Discussion Topics
�Why is this important? (In a Land before Agile)�Overview of Payment and Compliance/Security/Mandates�The Players/Partnerships/Collaboration�Aligning Objectives�Execution�Oversight and Communication
2
History Lesson
�Before moving to the agile model, these things were taken up and done by teams, as needed.
�Project Prioritization and Funding was in a different model and provided resources, as needed, to isolate them from compliance work.
� Immediately post transition we were in whack-a-mole�Formulated a strategy on approach and how to simplify the
request and the efforts
3
Overview of the Payment Product
4
In Store Payment Online Payment
Settlement and Reconciliation
Proprietary Tenders
Major Network Cards
Target Giftcards
Government Tenders Checks Electronic
Tenders
Returns Information Giftcard IssuanceOpen Loop and
General Purpose Cards
Mandates, Security, Compliance�Major Credit Card Networks Mandate
�Twice Yearly�Complete them or be fined or pay more per transaction
�Security�Payment Card Industry Data Security Standard (PCI)� Internal Requirements
�Compliance�Sarbanes Oxley (SOX)� Internal Audit Remediation�Gramm-Leach-Bliley Act (GLBA)
5
Aligning Objectives
6
Objectives and Key Results
Payment Product Execution
7
Company ProcessesCompany StrategyBusiness Quarterly Business ReviewTechnology Business ReviewPCI AuditSOX AuditGLBA Audit
Feature Input TeamsArchitectureBusiness VendorsOther Product TeamsGuestsInfrastructureSecurityCompliance
Product TeamsOKR’s/ValuePrioritizationDiscoveryFeature/Story DefinitionScope ManagementData/MetricsStory Boarding
ExecutionQuarterly/Sprint PlanningScrum/KanbanFeature/Story SizingDependency ManagementContinuous PlanningContinuous Improvement/Learning
Engineering TeamsDev + OpsAutomated TestingBDD/TDDTechnical RunwayTelemetryPair ProgrammingCode ReviewsCI/CDQA Engineer (E2E)Support
Transparency Alignment Built-in Quality
Deliberate Collaboration
8
Every other week Status
Every other week Status
Status As Needed
Every other week Status
Every other week Status
Every other week Status
Meeting Stakeholder Needs
Questions to Ponder for Prioritization
� When is the compliance requirement due?� What happens if we don’t do it?� Is there other value associated to this change?� Is it more important than our current business value deliverables?� Can we ask for an extension?� Are others able to comply or will the requirement move out?� Can we ask to do it differently?
9
Success Metrics
� Improved accuracy on meeting compliance obligations�Better knowledge and insight into the asks, and why�Alignment on timing and objectives
10
Oversight and Leader Communication
�Weekly Product Leadership Meetings�Weekly InfoSec Meeting�Continuous planning of compliance stories �Published Objectives and Progress�Published Roadmap
11
What’s Next
�System alignment and integration for updates on asks�Continuing to have more planning around compliance,
mandates, security�Explore automation to make these updates faster and
easier
12
Q and A
13
Top Related