IT Software Risk: Don't Hesitate - Automate

Consortium for Information & Software Quality (CISQ)
Consortium for Information & Software Quality (CISQ)Consortium for Information & Software Quality (CISQ)
IT Software Risk:
Don’t Hesitate -
Automate
Dave Norton
Executive Director
Consortium for IT Software Quality
david.norton@it-cisq.org
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 2
Two Basic Truths
Things are more complex and the pace of change is relentless
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 3
Agenda
• What are the drivers for automation
• How do we introduce more automation
• What role do standards play
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 4
Agenda
• What are the drivers for automation
• How do we introduce more automation
• What role do standards play
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 5
Complex Technology Stack
Multi-language,multi-layerArchitecture
EJB
PL/SQL
Oracle
SQL
Server
DB2
T/SQL
Hibernate
Spring
Struts
.NET
COBOL
IMS
Messaging
Sybase
• Code style & layout
• Expression complexity
• Code documentation
• Class or program design
• Basic coding standards
• Developer level
Unit Level1
Technology Stack
Java
Java
Java
Web
Services • Single language/technology layer
• Intra-technology architecture
• Intra-layer dependencies
• Inter-program invocation
• Security vulnerabilities
• Development team level
Technology Level2
 Integration quality
 Architectural compliance
 Risk propagation
 Application security
 Resiliency checks
 Transaction integrity
 Function point,
 Effort estimation
 Data access control
 SDK versioning
 Calibration across
technologies
 IT organization level
System Level3
JSP ASP.NETAPIs
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 6
Drive for Velocity
Everyone wants faster time to market,
but few want to hear about the risks
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 7
Complex Toolchains
•Production metrics, objects and feedback
•Requirements
•Business metrics
•Update release metrics
•Release plan, timing and business case
•Security policy and requirement
•Design of the software and
configuration
•Coding including code quality
and performance
•Software build and build
performance
•Release candidate
•Acceptance testing
•Regression testing
•Security and vulnerability analysis
•Performance
•Configuration testing
•Approval/preapprovals
•Package configuration
•Triggered releases
•Release staging and holding
•Infrastructure storage,
database and network
provisioning and
configuring
•Application provision and
configuration.
•Performance of IT infrastructure
•End-user response and experience
•Production metrics and statistics
•Application monitoring
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 8
Increasing Technical Debt
Software Quality Iceberg (Code Complete, Steve McConnell)
Code complexity
Maintainability
Internal Coupling
Functional Size
Redundant code
Testability
External Coupling
Operating Cost
Maintenance Cost
Reliability
Performance
Business Value
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 9
Questions on Productivity
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 10
Desire for Autonomy
Autonomy at Spotify —  by Henrik Kniberg
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 11
Greater Reliance on Suppliers
Hope is not
a strategy
Quality
Productivity
Security
Cost
© 2018 Consortium for IT Software Quality (CISQ) www.it-cisq.org
12
The Nine-Digit Glitch
Board of Directors
CEO, COO, CFO
Business VPs
Corporate Auditors
CIO
Now affect Accountable for
Governance
Risk management
Business Continuity
Brand protection
Customer experience
Nine Digit Defects
© 2018 Consortium for IT Software Quality (CISQ) www.it-cisq.org
13
Lets Learn From The Past
As industry's mature they automate, from robots to
fly-by-wire
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 14
Agenda
• What are the drivers for automation
• How do we introduce more automation
• What role do standards play
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 15
Focus on Culture and Behavior
• Don’t expect everyone to
like automation, some
people just like doing it
the hard way
• Incentivize the behavior
you want for the individual
and team.
• Have agreed metrics and
KPI linked to automation.
• Show results
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 16
Develop The Correct Skills
Process Design
Scripting
Toolchain
Integration
Standards
Definition
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 17
Obtain Commitment From The Team
Produc
t
Backlo
g
Risk
Backlo
g
[Requirements, Policy's, Definition of Done]
Compliance
Officer
Team
Product
Owner
Product
Manager
GRC
Stores/Themes
Compliance Strategy [Working
software, documentation]
Risk Log / Board
Escalations
GRC Questions
Information “Radiator”
Standards, Good Practice, Regulations
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 18
Certify The Environment, Don’t Assume
Produc
t
Backlo
g
Risk
Backlo
g
[Requirements, Policy's, Definition of Done]
Compliance
Officer
Team
Product
Owner
Product
Manager
GRC
Stores/Themes
Compliance Strategy [Working
software, documentation]
Risk Log / Board
Escalations
GRC Questions
Information “Radiator”
Standards, Good Practice, Regulations
Automated
Environment
Certified
Tool
Team
Align
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 19
Gamify - Link Automation to Autonomy
Autonomy
Time of
Deployments
Intra-day
allowed
After hours and
on weekends
Frequency of
Deployments
No limits on
changes per
today
Few changes
per week
Change
Advisory
Board
CAB for
information
purposes only
CAB for all
changes
Freeze
Periods
Only exceptional
change freeze
periods apply
All freeze
periods apply
Continuous
Integration
Environments
Quality
Assurance
Incident
Management
Release
Management
Coding
Practices
Team
A
Team
C
Team
D
Level of Automation
Team
B
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 20
Stay in Control With Agile Governance
• Communities of
Practice
• Toolchain
Consistency
• Tools Register
• Automation Best
Practice
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 21
Link Automation to KPI, and Set Targets
• Feature throughput
• Lead-time/Cycle-time
• IT Downtime
• Business Downtime
• Percentage of task
automated
• Refactoring rate and cost
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 22
Embed Automation With Suppliers
CISQ has been referenced by the U.S. General
Services Administration (GSA), formally citing
CISQ requirements in a Information Technology
(IT) statement of work from the Office of the CIO
for the Office of Public Buildings. GSA is an
independent agency of the U.S. government that
supports general services of Federal agencies.
See page 21, section 5.9 in GSA’s document,
Schedule 70 Blank Purchase Agreement for IT
and Development Services…
“PB-ITS (Project Based IT Services) is seeking to
establish code quality standards for its existing
code base, as well as new development tasks. As
an emerging standard, PB-ITS references the
Consortium for IT Software Quality (CISQ) for
guidance on how to measure, evaluate and
improve software.”
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 23
Focus on Outcomes
Business
Outcomes
Higher
Productivity
Grater
Agility
Improves
Quality
Reduces
Risk
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 24
Agenda
• What are the drivers for automation
• How do we introduce more automation
• What role do standards play
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 25
We Need Standards We Can Implement
We built this city, we built this city on rock an'
roll
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 26
We Need Standards We Can Implement
We built this city, we built this city on rock an'
roll
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 27
ISO 25010 Software Quality Model
1.Functional Suitability
2.Performance Efficiency
3.Compatibility
4.Usability
5.Reliability
6.Security
7.Maintainability
8.Portability
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 28
Standards Are Only Effective If Implemented
We have to deal with the risk link - people.
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 29
Trustworthy Systems Manifesto
As a greater portion of mission, business, and safety critical
functionality is committed to software-intensive systems, these
systems become one of, if not the largest source of risk to
enterprises and their customers. Since corporate executives are
ultimately responsible for managing this risk, we establish the
following principles to govern system development and
deployment.
1. Engineering discipline in product and process
2. Quality assurance to risk tolerance thresholds
3. Traceable properties of system components
4. Proactive defense of the system and its data
5. Resilient and safe operations
© 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 30
CISQ Membership Is Free  www.it-cisq.org
Over 2000 individual members from
large software-intensive organizations:
1 of 30

