Articles

arrows right 6 Steps to Bridge DevOps with Release Management in the Enterprise

Balancing time-to-market pressures with regulatory needs and business continuity demands is a challenge for highly regulated large enterprises. Automating processes and mastering proven practices of release management makes developing and releasing software predictable, reliable, and repeatable.

Greg Hughes
Question mark: configuration management Where Did Configuration Management Go?

Amid all the excitement of DevOps, continuous delivery, and the magic of single-push-button deploys, some folks have forgotten the prerequisites. You cannot implement continuous anything without effective configuration management. This article will help you reassess where you are and ensure that you have the basic building blocks in place to ensure success.

Bob Aiello
IT Controls Establishing IT Controls for Consistent, Efficient Delivery

Many high-security institutions have guidelines that must be followed in order to comply with industry regulatory requirements. But these best practices can help any company avoid costly mistakes while enabling teams to work faster and more effectively. This article tells you how to get started establishing your own practical and reliable IT controls.

Bob Aiello

Conference Presentations

Privacy and Data Security: Minimizing Reputational and Legal Risks
Slideshow

Privacy and data security are hot topics among US state and federal regulators as well as plaintiffs’ lawyers. Companies experiencing data breaches have been fined millions of dollars, paid out millions in settlements, and spent just as much on breach remediation efforts. In the past...

Tatiana Melnik, Melnik Legal, PLCC
CMMI® to Agile: Options and Consequences
Slideshow

If you long for greater agility in your process-oriented or CMMI world, this session is for you. Paul McMahon shares how organizations can integrate agile approaches with CMMI and its key process area requirements. He discusses the advantages and disadvantages of different approaches taken by two organizations-one a CMMI Level 3 and the other a Level 5-to embrace agile principles and practices. To ensure your organization doesn't jeopardize its CMMI compliance with agile methods, Paul shares an approach that uses techniques such as asking key questions to focus objectives, pruning your processes, using the CMMI less formally, and keeping your "must dos" packaged separately from guidelines. He describes and discusses examples of each technique. Learn why the two organizations took different approaches, why one achieved its goals, and why the other fell short.

Paul McMahon, PEM Systems
IT Governance and Compliance in an Agile World
Slideshow

Establishing IT governance and compliance practices is essential for organizations that have regulatory or audit requirements. The good news is that you can be agile and still comply with Sarbanes-Oxley, CFR 21, HIPAA, and other regulatory imperatives. Done well, IT controls actually help you improve both productivity and quality. Bob Aiello describes how to implement IT controls in frameworks such as ISACA Cobit and ITIL v3 that many regulatory frameworks require-while maintaining agile practices. Bob's guidance includes specific examples of establishing IT controls: separation of duties, work-item to change-set traceability, physical and functional configuration audits, and more. Bob explains how these practices help government, defense, and corporations scale agile practices where audit and regulatory compliance is a must.

Bob Aiello, CM Best Practices Consulting
Ready and Fit: Adopting Agile in Highly Regulated Environments
Slideshow

If you live and work in a highly regulated environment (HRE)-medical devices, DoD and its contractors, nuclear energy, or other life-critical systems-this session is for you. For the past three years, the SEI has been researching agile and lean adoptions in the US Department of Defense. Suzanne Miller presents the organizational and cultural factors they identified as most important for development organizations to demonstrate when embarking on an agile adoption program. In the SEI's technology transition research, Suzanne and her team found that the more closely an organization meets the readiness and fit criteria, the more likely it is that the adoption will succeed. Suzanne discusses the risks and challenges that agile adoption presents to HREs, and presents ways to mitigate risks and overcome challenges.

Suzanne Miller, Software Engineering Institute

CMCrossroads is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.