Ready and Fit: Adopting Agile in Highly Regulated Environments

AW5 Concurrent Session 11/7/2012 2:15 PM

"Ready and Fit: Adopting Agile in Highly Regulated

Environments"

Presented by:

Suzanne Miller Software Engineering Institute

Brought to you by:

340 Corporate Way, Suite 300, Orange Park, FL 32073 888‐268‐8770 ∙ 904‐278‐0524 ∙ [email protected] ∙ www.sqe.com

Suzanne Miller Software Engineering Institute

Suzanne (SuZ) Miller is a senior member of the technical staff at the Software Engineering Institute of Carnegie Mellon University, working in the Acquisition Support Program's Military Services team. Her current research focuses on the use of lean and agile methodologies in various DoD contexts. An authorized instructor for Intro to CMMI-SVC, SuZ is active in supporting development of training for CMMI-SVC. For the past twenty-five years she has been involved with both industry and government in the improvement of software and systems engineering. SuZ coauthored (with Richard Turner) CMMI Survival Guide: Just Enough Process Improvement.

1

Ready and Fit: Adopting Agile in Highly Regulated Environments

Suzanne MillerSenior ResearcherSoftware Engineering Institute

SuZ MillerAgile East 2012© 2012 Carnegie Mellon University

Software Engineering InstituteCarnegie Mellon University

Agenda

Problems Adopting Agile in Regulated Environments

Our Journeyy

Comparing Cultural Elements between Traditional and Agile Environments

Some Ideas to Consider

A l i O L i i Oth R l t d E i t


Applying Our Learning in Other Regulated Environments

2

Polling Question

Please identify yourself as one of the following:• DoD or non-DoD Federal Program Office staff• Contractor – Federal or DoD• Commercial• Consultant for tools/process• Other


What are some Regulated Environments Besides the DoD?Department of Energy

Food and Drug Administration (both pharmaceuticals and medical g ( pdevices)…

Financial exchanges like the stock market…

Healthcare records management…

I t ti l t d


International trade…

…more environments than you might think are dealing with this

3

Problems in Highly Regulated Environments (especially when trying Agile methods)Inherently conflicting regulations and mandates

The “ghosts” in the regulationsg g• We’re still “cutting off the ends of the roasts”

The unwritten laws that are what the written law is really about• “The written law is there to protect <someone, maybe you?>, and persecute

those who violate the unwritten law”

One role’s process is another role’s outcome


One role s process is another role s outcome

Problems of the past become the regulations we have to live with today

A Particular Problem Adopting Agile Methods in Highly Regulated IndustriesAgile methods are based on an explicit set of principles that emphasize• Incremental learning• Trust• Multiple roles working shoulder to shoulder

The principles underneath many acquisition regulations (especially in DoD) are not explicit. Principles that can easily be inferred from DoDacquisition (and similar) regulations include:• We must document everything about the system’s requirements before we

start designing and implementing—not much opportunity for incremental learning

• Minimize the risks to the acquisition agency not much opportunity for trust


• Minimize the risks to the acquisition agency – not much opportunity for trust• Keep contractors at arm’s length, maintain govt independence from them—

not much opportunity for working shoulder to shoulder

However, many of the regulations that lead to these inferences CAN be interpreted other ways!

4

DoD Acquisition and Innovation

Many regulated environments,like the DoD, NEED innovationand NEED incrementalimprovements to theirsystems.

Many of them are now willingto consider changing theirapproach if they can do itwithout getting in troublewith their governing statutesand regulations.


The View of Our Customers


5

We Need to Translate between Alternate WorldsFixed Vision

Evolving Vision


SEI ASP Agile Portfolio FY10 -14 (Our Journey)Focus Areas: making sense of the effects of the regulatory environment and finding successes that can be shared with others trying to embark on the journey

Policy & regulations barriers analysis

Executive Briefing

Mgmt roles, estimation, culture, milestone reviews-barriers & high level recommendations (CMU/SEI-2011-TN-002)

2009 2010 2011 2012 2013 2014

CrossTalkArticle

Metrics

More topics per Agile Collaboration Group priorities

804 response , rqmtsmgmt, contracting language, other topics per Agile Collab Grp (multiple publications

