Evidence Control Willing Congruent Griffin Jones – Congruent Compliance LLC © 2011
Let’s take a journey … CAST August 8th, 2011 16  Practice  Congruent  Theory  Less Stressful Audits Griffin Jones – Congruent Compliance LLC © 2011
The Congruence Triad  Congruence is when you are balanced between inner feelings and outer actions  The Congruence Triad  Self, Other, Context  Being congruent is a process  A way of communicating with yourself and others  Incongruence is when part of the triad is missing  Placating, Blaming, Super-rational, or Irrelevant?  What is missing and fill it in:  Self, Others, Context CAST August 8th, 2011 17 Other Context Self Details Griffin Jones – Congruent Compliance LLC © 2011
The Theory Mountains …  Dishonest  Incompetent  Inadequate CAST August 8th, 2011 21  Honest  Competent  Appropriate Model  Self-Incriminating  Experts and Heroes  Over-Constrained Griffin Jones – Congruent Compliance LLC © 2011
Honest  Integrity, Truthful, Trust, Sincerity in:  You and your organization  Words, actions, and documents  Smells  Dishonest  Self-incrimination  Don’t create even the appearance of a problem  Tests  How do you and the organization react to criticism?  Are you a learning organization? (5 Why) CAST August 8th, 2011 22Griffin Jones – Congruent Compliance LLC © 2011
Competent  Are you and your organization:  Capable, credible, understands context, speaks the language; trained in the industry, technology, and regulatory obligations  Smells  Incompetent  Experts and heroes  Tests  Do you believe you are capable of doing good work? (5 Why) CAST August 8th, 2011 23Griffin Jones – Congruent Compliance LLC © 2011
Appropriate Model  Is the process model:  Complete, reasonable, practical, logical, explainable  Smells  Inadequate model  Over-constrained model  Test:  What problem is this model solving? How will it Fail?  What is required in this model? Missing?  Do you believe this model is sufficient? (5 Why) CAST August 8th, 2011 24Griffin Jones – Congruent Compliance LLC © 2011
The Practice Mountains …  Unwilling  Out-of-Control  No Evidence CAST August 8th, 2011 25  Excessive or Wasteful  Micro-Management  Obsessive-Compulsive  Willing  Under Control  Evidence Griffin Jones – Congruent Compliance LLC © 2011
Willing  Motivated, focused, prioritized, committed, resourced, staffed, supported, given attention, nurtured  Smells  Unwilling  Excessive or Wasteful  Test  Do people care? (5 Why)  Is there sufficient resources for the work and expectations? (5 Why) CAST August 8th, 2011 26Griffin Jones – Congruent Compliance LLC © 2011
Under Control  Explain what you are doing and why. Are you living it?  Coherently explain your:  configuration control and authorization  traceability and accountable  organization, preparation, planning, independent review, prevention, correction, checking and testing  Smells  Out-of control  Micro-managed  Tests  Is the type and level of controls appropriate? (5 Why) CAST August 8th, 2011 27Griffin Jones – Congruent Compliance LLC © 2011
Evidence  Auditable evidence:  Clear, objective, retrieval, human readable, attributable, contemporary evidence that a third party can review or reconstruct (with minimal outside help); and quickly reach the same results and conclusions.  Smells  No-evidence  Obsessive-compulsive evidence  Tests  Explain why the specific evidence meets the criteria. (5 Why) CAST August 8th, 2011 28Griffin Jones – Congruent Compliance LLC © 2011
How do you apply this?  Application is as simple as: CAST August 8th, 2011 29 Remembering to ask the questions. Follow the energy of the answers. Fix the base, first. Griffin Jones – Congruent Compliance LLC © 2011
During an Audit  Choosing a regulatory posture  Manageable issues (within reason)  Evidence  Controls  Willingness (resources and priority)  Unmanageable issues  Broken process model  Lack of competence  Broken trust  Incongruence CAST August 8th, 2011 30Griffin Jones – Congruent Compliance LLC © 2011
More Fast Takeaways  The FDA is open to agile processes and realizes that the current approach to software validation is not working  At the same time, companies are more concerned about:  the business risk that the FDA would not accept the agile process,  than the product or project risk that is associated with waterfall type development  Find the middle option for your context CAST August 8th, 2011 31Griffin Jones – Congruent Compliance LLC © 2011
Natural Evidence  Periodically , take the observer point-of-view and ask:  Is what I see and hear, about the theory and practice of what we do:  acceptable from both a product qualification and regulatory compliance point of view?  If yes, what is the most natural, efficient, and strongest evidence we could collect?  Why not a video/audio recordings w/ paper summary?  Is it being collected? If no, why not? (5 Why)  organizational problem? CAST August 8th, 2011 32Griffin Jones – Congruent Compliance LLC © 2011
Organizational Smells Going Tilt Traps CAST August 8th, 2011 33Griffin Jones – Congruent Compliance LLC © 2011
