Why the need for agile compliance
The rift between agile and compliance
There is a disconnect between agile development and compliance management. This is due to the difference in approach between how work is achieved in these contexts:
- Agile development involves all the activities of developing a small number of product features within a short time-frame.
- Compliance management remediates all risks and regulatory standards through identification of the assessment of each life-cycle activity.
The core driver for an agile compliance management is be to bring governance, risk management and compliance through an iterative cycle. This doesn't mean to apply current compliance process to each and every iteration or release but to re-think the driver behind compliance and the current approach to manage it.
A note on the definition of risk
This article doesn't refer to project management risks that most bibliography on agile risk management does, such as delay of delivery, over-spent, technical debt and such.
This article refers to risks as the uncertainty for the company to achieve strategic, operational, tactical and compliance objectives. For the finance industry, it would include risks of financial crime or credit lending. For the pharmaceutical industry it would include risks of patient safety and confidentiality. For any industry it would include security, information management, legal responsibility, supplier management...
What is compliance management
Compliance management, otherwise called Governance, Risk management and Compliance (GRC), is required in most industries to