Recommended

Agile Team Autonomy – Don’t Just Give It Away Make Teams Earn It by
Agile Team Autonomy – Don’t Just Give It Away Make Teams Earn It Agile Team Autonomy – Don’t Just Give It Away Make Teams Earn It
Agile Team Autonomy – Don’t Just Give It Away Make Teams Earn It Consortium for Information & Software Quality (CISQ)
568 views37 slides
CISQ Standards in Governing Digital Transformation and Digital Suppliers by
CISQ Standards in Governing Digital Transformation and Digital SuppliersCISQ Standards in Governing Digital Transformation and Digital Suppliers
CISQ Standards in Governing Digital Transformation and Digital SuppliersConsortium for Information & Software Quality (CISQ)
373 views34 slides
Augmented Agile: Agile Behavior Meets Digital Engineering by
Augmented Agile: Agile Behavior Meets Digital EngineeringAugmented Agile: Agile Behavior Meets Digital Engineering
Augmented Agile: Agile Behavior Meets Digital EngineeringConsortium for Information & Software Quality (CISQ)
438 views97 slides
ChatGPT and the Future of Work - Clark Boyd by
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
27.1K views69 slides
Getting into the tech field. what next by
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
6.4K views22 slides
Google's Just Not That Into You: Understanding Core Updates & Search Intent by
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
6.8K views99 slides

