Most companies in the health care, automotive, aerospace or financial industries must comply with certain regulatory standards. Either the governments or their customers demand they do it. And most companies want to take advantage of the benefits of the agile methodology.
Continuous compliance means combining the agile mindset while following a regulatory standard. It is to benefit both from the stability and proven quality you get from following a regulatory standard and the improved quality, speed, flexibility and transparency you get from following an agile methodology.
Regulatory standards were created to ensure the quality and reliability of products, so that consumer safety and security can be guaranteed. The standards can also be used to assess the performance of the development processes from the companies developing the product. The goal for a company following a regulatory standard is to develop products with high quality, following stable, proven development processes.
Some examples of regulatory standards are: ISO 13485 (QMS for medical), ISO 26262 (Functional Safety), ISO 21434 (Cybersecurity) and Automotive SPICE.
Agile methodology was originally developed by software development companies as a better way of maintaining their work. Traditional software development processes were often over complicated and weighed down by unnecessary documentation. Many development projects were failing or taking much too long to complete, and industry leaders realized they needed to find a new, innovative approach. Today, agile methodology is used in a range of disciplines and markets.
Some examples of agile methodologies are: XP, Scrum, Kanban, Less and SAFe.
At a first glance, it seems like the agile mindset and regulatory standards are contradicting each other, but by doing continuous compliance in the right way, they actually complement each other.
Continuous compliance can help identify a company’s compliance shortcomings in real-time, allowing it to be proactive rather than reactive. It can reduce the effort of doing quality audits and assessments and can help to build trust with customers and stakeholders.
Here is a short list of some key success factors for implementing continuous compliance:
- Build the compliance incrementally
Use the agile practice of frequent planning and frequent deliveries. Instead of showing product compliance at the end of a project, or showing process compliance once a year in an audit, make sure to monitor the compliance concerns continuously, and plan for building the compliance incrementally.
- Organize for value and compliance
Use the agile practice of cross functional teams. Cross-functional teams are groups of people from various parts of the organization, such as marketing, product development, quality assurance, sales and finance, who work together to achieve a common goal. Cross functional teams enable effective communication, improved collaboration and a more holistic approach and can help ensure that all aspects of a project or initiative are considered, leading to increased quality at a lower cost.
- Build the quality and compliance in
Use the agile practice of built in quality, and make sure to also build in compliance concerns. Built in quality includes automated testing, continuous integration, tool enforced code reviews, and test driven development. The built in quality concept enables finding defects early and reducing the time spent fixing defects which leads to a higher quality, reduced costs and higher customer satisfaction.