Smells that lead to …  Paint the Village  Visitors are coming. How shall we work today?  The “Best Practice” Cargo Cult  We don’t really understand the details of what we do, why we do it, or how what we do works. But have faith.  Testing Death Spiral  Regulator does not care about testing and management might only care about regulatory compliance. Spiral.  The Titanic  The gigantic engineered process is perfect – people are the source of problems, not solutions CAST August 8th, 2011 34Griffin Jones – Congruent Compliance LLC © 2011
Organizational Disasters  Pathetic Compliance  Following a regulatory compliant procedure in a way that does not solve the testing problem for which it was designed.  Utopian Shelf-ware Procedures  No one reads them. They are not reality.  Close Enough  I don’t have to do it exactly. I know better. No one will notice or care.  Read My Mind  Because that is the only place where the evidence is. CAST August 8th, 2011 35Griffin Jones – Congruent Compliance LLC © 2011
Is the Auditor on Tilt? CAST August 8th, 2011 36  Maybe it is something we said or did, or are doing?  History  That you are unaware of, and it might be complicated  Notches on the gun  May be making a name for themselves  Making an example of you  May be constructing an example to deter others Griffin Jones – Congruent Compliance LLC © 2011
Classic ET Traps  Implementation details identified as requirements  Tighten and simplify your requirements  Documentation lacks detail to support traceability  Require less mind reading.  Control is vague or assumed  Summarize and document what control is for you CAST August 8th, 2011 37Griffin Jones – Congruent Compliance LLC © 2011
The BIG Trap  Weak Evidence  “Clear, objective, retrieval, human readable, attributable, contemporary evidence that a third party can review or reconstruct (with minimal outside help); and quickly reach the same results and conclusions.”  Check it via “Mary had a little lamb”  Collect it naturally  Weak evidence is likely a symptom of other deeper issues  Abundant, quality evidence mitigates your other problems CAST August 8th, 2011 38Griffin Jones – Congruent Compliance LLC © 2011
Audits can be Useful  Candor can result in free consulting and insight  Should you take the risk?  Provides motivation – management cares  Provides actionable data  The jiggle that is needed by the organization  A counter-measure to low expectations & poor practices CAST August 8th, 2011 39 If you can’t be a good example, you are going to be a stern warning. Griffin Jones – Congruent Compliance LLC © 2011
Recap of the Spoiler  The regulations are not the problem.  How you are coping with the regulations is the problem.  Give the Auditors what they want:  Clear traceable requirements and description of risks  Description and demonstration of control  Clear objective evidence  The ability to understand their concerns, speak their language, and explain how you are compliant  Abundant and quality evidence mitigates your other problems. CAST August 8th, 2011 40Griffin Jones – Congruent Compliance LLC © 2011
The Big Take Away  Understand your regulatory context  Work on your congruence  Work each level of the model, ask the questions  Document how you are under control  Improve your evidence, collect it naturally  Avoid the smells, disasters, and traps  Summarize your regulatory story, practice explaining it  Apply what you learn during the audit CAST August 8th, 2011 41 1 2 3 Griffin Jones – Congruent Compliance LLC © 2011
Questions? CAST August 8th, 2011 42 Model Competent Honest Evidence Control Willing Congruent Griffin Jones – Congruent Compliance LLC © 2011
Further Study - A  FDA presentations and resources:  Webinar with FDA's John Murray on Software Validation in the Field of Medical Devices  Presentation: Preparing for an FDA Medical Device Sponsor Inspection  Quality System Inspection Technique – Inspection Guide  General Principles of Software Validation; Final Guidance for Industry and FDA Staff CAST August 8th, 2011 43Griffin Jones – Congruent Compliance LLC © 2011
Further Study - B  Regulatory Compliance  “The Art of Compliance: Turning Compliance into Sustainable Business Advantage” by Robert Rhoades of Quintiles  FDA inspections:  “How to Host an FDA Inspection” by SGS – Life Science Services  “Preparation for FDA Inspection” by NEMA/ADVAMED/PHILIPS  “FDA Sponsor Inspections: How to Prepare and Survive” by Medtronic, Inc CAST August 8th, 2011 44Griffin Jones – Congruent Compliance LLC © 2011
Further Study - C  Audits  “The ASQ Auditing Handbook” by J. P. Russell  Congruence  “Beyond Blaming” by Jean McLendon and Gerald M. Weinberg  “The Satir Model: Family Therapy and Beyond” by Virginia M. Satir  “More Secrets of Consulting: The Consultant's Tool Kit” by Gerald M. Weinberg CAST August 8th, 2011 45Griffin Jones – Congruent Compliance LLC © 2011
Further Study - D  Agile and the FDA  Business Risk (from the FDA) versus Product Risk  http://blogs.construx.com/forums/t/432.aspx  “What is Exploratory Testing? And How it Differs from Scripted Testing” by James Bach  “Coping With Complexity: Lessons From a Medical Device Project” by Yaron Kottler  Testers and Auditors  “Testers are like auditors” by James Christie  Evidence  “21 CFR Part 11 Electronic Records …” by the FDA CAST August 8th, 2011 46Griffin Jones – Congruent Compliance LLC © 2011
Griffin Jones Congruent Compliance Griffin.Jones@CongruentCompliance.com Thank You! CAST August 8th, 2011 47Griffin Jones – Congruent Compliance LLC © 2011