More Related Content

Recently uploaded

Top-5-production-devconMunich-2023.pptx by
Top-5-production-devconMunich-2023.pptxTop-5-production-devconMunich-2023.pptx
Top-5-production-devconMunich-2023.pptxTier1 app
9 views40 slides
Generic or specific? Making sensible software design decisions by
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsBert Jan Schrijver
7 views60 slides
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook Automation by
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook AutomationDRYiCE™ iAutomate: AI-enhanced Intelligent Runbook Automation
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook AutomationHCLSoftware
6 views8 slides
2023-November-Schneider Electric-Meetup-BCN Admin Group.pptx by
2023-November-Schneider Electric-Meetup-BCN Admin Group.pptx2023-November-Schneider Electric-Meetup-BCN Admin Group.pptx
2023-November-Schneider Electric-Meetup-BCN Admin Group.pptxanimuscrm
15 views19 slides
Top-5-production-devconMunich-2023-v2.pptx by
Top-5-production-devconMunich-2023-v2.pptxTop-5-production-devconMunich-2023-v2.pptx
Top-5-production-devconMunich-2023-v2.pptxTier1 app
6 views42 slides
Using Qt under LGPL-3.0 by
Using Qt under LGPL-3.0Using Qt under LGPL-3.0
Using Qt under LGPL-3.0Burkhard Stubert
13 views11 slides

Recently uploaded(20)

Top-5-production-devconMunich-2023.pptx by Tier1 app
Top-5-production-devconMunich-2023.pptxTop-5-production-devconMunich-2023.pptx
Top-5-production-devconMunich-2023.pptx
Tier1 app9 views
Generic or specific? Making sensible software design decisions by Bert Jan Schrijver
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook Automation by HCLSoftware
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook AutomationDRYiCE™ iAutomate: AI-enhanced Intelligent Runbook Automation
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook Automation
HCLSoftware6 views
2023-November-Schneider Electric-Meetup-BCN Admin Group.pptx by animuscrm
2023-November-Schneider Electric-Meetup-BCN Admin Group.pptx2023-November-Schneider Electric-Meetup-BCN Admin Group.pptx
2023-November-Schneider Electric-Meetup-BCN Admin Group.pptx
animuscrm15 views
Top-5-production-devconMunich-2023-v2.pptx by Tier1 app
Top-5-production-devconMunich-2023-v2.pptxTop-5-production-devconMunich-2023-v2.pptx
Top-5-production-devconMunich-2023-v2.pptx
Tier1 app6 views
Airline Booking Software by SharmiMehta
Airline Booking SoftwareAirline Booking Software
Airline Booking Software
SharmiMehta9 views
Navigating container technology for enhanced security by Niklas Saari by Metosin Oy
Navigating container technology for enhanced security by Niklas SaariNavigating container technology for enhanced security by Niklas Saari
Navigating container technology for enhanced security by Niklas Saari
Metosin Oy14 views
Introduction to Git Source Control by John Valentino
Introduction to Git Source ControlIntroduction to Git Source Control
Introduction to Git Source Control
John Valentino7 views
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated... by TomHalpin9
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...
TomHalpin96 views
Sprint 226 by ManageIQ
Sprint 226Sprint 226
Sprint 226
ManageIQ11 views
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with... by sparkfabrik
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...
sparkfabrik8 views
tecnologia18.docx by nosi6702
tecnologia18.docxtecnologia18.docx
tecnologia18.docx
nosi67025 views
FOSSLight Community Day 2023-11-30 by Shane Coughlan
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
Shane Coughlan6 views
JioEngage_Presentation.pptx by admin125455
JioEngage_Presentation.pptxJioEngage_Presentation.pptx
JioEngage_Presentation.pptx
admin1254558 views
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium... by Lisi Hocke
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...
Lisi Hocke35 views

Featured

Time Management & Productivity - Best Practices by
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best PracticesVit Horky
169.8K views42 slides
The six step guide to practical project management by
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
36.7K views27 slides
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright... by
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
12.7K views21 slides
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present... by
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
55.5K views138 slides
12 Ways to Increase Your Influence at Work by
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
401.7K views64 slides
ChatGPT webinar slides by
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slidesAlireza Esmikhani
30.4K views36 slides

Featured(20)

