Large multinational companies developing components or manufacturing products for any safety-critical industry (such as transport, aviation, railway, automotive, nuclear, or medical device sectors) have to dedicate immense resources to ensure that their end products comply with the relevant safety regulations, standards, guidances, or directives. A large portion of these rigorous standards don't just set requirements about the reliability of end products, but also require the use of adequate, quality processes during their development.
Controlling and monitoring processes to ensure compliance sounds rather straightforward. Those standards tell you how to do stuff, right? So you can just start innovating, engineering and developing or manufacturing your product, and keep an eye on how things are going. Well, if you're a person doing all this alone, then 1) you may be right 2) you are most definitely a genius. The reality, however, is that dozens of teams, hundreds or even thousands of people, and several departments in various geographical locations may be contributing to a single product. Aligning and monitoring all the processes they use to complete their share of work is a challenging task.
Related reading: Adopting Agile & Maintaining Process Control in Safety-Critical Device Development
This is why traditionally, large enterprises have opted for the linear Waterfall methodology. This way, they only had to monitor and ensure the compliance of one process at a time. The drawbacks are quite obvious, and stem from the same source: sure, it makes your job easier, but if you only do one thing at a time, someone's inevitably going to be faster than you.
Agile with Controlled Processes
That's why more and more companies are choosing to implement Agile in their development. Agile is a less structured framework that gives more freedom to developers, who are working in self-governing teams to deliver quality software as early as possible. Quite obviously, Agile allows these companies to accelerate development – but in the context of regulated industries, terms like "self-governing" and "less structured" make the alarms go off.
The secret to the success of these companies using Agile to develop safety-critical products is simple: they predefine compliant workflows, enforce those processes so that there are no deviations, and automate as much as possible ("continuous compliance"). This is what we refer to as process control, which allows the implementation and scaling of Agile in a regulated environment.
The key here is granularity. According to a great study by Fitzgerald et al:
"the granularity at which development processes are expressed and adapted requires careful tailoring in a regulated environment. Furthermore, regulated environments require rigorous traceability. In the case of requirements, for example, these need to be traced from initial requirement through to final implementation in the code-base."
– Scaling Agile Methods to Regulated Environments: An Industry Case Study by Fitzgerald et al., 2013
Traceability, Efficiency, Risk Management
Traceability is actually one of the most important requirements of most standards & regulations, regardless of the industry. Being able to link requirements to source code, and that to tested features of the released product is a number one priority. In order to ensure traceability, thorough documentation needs to be maintained throughout the lifecycle. Keeping in mind all the above, it's becoming obvious that you'll need adequate tools in order to be able to achieve compliance while using Agile.
codeBeamer ALM not only helps you maintain end-to-end traceability, it also automatically documents certain processes and actions. What's more, it supports SAFe®, the Scaled Agile Framework, which greatly supports the enterprise-wide scaling of Agile.
"The key lesson from this study is that agile processes can, in fact, be augmented to work very well in regulated environments. Appropriate tool support is vital."
– Scaling Agile Methods to Regulated Environments: An Industry Case Study by Fitzgerald et al., 2013
In codeBeamer, you can simply pull granular reports on any activity or process any time, greatly facilitating compliance audits. Taking advantage of codeBeamer's advanced workflow engine with BPM capabilities, you can define and enforce complex workflows – and connect these processes even across tools, allowing you to safely build elaborate products with IoT connectivity.
Mitigating risks is also crucial. In addition to its QA & testing capabilities, codeBeamer offers a complex risk management feature set, and a dedicated Failure Mode and Effects Analysis template. Our ALM also provides adequate access control. User permissions are highly customizable, and e-signatures can be required at any stage of any workflow, enhancing the visibility of audit trails. To learn more about the features and capabilities of codeBeamer ALM, head over to our product page, or simply get in touch with us – we'll be glad to explain things!
In a nutshell, process control, documentation and adequate quality assurance are crucial when it comes to implementing Agile in a highly regulated environment. The only way to deal with the complexity this introduces is to implement continuous compliance with the help of smart lifecycle management software solutions such as codeBeamer ALM.