September 2014


Agile Defense Adoption Proponents Team (ADAPT) member

E-LearningAgile Course

MultiplePresentations

Consulting on Actual DoD& Federal Programs 2011 and forward

NDIA C4ISRCommittee

Metrics

SupportMechanisms

Denotes Air Force Funded

6

Making Sense of the Environment

Traditional cultural analyses for adoption of Agile methods don’t tend to pick up some of the acquisition issues inherent in these environments.SEI Readiness & Fit Analysis and its underlying model explicitly include risk areas known to impede Agile adoption in regulated environments:• More emphasis on business models, goal alignment, and acquisition

strategy• More focus on alignment issues—especially related to staff turnover• Some particular issues around interfacing with systems engineering

in large systems developmentsCategories of RFA model:


• Business & Acquisition -Technology Environment• Project & Customer Climate -Practices• System Attributes• Organizational Environment

Example Factors in Business & Acquisition CategoryMechanisms are in place in the contract and acquisition strategy to allow close collaboration between developers and end usersde e ope s a d e d use s

Oversight mechanisms are aligned with agile principles

Contract type accounts for use of agile/lean methods in the program


Mechanisms are in place in the contract and acquisition strategy that allow for interim demonstration and delivery between official releases

7

Polling Question

How Big a Challenge is Your Adoption of Agile Practices?• large, we need a culture change• medium, we are running into issues, g• small, we are mostly ready • no challenge at all


Suggesting Successful Approaches

Educating leadership and staff on differences they will seeReminding organizations of the typical challenges they face for a big changeDisseminating successful approaches when we find themAdding in a little humor alongthe way…


8

Comparison of Agile and Traditional DoDCultural Elements1


http://www.sei.cmu.edu/library/abstracts/reports/11tn002.cfm?DCSext.abstractsource=SearchResults




9




Translating DoD Lessons into Other Highly Regulated Environments

If the things I have talked about resonate with you• Read some of our papers/presentations to get ideas

– The time you spend translating from DoD to your environment is likely to pay off with some new ideas to try that might well work!

• See where strategies that have worked in DoD might apply to you– Look for places in our work where you have faced similar situations– If you have a success strategy you don’t see us promulgating,

please consider sharing with us! We’re here to learn!


10

A Few Things to Think About When People Cite “Regulations” as a Reason *Not* to Embrace Agile ApproachesWho are the real stakeholders? Where are the political “bodies” buried? How do the “ghosts” in the stakeholder map affect what people do today?y

Value stream mapping, a lean technique, is sometimes useful to point out waste areas where Agile could help, in an organizationthat is trying to reduce cost by eliminating wasted effort

When analyzing processes currently in use, always ask “For whom?” and “So what?” (ask about your Agile practices too!!)


and So what? (ask about your Agile practices too!!)

Most regulated environments involve conflicting mandates: different people choose different areas to emphasize—try to find the ones most complementary to Agile approaches and focus on those

Agile Work – Published and in ProcessPublished• Considerations for Using Agile in DoD Acquisition

http://www.sei.cmu.edu/library/abstracts/reports/10tn002.cfm?DCSext.abstractsource=SearchResults• Agile Methods: Selected DoD Management and Acquisition Concerns

http://www.sei.cmu.edu/library/abstracts/reports/11tn002.cfm?DCSext.abstractsource=SearchResults• A Closer Look at 804: A Summary of Considerations for DoD Program Managers• A Closer Look at 804: A Summary of Considerations for DoD Program Managers

http://www.sei.cmu.edu/library/abstracts/reports/11sr015.cfm?DCSext.abstractsource=SearchResults• DoD Agile Adoption: Necessary Considerations, Concerns, and Changes

http://www.crosstalkonline.org/issues/janfeb-2012.html

In Process Topics• Information Assurance• Requirements• Contracting language and contract types

Contingency Model (Readiness and Fit to use agile)


• Contingency Model (Readiness and Fit to use agile)• Programmatics• Guide to Agile terminology from a traditional viewpoint

11

Contact SuZ Miller at:[email protected]


Copyright 2012 Carnegie Mellon University.

This material is based upon work supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center.

Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Defense.

NO WARRANTY

THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This material has been approved for public release and unlimited distribution except as restricted below.

Internal use:* Permission to reproduce this material and to prepare derivative works from this material for internal use is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works.

External use:* This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for permission should be directed to the Software Engineering Institute at [email protected].

*These restrictions do not apply to U.S. government entities.


Ready and Fit: Adopting Agile in Highly Regulated Environments

Technology

Transcript of Ready and Fit: Adopting Agile in Highly Regulated Environments