Time Management & Productivity - Best Practices by Vit Horky
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best Practices
Vit Horky169.8K views
The six step guide to practical project management by MindGenius
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
MindGenius36.7K views
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright... by RachelPearson36
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
RachelPearson3612.7K views
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present... by Applitools
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools55.5K views
12 Ways to Increase Your Influence at Work by GetSmarter
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
GetSmarter401.7K views
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G... by DevGAMM Conference
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
DevGAMM Conference3.6K views
Barbie - Brand Strategy Presentation by Erica Santiago
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
Erica Santiago25.1K views
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well by Saba Software
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Saba Software25.3K views
Introduction to C Programming Language by Simplilearn
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
Simplilearn8.4K views
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr... by Palo Alto Software
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
Palo Alto Software88.4K views
9 Tips for a Work-free Vacation by Weekdone.com
9 Tips for a Work-free Vacation9 Tips for a Work-free Vacation
9 Tips for a Work-free Vacation
Weekdone.com7.2K views
How to Map Your Future by SlideShop.com
How to Map Your FutureHow to Map Your Future
How to Map Your Future
SlideShop.com275.1K views
Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -... by AccuraCast
Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...
Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...
AccuraCast3.4K views
Exploring ChatGPT for Effective Teaching and Learning.pptx by Stan Skrabut, Ed.D.
Exploring ChatGPT for Effective Teaching and Learning.pptxExploring ChatGPT for Effective Teaching and Learning.pptx
Exploring ChatGPT for Effective Teaching and Learning.pptx
Stan Skrabut, Ed.D.57.7K views
How to train your robot (with Deep Reinforcement Learning) by Lucas García, PhD
How to train your robot (with Deep Reinforcement Learning)How to train your robot (with Deep Reinforcement Learning)
How to train your robot (with Deep Reinforcement Learning)
Lucas García, PhD42.5K views
4 Strategies to Renew Your Career Passion by Daniel Goleman
4 Strategies to Renew Your Career Passion4 Strategies to Renew Your Career Passion
4 Strategies to Renew Your Career Passion
Daniel Goleman122K views