Recommended

Surviving an fda audit griffin jones - nov 2011 - bspe
Surviving an fda audit griffin jones - nov 2011 - bspeSurviving an fda audit griffin jones - nov 2011 - bspe
Surviving an fda audit griffin jones - nov 2011 - bspeGriffin Jones
 
Surviving an FDA Audit: Heuristics for Exploratory Testing - from CAST, STP, ...
Surviving an FDA Audit: Heuristics for Exploratory Testing - from CAST, STP, ...Surviving an FDA Audit: Heuristics for Exploratory Testing - from CAST, STP, ...
Surviving an FDA Audit: Heuristics for Exploratory Testing - from CAST, STP, ...Griffin Jones
 
The Axioms of Testing
The Axioms of TestingThe Axioms of Testing
The Axioms of TestingPaul Gerrard
 
STARWest 2013 Courage and Freedom in Exploratory Testing
STARWest 2013 Courage and Freedom in Exploratory TestingSTARWest 2013 Courage and Freedom in Exploratory Testing
STARWest 2013 Courage and Freedom in Exploratory TestingGriffin Jones
 
Evidence-Based Management presentation
Evidence-Based Management presentationEvidence-Based Management presentation
Evidence-Based Management presentationIoannis Nikolaou
 
Ethics, Integrity and Trust
Ethics, Integrity and TrustEthics, Integrity and Trust
Ethics, Integrity and TrustMcKonly & Asbury, LLP
 
Non-conformity, RCA & reporting an audit
Non-conformity, RCA & reporting an auditNon-conformity, RCA & reporting an audit
Non-conformity, RCA & reporting an auditTeam Web Africa
 
Ruth Steinholtz, Session 2
Ruth Steinholtz, Session 2Ruth Steinholtz, Session 2
Ruth Steinholtz, Session 2OECD Governance
 

Recommended

Surviving an fda audit griffin jones - nov 2011 - bspe
Surviving an fda audit griffin jones - nov 2011 - bspeSurviving an fda audit griffin jones - nov 2011 - bspe
Surviving an fda audit griffin jones - nov 2011 - bspeGriffin Jones
 
Surviving an FDA Audit: Heuristics for Exploratory Testing - from CAST, STP, ...
Surviving an FDA Audit: Heuristics for Exploratory Testing - from CAST, STP, ...Surviving an FDA Audit: Heuristics for Exploratory Testing - from CAST, STP, ...
Surviving an FDA Audit: Heuristics for Exploratory Testing - from CAST, STP, ...Griffin Jones
 
The Axioms of Testing
The Axioms of TestingThe Axioms of Testing
The Axioms of TestingPaul Gerrard
 
STARWest 2013 Courage and Freedom in Exploratory Testing
STARWest 2013 Courage and Freedom in Exploratory TestingSTARWest 2013 Courage and Freedom in Exploratory Testing
STARWest 2013 Courage and Freedom in Exploratory TestingGriffin Jones
 
Evidence-Based Management presentation
Evidence-Based Management presentationEvidence-Based Management presentation
Evidence-Based Management presentationIoannis Nikolaou
 
Ethics, Integrity and Trust
Ethics, Integrity and TrustEthics, Integrity and Trust
Ethics, Integrity and TrustMcKonly & Asbury, LLP
 
Non-conformity, RCA & reporting an audit
Non-conformity, RCA & reporting an auditNon-conformity, RCA & reporting an audit
Non-conformity, RCA & reporting an auditTeam Web Africa
 
Ruth Steinholtz, Session 2
Ruth Steinholtz, Session 2Ruth Steinholtz, Session 2
Ruth Steinholtz, Session 2OECD Governance
 
Next Generation Compliance: Using Analytics to Reduce Compliance Risk
Next Generation Compliance: Using Analytics to Reduce Compliance RiskNext Generation Compliance: Using Analytics to Reduce Compliance Risk
Next Generation Compliance: Using Analytics to Reduce Compliance Riskqordata
 
Reliability And Validity
Reliability And ValidityReliability And Validity
Reliability And ValidityJames Penny
 
Internal Investigations Workshop for HR Practitioners
Internal Investigations Workshop for HR PractitionersInternal Investigations Workshop for HR Practitioners
Internal Investigations Workshop for HR PractitionersPaul Falcone
 
2009 Plant Ferti Grow Fresnochilddev Pres
2009 Plant Ferti Grow Fresnochilddev Pres2009 Plant Ferti Grow Fresnochilddev Pres
2009 Plant Ferti Grow Fresnochilddev PresIda Jones
 
What’s in a Name of an Ethics CodeRead Consider What’s in a N.docx
What’s in a Name of an Ethics CodeRead Consider What’s in a N.docxWhat’s in a Name of an Ethics CodeRead Consider What’s in a N.docx
What’s in a Name of an Ethics CodeRead Consider What’s in a N.docxsusanschei
 
Evidence-Based Management, Teaching Managers to Make Better Decisions
Evidence-Based Management, Teaching Managers to Make Better DecisionsEvidence-Based Management, Teaching Managers to Make Better Decisions
Evidence-Based Management, Teaching Managers to Make Better DecisionsCenter for Evidence-Based Management
 
Heuristics for Becoming a Learning Organisation
Heuristics for Becoming a Learning OrganisationHeuristics for Becoming a Learning Organisation
Heuristics for Becoming a Learning OrganisationKarl Scotland
 
From collective insanity to organisational learning 2019 03 11 brisbane bus...
From collective insanity to organisational learning 2019 03 11 brisbane bus...From collective insanity to organisational learning 2019 03 11 brisbane bus...
From collective insanity to organisational learning 2019 03 11 brisbane bus...Jorn Bettin
 
Rapid software testing
Rapid software testingRapid software testing
Rapid software testingSachin MK
 
From collective insanity to organisational learning
From collective insanity to organisational learningFrom collective insanity to organisational learning
From collective insanity to organisational learningJorn Bettin
 
Group-A, Day 1: CLINICAL TRIAL, Rising Regulations & Complexities, Pharmaceu...
Group-A, Day 1: CLINICAL TRIAL, Rising Regulations & Complexities, Pharmaceu... Group-A, Day 1: CLINICAL TRIAL, Rising Regulations & Complexities, Pharmaceu...
Group-A, Day 1: CLINICAL TRIAL, Rising Regulations & Complexities, Pharmaceu...Obaid Ali / Roohi B. Obaid
 
Technical Due Diligence
Technical Due DiligenceTechnical Due Diligence
Technical Due Diligenceargentieri
 
Root Cause Analysis
Root Cause AnalysisRoot Cause Analysis
Root Cause Analysisgatelyw396
 
Assignment 1 Discussion QuestionsCase Study Inside Intel. For y.docx
Assignment 1 Discussion QuestionsCase Study Inside Intel. For y.docxAssignment 1 Discussion QuestionsCase Study Inside Intel. For y.docx
Assignment 1 Discussion QuestionsCase Study Inside Intel. For y.docxcarlibradley31429
 
Seven Steps to Ethical Decision Making– Step 1 Define the p.docx
Seven Steps to Ethical Decision Making– Step 1 Define the p.docxSeven Steps to Ethical Decision Making– Step 1 Define the p.docx
Seven Steps to Ethical Decision Making– Step 1 Define the p.docxedgar6wallace88877
 
Perception and decision making
Perception and decision makingPerception and decision making
Perception and decision makingDr.P. KARTHIKEYAN
 
Course Textbook Noe, R. A., Hollenbeck, J. R., Gerhart, B., & Wr.docx
Course Textbook Noe, R. A., Hollenbeck, J. R., Gerhart, B., & Wr.docxCourse Textbook Noe, R. A., Hollenbeck, J. R., Gerhart, B., & Wr.docx
Course Textbook Noe, R. A., Hollenbeck, J. R., Gerhart, B., & Wr.docxfaithxdunce63732
 
About internal Audit for news letter.doc
About internal Audit for news letter.docAbout internal Audit for news letter.doc
About internal Audit for news letter.docNeerajOjha17
 
Employee Testing and Selection ( chapter 6 )
Employee Testing and Selection ( chapter 6 )Employee Testing and Selection ( chapter 6 )
Employee Testing and Selection ( chapter 6 )Qamar Farooq
 
HRM Dessler CH# 06
HRM Dessler CH# 06HRM Dessler CH# 06
HRM Dessler CH# 06Usman Rashid
 
Regulated Software Testing - Griffin Jones - TISQA 2014
Regulated Software Testing - Griffin Jones - TISQA 2014Regulated Software Testing - Griffin Jones - TISQA 2014
Regulated Software Testing - Griffin Jones - TISQA 2014Griffin Jones
 
2013 STARWest Lightening Keynote - gjones - wrest - poster -pdf
2013 STARWest Lightening Keynote - gjones - wrest - poster -pdf2013 STARWest Lightening Keynote - gjones - wrest - poster -pdf
2013 STARWest Lightening Keynote - gjones - wrest - poster -pdfGriffin Jones
 

More Related Content

Similar to Exploratory Testing Audit Survival

Next Generation Compliance: Using Analytics to Reduce Compliance Risk
Next Generation Compliance: Using Analytics to Reduce Compliance RiskNext Generation Compliance: Using Analytics to Reduce Compliance Risk
Next Generation Compliance: Using Analytics to Reduce Compliance Riskqordata
 
Reliability And Validity
Reliability And ValidityReliability And Validity
Reliability And ValidityJames Penny
 
Internal Investigations Workshop for HR Practitioners
Internal Investigations Workshop for HR PractitionersInternal Investigations Workshop for HR Practitioners
Internal Investigations Workshop for HR PractitionersPaul Falcone
 
2009 Plant Ferti Grow Fresnochilddev Pres
2009 Plant Ferti Grow Fresnochilddev Pres2009 Plant Ferti Grow Fresnochilddev Pres
2009 Plant Ferti Grow Fresnochilddev PresIda Jones
 
What’s in a Name of an Ethics CodeRead Consider What’s in a N.docx
What’s in a Name of an Ethics CodeRead Consider What’s in a N.docxWhat’s in a Name of an Ethics CodeRead Consider What’s in a N.docx
What’s in a Name of an Ethics CodeRead Consider What’s in a N.docxsusanschei
 
Evidence-Based Management, Teaching Managers to Make Better Decisions
Evidence-Based Management, Teaching Managers to Make Better DecisionsEvidence-Based Management, Teaching Managers to Make Better Decisions
Evidence-Based Management, Teaching Managers to Make Better DecisionsCenter for Evidence-Based Management
 
Heuristics for Becoming a Learning Organisation
Heuristics for Becoming a Learning OrganisationHeuristics for Becoming a Learning Organisation
Heuristics for Becoming a Learning OrganisationKarl Scotland
 
From collective insanity to organisational learning 2019 03 11 brisbane bus...
From collective insanity to organisational learning 2019 03 11 brisbane bus...From collective insanity to organisational learning 2019 03 11 brisbane bus...
From collective insanity to organisational learning 2019 03 11 brisbane bus...Jorn Bettin
 
Rapid software testing
Rapid software testingRapid software testing
Rapid software testingSachin MK
 
From collective insanity to organisational learning
From collective insanity to organisational learningFrom collective insanity to organisational learning
From collective insanity to organisational learningJorn Bettin
 
Group-A, Day 1: CLINICAL TRIAL, Rising Regulations & Complexities, Pharmaceu...
Group-A, Day 1: CLINICAL TRIAL, Rising Regulations & Complexities, Pharmaceu... Group-A, Day 1: CLINICAL TRIAL, Rising Regulations & Complexities, Pharmaceu...
Group-A, Day 1: CLINICAL TRIAL, Rising Regulations & Complexities, Pharmaceu...Obaid Ali / Roohi B. Obaid
 
Technical Due Diligence
Technical Due DiligenceTechnical Due Diligence
Technical Due Diligenceargentieri
 
Root Cause Analysis
Root Cause AnalysisRoot Cause Analysis
Root Cause Analysisgatelyw396
 
Assignment 1 Discussion QuestionsCase Study Inside Intel. For y.docx
Assignment 1 Discussion QuestionsCase Study Inside Intel. For y.docxAssignment 1 Discussion QuestionsCase Study Inside Intel. For y.docx
Assignment 1 Discussion QuestionsCase Study Inside Intel. For y.docxcarlibradley31429
 
Seven Steps to Ethical Decision Making– Step 1 Define the p.docx
Seven Steps to Ethical Decision Making– Step 1 Define the p.docxSeven Steps to Ethical Decision Making– Step 1 Define the p.docx
Seven Steps to Ethical Decision Making– Step 1 Define the p.docxedgar6wallace88877
 
Perception and decision making
Perception and decision makingPerception and decision making
Perception and decision makingDr.P. KARTHIKEYAN
 
Course Textbook Noe, R. A., Hollenbeck, J. R., Gerhart, B., & Wr.docx
Course Textbook Noe, R. A., Hollenbeck, J. R., Gerhart, B., & Wr.docxCourse Textbook Noe, R. A., Hollenbeck, J. R., Gerhart, B., & Wr.docx
Course Textbook Noe, R. A., Hollenbeck, J. R., Gerhart, B., & Wr.docxfaithxdunce63732
 
About internal Audit for news letter.doc
About internal Audit for news letter.docAbout internal Audit for news letter.doc
About internal Audit for news letter.docNeerajOjha17
 
Employee Testing and Selection ( chapter 6 )
Employee Testing and Selection ( chapter 6 )Employee Testing and Selection ( chapter 6 )
Employee Testing and Selection ( chapter 6 )Qamar Farooq
 
HRM Dessler CH# 06
HRM Dessler CH# 06HRM Dessler CH# 06
HRM Dessler CH# 06Usman Rashid
 

Similar to Exploratory Testing Audit Survival (20)

Next Generation Compliance: Using Analytics to Reduce Compliance Risk
Next Generation Compliance: Using Analytics to Reduce Compliance RiskNext Generation Compliance: Using Analytics to Reduce Compliance Risk
Next Generation Compliance: Using Analytics to Reduce Compliance Risk
 
Reliability And Validity
Reliability And ValidityReliability And Validity
Reliability And Validity
 
Internal Investigations Workshop for HR Practitioners
Internal Investigations Workshop for HR PractitionersInternal Investigations Workshop for HR Practitioners
Internal Investigations Workshop for HR Practitioners
 
2009 Plant Ferti Grow Fresnochilddev Pres
2009 Plant Ferti Grow Fresnochilddev Pres2009 Plant Ferti Grow Fresnochilddev Pres
2009 Plant Ferti Grow Fresnochilddev Pres
 
What’s in a Name of an Ethics CodeRead Consider What’s in a N.docx
What’s in a Name of an Ethics CodeRead Consider What’s in a N.docxWhat’s in a Name of an Ethics CodeRead Consider What’s in a N.docx
What’s in a Name of an Ethics CodeRead Consider What’s in a N.docx
 
Evidence-Based Management, Teaching Managers to Make Better Decisions
Evidence-Based Management, Teaching Managers to Make Better DecisionsEvidence-Based Management, Teaching Managers to Make Better Decisions
Evidence-Based Management, Teaching Managers to Make Better Decisions
 
Heuristics for Becoming a Learning Organisation
Heuristics for Becoming a Learning OrganisationHeuristics for Becoming a Learning Organisation
Heuristics for Becoming a Learning Organisation
 
From collective insanity to organisational learning 2019 03 11 brisbane bus...
From collective insanity to organisational learning 2019 03 11 brisbane bus...From collective insanity to organisational learning 2019 03 11 brisbane bus...
From collective insanity to organisational learning 2019 03 11 brisbane bus...
 
Rapid software testing
Rapid software testingRapid software testing
Rapid software testing
 
From collective insanity to organisational learning
From collective insanity to organisational learningFrom collective insanity to organisational learning
From collective insanity to organisational learning
 
Group-A, Day 1: CLINICAL TRIAL, Rising Regulations & Complexities, Pharmaceu...
Group-A, Day 1: CLINICAL TRIAL, Rising Regulations & Complexities, Pharmaceu... Group-A, Day 1: CLINICAL TRIAL, Rising Regulations & Complexities, Pharmaceu...
Group-A, Day 1: CLINICAL TRIAL, Rising Regulations & Complexities, Pharmaceu...
 
Technical Due Diligence
Technical Due DiligenceTechnical Due Diligence
Technical Due Diligence
 
Root Cause Analysis
Root Cause AnalysisRoot Cause Analysis
Root Cause Analysis
 
Assignment 1 Discussion QuestionsCase Study Inside Intel. For y.docx
Assignment 1 Discussion QuestionsCase Study Inside Intel. For y.docxAssignment 1 Discussion QuestionsCase Study Inside Intel. For y.docx
Assignment 1 Discussion QuestionsCase Study Inside Intel. For y.docx
 
Seven Steps to Ethical Decision Making– Step 1 Define the p.docx
Seven Steps to Ethical Decision Making– Step 1 Define the p.docxSeven Steps to Ethical Decision Making– Step 1 Define the p.docx
Seven Steps to Ethical Decision Making– Step 1 Define the p.docx
 
Perception and decision making
Perception and decision makingPerception and decision making
Perception and decision making
 
Course Textbook Noe, R. A., Hollenbeck, J. R., Gerhart, B., & Wr.docx
Course Textbook Noe, R. A., Hollenbeck, J. R., Gerhart, B., & Wr.docxCourse Textbook Noe, R. A., Hollenbeck, J. R., Gerhart, B., & Wr.docx
Course Textbook Noe, R. A., Hollenbeck, J. R., Gerhart, B., & Wr.docx
 
About internal Audit for news letter.doc
About internal Audit for news letter.docAbout internal Audit for news letter.doc
About internal Audit for news letter.doc
 
Employee Testing and Selection ( chapter 6 )
Employee Testing and Selection ( chapter 6 )Employee Testing and Selection ( chapter 6 )
Employee Testing and Selection ( chapter 6 )
 
HRM Dessler CH# 06
HRM Dessler CH# 06HRM Dessler CH# 06
HRM Dessler CH# 06
 

More from Griffin Jones

Regulated Software Testing - Griffin Jones - TISQA 2014
Regulated Software Testing - Griffin Jones - TISQA 2014Regulated Software Testing - Griffin Jones - TISQA 2014
Regulated Software Testing - Griffin Jones - TISQA 2014Griffin Jones
 
2013 STARWest Lightening Keynote - gjones - wrest - poster -pdf
2013 STARWest Lightening Keynote - gjones - wrest - poster -pdf2013 STARWest Lightening Keynote - gjones - wrest - poster -pdf
2013 STARWest Lightening Keynote - gjones - wrest - poster -pdfGriffin Jones
 
WREST - Workshop on REgulated Software Testing
WREST - Workshop on REgulated Software TestingWREST - Workshop on REgulated Software Testing
WREST - Workshop on REgulated Software TestingGriffin Jones
 
Collaboration Without Chaos - STP Spring 2013
Collaboration Without Chaos - STP Spring 2013Collaboration Without Chaos - STP Spring 2013
Collaboration Without Chaos - STP Spring 2013Griffin Jones
 
Presenting Test Results w/ Clarity and Confidence - STAR East 2013
Presenting Test Results w/ Clarity and Confidence - STAR East 2013Presenting Test Results w/ Clarity and Confidence - STAR East 2013
Presenting Test Results w/ Clarity and Confidence - STAR East 2013Griffin Jones
 
What is good evidence - Let's Test 2013
What is good evidence - Let's Test 2013What is good evidence - Let's Test 2013
What is good evidence - Let's Test 2013Griffin Jones
 

More from Griffin Jones (6)

Regulated Software Testing - Griffin Jones - TISQA 2014
Regulated Software Testing - Griffin Jones - TISQA 2014Regulated Software Testing - Griffin Jones - TISQA 2014
Regulated Software Testing - Griffin Jones - TISQA 2014
 
2013 STARWest Lightening Keynote - gjones - wrest - poster -pdf
2013 STARWest Lightening Keynote - gjones - wrest - poster -pdf2013 STARWest Lightening Keynote - gjones - wrest - poster -pdf
2013 STARWest Lightening Keynote - gjones - wrest - poster -pdf
 
WREST - Workshop on REgulated Software Testing
WREST - Workshop on REgulated Software TestingWREST - Workshop on REgulated Software Testing
WREST - Workshop on REgulated Software Testing
 
Collaboration Without Chaos - STP Spring 2013
Collaboration Without Chaos - STP Spring 2013Collaboration Without Chaos - STP Spring 2013
Collaboration Without Chaos - STP Spring 2013
 
Presenting Test Results w/ Clarity and Confidence - STAR East 2013
Presenting Test Results w/ Clarity and Confidence - STAR East 2013Presenting Test Results w/ Clarity and Confidence - STAR East 2013
Presenting Test Results w/ Clarity and Confidence - STAR East 2013
 
What is good evidence - Let's Test 2013
What is good evidence - Let's Test 2013What is good evidence - Let's Test 2013
What is good evidence - Let's Test 2013
 

Recently uploaded

HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 

Recently uploaded (20)

HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 

Exploratory Testing Audit Survival

  • 1. The audit survival heuristics of an FDA regulated exploratory testing team CAST August 8th, 2011 1Griffin Jones – Congruent Compliance LLC © 2011
  • 2. Preliminaries  Who is in the room?  My goal:  Stimulate your interest to study the subject more  Leave with a heuristic to help you organize and present with confidence your ET results to regulatory auditors  Have a conversation and try to meet your needs  Quick Preview  The context  The heuristic and how to apply it  Some of the traps about ET in a regulated industry CAST August 8th, 2011 2Griffin Jones – Congruent Compliance LLC © 2011
  • 3. Assumptions and Terms  This is a living presentation  Based on my experiences of auditing and being audited  More reference information here than I will present  Follow the for the key points  Much of this can be adapted to other contexts  i.e., not “FDA regulated, Exploratory Testing”  “Schools of Testing” by Bret Pettichord  Analytic , Standard, Quality, Context-Driven, Agile  Exploratory Testing:  Simultaneous learning, test design and test execution CAST August 8th, 2011 3Griffin Jones – Congruent Compliance LLC © 2011
  • 4. Terms  Congruence  Being balanced between inner feelings & outer actions  Smells  Symptom that possibly indicates a deeper problem  5 Whys  Questions-asking method to investigate root causes  “Mary had a little lamb” heuristic  Emphasize each of the individual words in a statement  Checking: confirming existing beliefs; versus:  Testing - finding new information (Michael Bolton) CAST August 8th, 2011 4Griffin Jones – Congruent Compliance LLC © 2011
  • 5. The Problem  Let’s assume that you are FDA regulated and trying to do compliant context driven, Exploratory Testing  You likely have these concerns about passing an audit:  Evidence is not sufficient  Documentation is not sufficient  Process control is not sufficient  Can’t clearly explain what you do and why  Auditors value different things than you, and speak a different language CAST August 8th, 2011 5Griffin Jones – Congruent Compliance LLC © 2011
  • 6. Fast Takeaway  The regulator is not your business partner  The regulator has police powers  “Let the Wookie win”  Auditors are likely of the “Quality” (gatekeepers) or “Routine” (traceability matrix) testing school model  You are Context Driven testing school. Deal with it.  Auditors think “testing” is “demonstration and checking”  Don’t try and convert them. Deal with it. CAST August 8th, 2011 6Griffin Jones – Congruent Compliance LLC © 2011
  • 7. Spoiler  The regulations are not the problem  How you are coping with the regulations is the problem  Give the Auditors what they want:  Clear traceable requirements and description of risks  Description and demonstration of control  Clear objective evidence  The ability to understand their concerns, speak their language, and explain how you are compliant  Abundant, quality evidence mitigates your other problems CAST August 8th, 2011 7Griffin Jones – Congruent Compliance LLC © 2011
  • 8. Not going to talk about…  The Fear, Uncertainly, and Doubt swirling in the field  Vendor/Experts: “You should be scared, but I have…”  Silver Bullets and Big Magic  “… so trust me and just buy my wares. By the way, ..”  Persistent Myths  “… IMO the regulators “frown on” ET (… I don’t sell it).”  The “Typical” Regulatory Affairs Presentation CAST August 8th, 2011 8Griffin Jones – Congruent Compliance LLC © 2011
  • 9. Regulatory Overview  Regulations  For the public good - because people died  Regulators  FDA regulates >25% of the Gross Domestic Product  Regulatory Auditors  Police Powers  Industry Auditors  Assessors and valued advisors to management  Audits CAST August 8th, 2011 9 Details Griffin Jones – Congruent Compliance LLC © 2011
  • 10. Audit Survival Heuristics  CHCMWCE “Chocolate Mousse”  Congruent  Honest  Competent  Model (Appropriate)  Willing  Control  Evidence CAST August 8th, 2011 15 Model Competent Honest Evidence Control Willing Congruent Griffin Jones – Congruent Compliance LLC © 2011
  • 11. Let’s take a journey … CAST August 8th, 2011 16  Practice  Congruent  Theory  Less Stressful Audits Griffin Jones – Congruent Compliance LLC © 2011
  • 12. The Congruence Triad  Congruence is when you are balanced between inner feelings and outer actions  The Congruence Triad  Self, Other, Context  Being congruent is a process  A way of communicating with yourself and others  Incongruence is when part of the triad is missing  Placating, Blaming, Super-rational, or Irrelevant?  What is missing and fill it in:  Self, Others, Context CAST August 8th, 2011 17 Other Context Self Details Griffin Jones – Congruent Compliance LLC © 2011
  • 13. The Theory Mountains …  Dishonest  Incompetent  Inadequate CAST August 8th, 2011 21  Honest  Competent  Appropriate Model  Self-Incriminating  Experts and Heroes  Over-Constrained Griffin Jones – Congruent Compliance LLC © 2011
  • 14. Honest  Integrity, Truthful, Trust, Sincerity in:  You and your organization  Words, actions, and documents  Smells  Dishonest  Self-incrimination  Don’t create even the appearance of a problem  Tests  How do you and the organization react to criticism?  Are you a learning organization? (5 Why) CAST August 8th, 2011 22Griffin Jones – Congruent Compliance LLC © 2011
  • 15. Competent  Are you and your organization:  Capable, credible, understands context, speaks the language; trained in the industry, technology, and regulatory obligations  Smells  Incompetent  Experts and heroes  Tests  Do you believe you are capable of doing good work? (5 Why) CAST August 8th, 2011 23Griffin Jones – Congruent Compliance LLC © 2011
  • 16. Appropriate Model  Is the process model:  Complete, reasonable, practical, logical, explainable  Smells  Inadequate model  Over-constrained model  Test:  What problem is this model solving? How will it Fail?  What is required in this model? Missing?  Do you believe this model is sufficient? (5 Why) CAST August 8th, 2011 24Griffin Jones – Congruent Compliance LLC © 2011
  • 17. The Practice Mountains …  Unwilling  Out-of-Control  No Evidence CAST August 8th, 2011 25  Excessive or Wasteful  Micro-Management  Obsessive-Compulsive  Willing  Under Control  Evidence Griffin Jones – Congruent Compliance LLC © 2011
  • 18. Willing  Motivated, focused, prioritized, committed, resourced, staffed, supported, given attention, nurtured  Smells  Unwilling  Excessive or Wasteful  Test  Do people care? (5 Why)  Is there sufficient resources for the work and expectations? (5 Why) CAST August 8th, 2011 26Griffin Jones – Congruent Compliance LLC © 2011
  • 19. Under Control  Explain what you are doing and why. Are you living it?  Coherently explain your:  configuration control and authorization  traceability and accountable  organization, preparation, planning, independent review, prevention, correction, checking and testing  Smells  Out-of control  Micro-managed  Tests  Is the type and level of controls appropriate? (5 Why) CAST August 8th, 2011 27Griffin Jones – Congruent Compliance LLC © 2011
  • 20. Evidence  Auditable evidence:  Clear, objective, retrieval, human readable, attributable, contemporary evidence that a third party can review or reconstruct (with minimal outside help); and quickly reach the same results and conclusions.  Smells  No-evidence  Obsessive-compulsive evidence  Tests  Explain why the specific evidence meets the criteria. (5 Why) CAST August 8th, 2011 28Griffin Jones – Congruent Compliance LLC © 2011
  • 21. How do you apply this?  Application is as simple as: CAST August 8th, 2011 29 Remembering to ask the questions. Follow the energy of the answers. Fix the base, first. Griffin Jones – Congruent Compliance LLC © 2011
  • 22. During an Audit  Choosing a regulatory posture  Manageable issues (within reason)  Evidence  Controls  Willingness (resources and priority)  Unmanageable issues  Broken process model  Lack of competence  Broken trust  Incongruence CAST August 8th, 2011 30Griffin Jones – Congruent Compliance LLC © 2011
  • 23. More Fast Takeaways  The FDA is open to agile processes and realizes that the current approach to software validation is not working  At the same time, companies are more concerned about:  the business risk that the FDA would not accept the agile process,  than the product or project risk that is associated with waterfall type development  Find the middle option for your context CAST August 8th, 2011 31Griffin Jones – Congruent Compliance LLC © 2011
  • 24. Natural Evidence  Periodically , take the observer point-of-view and ask:  Is what I see and hear, about the theory and practice of what we do:  acceptable from both a product qualification and regulatory compliance point of view?  If yes, what is the most natural, efficient, and strongest evidence we could collect?  Why not a video/audio recordings w/ paper summary?  Is it being collected? If no, why not? (5 Why)  organizational problem? CAST August 8th, 2011 32Griffin Jones – Congruent Compliance LLC © 2011
  • 25. Organizational Smells Going Tilt Traps CAST August 8th, 2011 33Griffin Jones – Congruent Compliance LLC © 2011
  • 26. Smells that lead to …  Paint the Village  Visitors are coming. How shall we work today?  The “Best Practice” Cargo Cult  We don’t really understand the details of what we do, why we do it, or how what we do works. But have faith.  Testing Death Spiral  Regulator does not care about testing and management might only care about regulatory compliance. Spiral.  The Titanic  The gigantic engineered process is perfect – people are the source of problems, not solutions CAST August 8th, 2011 34Griffin Jones – Congruent Compliance LLC © 2011
  • 27. Organizational Disasters  Pathetic Compliance  Following a regulatory compliant procedure in a way that does not solve the testing problem for which it was designed.  Utopian Shelf-ware Procedures  No one reads them. They are not reality.  Close Enough  I don’t have to do it exactly. I know better. No one will notice or care.  Read My Mind  Because that is the only place where the evidence is. CAST August 8th, 2011 35Griffin Jones – Congruent Compliance LLC © 2011
  • 28. Is the Auditor on Tilt? CAST August 8th, 2011 36  Maybe it is something we said or did, or are doing?  History  That you are unaware of, and it might be complicated  Notches on the gun  May be making a name for themselves  Making an example of you  May be constructing an example to deter others Griffin Jones – Congruent Compliance LLC © 2011
  • 29. Classic ET Traps  Implementation details identified as requirements  Tighten and simplify your requirements  Documentation lacks detail to support traceability  Require less mind reading.  Control is vague or assumed  Summarize and document what control is for you CAST August 8th, 2011 37Griffin Jones – Congruent Compliance LLC © 2011
  • 30. The BIG Trap  Weak Evidence  “Clear, objective, retrieval, human readable, attributable, contemporary evidence that a third party can review or reconstruct (with minimal outside help); and quickly reach the same results and conclusions.”  Check it via “Mary had a little lamb”  Collect it naturally  Weak evidence is likely a symptom of other deeper issues  Abundant, quality evidence mitigates your other problems CAST August 8th, 2011 38Griffin Jones – Congruent Compliance LLC © 2011
  • 31. Audits can be Useful  Candor can result in free consulting and insight  Should you take the risk?  Provides motivation – management cares  Provides actionable data  The jiggle that is needed by the organization  A counter-measure to low expectations & poor practices CAST August 8th, 2011 39 If you can’t be a good example, you are going to be a stern warning. Griffin Jones – Congruent Compliance LLC © 2011
  • 32. Recap of the Spoiler  The regulations are not the problem.  How you are coping with the regulations is the problem.  Give the Auditors what they want:  Clear traceable requirements and description of risks  Description and demonstration of control  Clear objective evidence  The ability to understand their concerns, speak their language, and explain how you are compliant  Abundant and quality evidence mitigates your other problems. CAST August 8th, 2011 40Griffin Jones – Congruent Compliance LLC © 2011
  • 33. The Big Take Away  Understand your regulatory context  Work on your congruence  Work each level of the model, ask the questions  Document how you are under control  Improve your evidence, collect it naturally  Avoid the smells, disasters, and traps  Summarize your regulatory story, practice explaining it  Apply what you learn during the audit CAST August 8th, 2011 41 1 2 3 Griffin Jones – Congruent Compliance LLC © 2011
  • 34. Questions? CAST August 8th, 2011 42 Model Competent Honest Evidence Control Willing Congruent Griffin Jones – Congruent Compliance LLC © 2011
  • 35. Further Study - A  FDA presentations and resources:  Webinar with FDA's John Murray on Software Validation in the Field of Medical Devices  Presentation: Preparing for an FDA Medical Device Sponsor Inspection  Quality System Inspection Technique – Inspection Guide  General Principles of Software Validation; Final Guidance for Industry and FDA Staff CAST August 8th, 2011 43Griffin Jones – Congruent Compliance LLC © 2011
  • 36. Further Study - B  Regulatory Compliance  “The Art of Compliance: Turning Compliance into Sustainable Business Advantage” by Robert Rhoades of Quintiles  FDA inspections:  “How to Host an FDA Inspection” by SGS – Life Science Services  “Preparation for FDA Inspection” by NEMA/ADVAMED/PHILIPS  “FDA Sponsor Inspections: How to Prepare and Survive” by Medtronic, Inc CAST August 8th, 2011 44Griffin Jones – Congruent Compliance LLC © 2011
  • 37. Further Study - C  Audits  “The ASQ Auditing Handbook” by J. P. Russell  Congruence  “Beyond Blaming” by Jean McLendon and Gerald M. Weinberg  “The Satir Model: Family Therapy and Beyond” by Virginia M. Satir  “More Secrets of Consulting: The Consultant's Tool Kit” by Gerald M. Weinberg CAST August 8th, 2011 45Griffin Jones – Congruent Compliance LLC © 2011
  • 38. Further Study - D  Agile and the FDA  Business Risk (from the FDA) versus Product Risk  http://blogs.construx.com/forums/t/432.aspx  “What is Exploratory Testing? And How it Differs from Scripted Testing” by James Bach  “Coping With Complexity: Lessons From a Medical Device Project” by Yaron Kottler  Testers and Auditors  “Testers are like auditors” by James Christie  Evidence  “21 CFR Part 11 Electronic Records …” by the FDA CAST August 8th, 2011 46Griffin Jones – Congruent Compliance LLC © 2011
  • 39. Griffin Jones Congruent Compliance Griffin.Jones@CongruentCompliance.com Thank You! CAST August 8th, 2011 47Griffin Jones – Congruent Compliance LLC © 2011