Why the need for agile compliance
The rift between agile and compliance
There is a disconnect between agile development and compliance management. This is due to the difference in approach between how work is achieved in these contexts:
- Agile development involves all the activities of developing a small number of product features within a short time-frame.
- Compliance management remediates all risks and regulatory standards through identification of the assessment of each life-cycle activity.
The core driver for an agile compliance management is be to bring governance, risk management and compliance through an iterative cycle. This doesn't mean to apply current compliance process to each and every iteration or release but to re-think the driver behind compliance and the current approach to manage it.
A note on the definition of risk
This article doesn't refer to project management risks that most bibliography on agile risk management does, such as delay of delivery, over-spent, technical debt and such.
This article refers to risks as the uncertainty for the company to achieve strategic, operational, tactical and compliance objectives. For the finance industry, it would include risks of financial crime or credit lending. For the pharmaceutical industry it would include risks of patient safety and confidentiality. For any industry it would include security, information management, legal responsibility, supplier management...
What is compliance management
Compliance management, otherwise called Governance, Risk management and Compliance (GRC), is required in most industries to demonstrate control over the development of a product. The reason for such demonstration is to provide evidence that the company is meeting its objective and more importantly is meeting regulatory standards.
Projects being developed in traditional, sequential manner demonstrate controls through the sequences or phases by which it is constructed, which are Analysis, Design, Implementation, Acceptance and Deployment. This is a simplified model in order to keep it simple, as there are usually more phases such as planning, integration, maintenance and so forth. Keep in mind though that these phases are not purely sequential but can involve returning to a previous phase if the condition of success for a given activity are not met and require additional work in earlier stage. Waterfall in pure sequential manner is mainly an invention of an