IT Software Risk: Don't Hesitate - Automate

  • 1. IT Software Risk: Don’t Hesitate - Automate Dave Norton Executive Director Consortium for IT Software Quality david.norton@it-cisq.org
  • 2. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 2 Two Basic Truths Things are more complex and the pace of change is relentless
  • 3. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 3 Agenda • What are the drivers for automation • How do we introduce more automation • What role do standards play
  • 4. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 4 Agenda • What are the drivers for automation • How do we introduce more automation • What role do standards play
  • 5. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 5 Complex Technology Stack Multi-language,multi-layerArchitecture EJB PL/SQL Oracle SQL Server DB2 T/SQL Hibernate Spring Struts .NET COBOL IMS Messaging Sybase • Code style & layout • Expression complexity • Code documentation • Class or program design • Basic coding standards • Developer level Unit Level1 Technology Stack Java Java Java Web Services • Single language/technology layer • Intra-technology architecture • Intra-layer dependencies • Inter-program invocation • Security vulnerabilities • Development team level Technology Level2  Integration quality  Architectural compliance  Risk propagation  Application security  Resiliency checks  Transaction integrity  Function point,  Effort estimation  Data access control  SDK versioning  Calibration across technologies  IT organization level System Level3 JSP ASP.NETAPIs
  • 6. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 6 Drive for Velocity Everyone wants faster time to market, but few want to hear about the risks
  • 7. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 7 Complex Toolchains •Production metrics, objects and feedback •Requirements •Business metrics •Update release metrics •Release plan, timing and business case •Security policy and requirement •Design of the software and configuration •Coding including code quality and performance •Software build and build performance •Release candidate •Acceptance testing •Regression testing •Security and vulnerability analysis •Performance •Configuration testing •Approval/preapprovals •Package configuration •Triggered releases •Release staging and holding •Infrastructure storage, database and network provisioning and configuring •Application provision and configuration. •Performance of IT infrastructure •End-user response and experience •Production metrics and statistics •Application monitoring
  • 8. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 8 Increasing Technical Debt Software Quality Iceberg (Code Complete, Steve McConnell) Code complexity Maintainability Internal Coupling Functional Size Redundant code Testability External Coupling Operating Cost Maintenance Cost Reliability Performance Business Value
  • 9. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 9 Questions on Productivity
  • 10. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 10 Desire for Autonomy Autonomy at Spotify —  by Henrik Kniberg
  • 11. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 11 Greater Reliance on Suppliers Hope is not a strategy Quality Productivity Security Cost
  • 12. © 2018 Consortium for IT Software Quality (CISQ) www.it-cisq.org 12 The Nine-Digit Glitch Board of Directors CEO, COO, CFO Business VPs Corporate Auditors CIO Now affect Accountable for Governance Risk management Business Continuity Brand protection Customer experience Nine Digit Defects
  • 13. © 2018 Consortium for IT Software Quality (CISQ) www.it-cisq.org 13 Lets Learn From The Past As industry's mature they automate, from robots to fly-by-wire
  • 14. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 14 Agenda • What are the drivers for automation • How do we introduce more automation • What role do standards play
  • 15. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 15 Focus on Culture and Behavior • Don’t expect everyone to like automation, some people just like doing it the hard way • Incentivize the behavior you want for the individual and team. • Have agreed metrics and KPI linked to automation. • Show results
  • 16. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 16 Develop The Correct Skills Process Design Scripting Toolchain Integration Standards Definition
  • 17. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 17 Obtain Commitment From The Team Produc t Backlo g Risk Backlo g [Requirements, Policy's, Definition of Done] Compliance Officer Team Product Owner Product Manager GRC Stores/Themes Compliance Strategy [Working software, documentation] Risk Log / Board Escalations GRC Questions Information “Radiator” Standards, Good Practice, Regulations
  • 18. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 18 Certify The Environment, Don’t Assume Produc t Backlo g Risk Backlo g [Requirements, Policy's, Definition of Done] Compliance Officer Team Product Owner Product Manager GRC Stores/Themes Compliance Strategy [Working software, documentation] Risk Log / Board Escalations GRC Questions Information “Radiator” Standards, Good Practice, Regulations Automated Environment Certified Tool Team Align
  • 19. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 19 Gamify - Link Automation to Autonomy Autonomy Time of Deployments Intra-day allowed After hours and on weekends Frequency of Deployments No limits on changes per today Few changes per week Change Advisory Board CAB for information purposes only CAB for all changes Freeze Periods Only exceptional change freeze periods apply All freeze periods apply Continuous Integration Environments Quality Assurance Incident Management Release Management Coding Practices Team A Team C Team D Level of Automation Team B
  • 20. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 20 Stay in Control With Agile Governance • Communities of Practice • Toolchain Consistency • Tools Register • Automation Best Practice
  • 21. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 21 Link Automation to KPI, and Set Targets • Feature throughput • Lead-time/Cycle-time • IT Downtime • Business Downtime • Percentage of task automated • Refactoring rate and cost
  • 22. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 22 Embed Automation With Suppliers CISQ has been referenced by the U.S. General Services Administration (GSA), formally citing CISQ requirements in a Information Technology (IT) statement of work from the Office of the CIO for the Office of Public Buildings. GSA is an independent agency of the U.S. government that supports general services of Federal agencies. See page 21, section 5.9 in GSA’s document, Schedule 70 Blank Purchase Agreement for IT and Development Services… “PB-ITS (Project Based IT Services) is seeking to establish code quality standards for its existing code base, as well as new development tasks. As an emerging standard, PB-ITS references the Consortium for IT Software Quality (CISQ) for guidance on how to measure, evaluate and improve software.”
  • 23. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 23 Focus on Outcomes Business Outcomes Higher Productivity Grater Agility Improves Quality Reduces Risk
  • 24. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 24 Agenda • What are the drivers for automation • How do we introduce more automation • What role do standards play
  • 25. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 25 We Need Standards We Can Implement We built this city, we built this city on rock an' roll
  • 26. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 26 We Need Standards We Can Implement We built this city, we built this city on rock an' roll
  • 27. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 27 ISO 25010 Software Quality Model 1.Functional Suitability 2.Performance Efficiency 3.Compatibility 4.Usability 5.Reliability 6.Security 7.Maintainability 8.Portability
  • 28. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 28 Standards Are Only Effective If Implemented We have to deal with the risk link - people.
  • 29. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 29 Trustworthy Systems Manifesto As a greater portion of mission, business, and safety critical functionality is committed to software-intensive systems, these systems become one of, if not the largest source of risk to enterprises and their customers. Since corporate executives are ultimately responsible for managing this risk, we establish the following principles to govern system development and deployment. 1. Engineering discipline in product and process 2. Quality assurance to risk tolerance thresholds 3. Traceable properties of system components 4. Proactive defense of the system and its data 5. Resilient and safe operations
  • 30. © 2019 Consortium for IT Software Quality (CISQ) www.it-cisq.org 30 CISQ Membership Is Free  www.it-cisq.org Over 2000 individual members from large software-intensive organizations: