The agile insurance IT compliance masters!
W. Edwards Deming, also known as the “Father of Quality”, wrote books such as “Dr. Deming: The American Who Taught the Japanese About Quality” and “Leadership Principles” which clearly described that a common understanding of quality within organizations, the teams and team members working there contributes significantly to sustainable and successful product development. In the case of the financial world, organization-wide standards as well as national or even global standards must be observed. This includes IT compliance-specific requirements in the context of payment transactions, the appropriate documentation of insurance-specific transactions, and ensuring data protection and data security.
But how can these often demanding and complex requirements be reconciled with agile frameworks such as Scrum and scaled product development such as Scrum@Scale or the Scaled Agile Framework (SAFe) in order to meet not only high customer satisfaction but also official requirements in complex environments?
In this article, my colleague Tim Glenewinkel and I describe how, in our experience, contemporary product development can work.
But first, a comparison of the typical forms of regulation and IT compliance as well as the four values of the Agile Manifesto:
As can be seen in Figure 2, the two boxes initially appear to be very contradictory. For example, the second value in the Agile Manifesto says “working software over comprehensive documentation”. However, it should be noted that it is explicitly emphasized that the left side (working software) is more important to look at or to reach than the right side (comprehensive documentation), but the right side still has to be observed/taken into account. Agile processes and frameworks such as Scrum and SAFe therefore consciously require a sufficient and common understanding of quality, which also includes appropriate documentation.
In contrast to waterfall-based projects, agile product developments have the advantage that the necessary regulatory, IT compliance-related quality requirements and customer needs are met in small, iterative, incremental steps:
This minimizes the risks associated with these results (e.g. with regard to security and stability) with regard to official requirements and maximizes the value of the results produced for the customer.
In the following Figure 4, a typical sprint of Scrum teams is illustrated in the context of agile frameworks, which use a so-called Definition of Done (DoD) to achieve at least one regulatory, IT compliance, and team defined sprint every one to four weeks to create potentially releasable results (Product Increment) that meet quality requirements:
In this context, the Scaled Agile Framework (SAFe) speaks of a “Lean Quality Management System” (Lean QMS), in which regulatory and IT compliance-specific requirements (quality, security, verification, and validation, etc.) are defined by one or more agile teams are considered iteratively and incrementally:
Compliance using the example of an insurance project for the development of core insurance systems
For a long time, insurers in Germany, in contrast to banks, were treated rather neglected from a regulatory point of view. With the entry into force of the insurance supervisory requirements for IT — “VAIT” — in mid-2018 and the constant expansion of these, the pressure on the insurance industry has increased. An essential part of the requirements is the proper documentation of processes, requirements, and implementations.
Many insurers in Germany are currently busy with the transformation of their insurance system landscape. The time pressure is often very high. Many projects are set up in an agile manner and are progressing quickly. The documentation of requirements and test executions are usually too short here. At the same time, projects are increasingly being subjected to an external audit as part of the annual audit. The complaints are almost always found in the insufficient documentation.
The consideration of QMS in an agile project can save the insurer complaints and subsequent documentation.
Conclusion
Agile frameworks such as Scrum and SAFe can be used to take regulatory and IT compliance-specific requirements into account at short intervals of one to four weeks for complex product developments. This minimizes the risks of complex projects and maximizes the value for the customer or customers. The customer regularly receives software modules that can be used directly, the service provider regularly receives customer feedback based on these software modules in order to be able to plan the next steps together with the customer based on this. These short feedback cycles make it potentially easier to take into account the really necessary regulatory and IT compliance-specific requirements: costs and complexity are reduced — a win-win situation arises between the customer and the software development team or the service provider.
Tim Glenewinkel, Ronny Kant and I would be happy to support you with the appropriate consideration of official requirements, the introduction of a Lean Quality Management System (Lean QMS) and your product developments in order to achieve both more agility and compliance with official requirements for you and your customers to guarantee.
Literature
Dr. Deming: The American who Taught the Japanese About Quality“
Deming, W: Essential Deming: Leadership Principles from the: Leadership Principles from the Father of Quality
Scrum Guide in English to read:
https://scrumguides.org/docs/scrumguide/v2020/2020-Scrum-Guide-US.pdf#zoom=100
