Geek Answers Handbook

Using SCRUM in a company that introduces strict management into the development process?

Our company must adhere to strict SOX / Cobit protocols. This means that there is a huge paper footprint behind everything we do, and no one can start coding until the proper documentation is signed. This means that you need to wait until changes to the specification, software and architectural documents (at least) are signed before you can start coding. The same process follows any improvements (which is a natural part of software development). It is clear that this does not fit well with the idea of ​​SCRUM.

We are currently following the SDLC as defined in the Rational Unified Process (RUP). It also includes an iterative process (start / development / construction / transition / repetition), but we want to try to replace this process with SCRUM.

Is it possible for a company with strict management to switch to SCRUM? Does anyone have a case study that shows how it was successfully implemented in a similar environment?

+6
project-management scrum agile
source share
3 answers

I worked for a company balancing on the brink of insanity SOX, while maintaining a fairly flexible development process. Significant managers who were ready to work on documents helped a lot. We did a few things to convince SOX auditors that our electronic processes were not just replacements, but better than their documents.

  • We blocked access to the code repository using the special SSH function so that only the administrator could receive unprocessed files. This prevented any developers from doing any manipulations with the hanky panky repository to hide the change. Although this did not bother us, it made SOX auditors happy, and they accepted the version control system as a secure change log, and did not force us to submit (no jokes) on paper.

  • We delegated most of the documents to the OK department, which we used to perform repetitive tasks manually. :)

  • Increased security in our online task manager. Each change should have a task associated with it. Tasks in our task manager could not be processed until one of several managers exits within the system. In practice, this meant that the dispatcher’s IM office marked a field in a web form.

  • We have transferred the authority to make changes from the production phase to the QA department. Again, in practice, this meant that someone from QA was running a script. As a side effect, this has helped make our production process faster and easier.

  • Using the development, production and production departments, we were free to work on the development and creation industries, since they did not have access to production databases, requiring that all documents be created for changes that reached production.

It is worth noting that, although we did some things under the table to do our work, we mostly made the people responsible for SOX compliance know what effect this had on the work and worked with them to balance our solar paranoia and our efficiency. We found out what they really wanted and proposed more effective alternatives (for example, control of the protected version, and not the difference in paper). Instead of working on a broken system and creating a battlefield between developers and QA, we worked on improving the system.

+10
source share

I was successful in projects in this environment, doing something more stealthily. In the projects that I did, in such environments as usual, I usually try to hook the trainee to make full use of it. The trainee’s task was to fill in all the paper and trash, giving the illusion that we were following one process, while in the background my developers were working and moving forward on the project. Inside, I used a rigorous scrum-based methodology. My projects have achieved 100% success, and the average for successful projects is somewhere around 20-30%.

Use your spoiled opinions at your own risk.

Regarding SOx BS compliance, haven't they thrown it away yet?

0
source share

I could not understand why you think that the documentation and the formal process do not work with Agile.

If you know how to perform RUP correctly, it’s even easier for you to do SCRUM, since you already have enough discipline to be agile without being a cowboy.

No one said that you cannot do the right documentation when you do SCRUM. These DO documents add some value - they are simply not needed when you follow the Agile process, and therefore most of them do not.

If you think that documents are your results, add them to the iteration area, write them important things so that they are useful to you as a team - they are overhead, but they also have value, especially in a long-term project, or when you have a big and / or distributed team.

RUP iterations do not impose a waterfall model - these are just guidelines for emphasizing certain disciplines within them, but with the right iteration in RUP, all actions are mixed. Consider the development phase as a normal Agile phase with some spikes, and you will not be able to distinguish it.

The way this worked for us with the docs was to use the Wiki to get this kind of information and export its contents to Word files that can later be signed.

Documents can be reviewed, but they do not need to be supported, and the team goes to the Wiki for information.

0
source share

More articles:


All Articles