f1
play

F1 5/20/2005 10:00 AM L EGAL C OMPLIANCE IN Q UALITY A SSURANCE - PDF document

BIO PRESENTATION PAPER F1 5/20/2005 10:00 AM L EGAL C OMPLIANCE IN Q UALITY A SSURANCE Elle Ringham Fidelity National Financial International Conference On Software Testing Analysis & Review May 16-20, 2005 Orlando, FL USA Elle


  1. BIO PRESENTATION PAPER F1 5/20/2005 10:00 AM L EGAL C OMPLIANCE IN Q UALITY A SSURANCE Elle Ringham Fidelity National Financial International Conference On Software Testing Analysis & Review May 16-20, 2005 Orlando, FL USA

  2. Elle Ringham, J.D. Elle Ringham has been involved in Quality Assurance and Quality Management since 1990. Ms. Ringham graduated Law School in 2002, and has since incorporated compliance, auditability, SLA enforcement/measurement, etc. into her Quality Assurance practice. Elle considers education of all groups involved, coupled with a structured process improvement, to be the most effective way to introduce true Quality Assurance/Quality Management. Her approach ensures buy-in and support from everyone… stakeholders, executives, corporate counsel, developers, and QA resources.

  3. Welcome! Welcome! Welcome! Welcome! Legal Compliance in Quality Assurance

  4. Agenda Agenda Agenda Agenda What this lecture covers… what it doesn’t What is Legal Compliance How QA Fits In Where Do You Start What Do You Ask How Do You Facilitate Compliance and Auditability Templates and Artifacts Contact Information

  5. What This Lecture Covers… What it Doesn’t What This Lecture Covers… What it Doesn’t What This Lecture Covers… What it Doesn’t What This Lecture Covers… What it Doesn’t Will Cover Determine if compliance issues apply Asking the right questions How to capture and measure auditability Won’t Cover HOW to test various legal issues IF a legal issue applies to your application Specific legal advice Specific compliance issues

  6. What is Legal Compliance? What is Legal Compliance? What is Legal Compliance? What is Legal Compliance? Legal issues: State and Federal Accountability Auditability Legal Counsel Due Diligence Contracts, standards, expectations Standards Requirements Client needs Process SLA’s Other Federal Audit Statutes Budget

  7. How It Fits In How It Fits In How It Fits In How It Fits In Test Planning Load/Performance 1. Bringing QA from a testing group Testing into (true) Quality Assurance Automation and Defect Tracking 2. Quality Management Regression 3. Higher skill set required Requirements/Use System Integration 4. Requires education with Cases to Test Testing stakeholder and early introduction Cases into project Functional and Standards, Negative testing Process Improvement Testing Lab, User Acceptance Multiple platform Testing

  8. Where Do You Start Where Do You Start Where Do You Start Where Do You Start Industry, Guidelines Assess your business need Business Assess how your application Data, Communication, addresses the need Commerce Review information with PMO Ensure and Stakeholders coverage and State, Understanding Federal, Etc. Research legal issues Elements of Discuss findings with counsel audit Research audit guidelines Merge Assess appropriate QA Technology with Audit efforts Process, Metrics, Reporting

  9. What Do You Ask What Do You Ask What Do You Ask What Do You Ask Stakeholders Other PMO � What are the known � How will I add this to the Test Plan � What other functional teams work compliance concerns? � How will I audit the elements of the statues with compliance � Expectations (guidelines, laws, etc.) � Add tasks into project plan � How are these issues � What type/form of results will I need to compile � Ensure time added to project plan for addressed in other � Where must the information be stored research function? � Must the information be published � Deviations expressed as impacts and � Define known and � Is anyone required to review the results; who? risks; also noted within SQA Test Plan foreseeable risks � Keep Risks and Issues open for upcoming or similar and Testing Report � Mitigation plan for risk(s) projects � Ensure time added to project plan for � Define resources, corporate counsel locations, tasks and utilization Developers/DBAs � How does the design handle Corporate Counsel process/business flow � What are the known compliance concerns? � How is data captured � Do we have SLA’s or other contracts to � What standards are used for security audit? � Ask about design patterns QA Group � Ask to see all models � What are the elements of the statute, law, etc. that we need to audit? � There will be specific questions � Where in the Process does this fit? associated with your compliance � Explain some current case precedent of � Who owns this area? issues too! these compliance issues � How to we capture metrics? � What do you require from other areas of � Note impacts, risks, mitigation steps taken the company? � Are you familiar with how technology handles data?

  10. How Do You Facilitate Compliance and How Do You Facilitate Compliance and How Do You Facilitate Compliance and How Do You Facilitate Compliance and Auditability Auditability Auditability Auditability 10% 10% Test Cases to Elements of Audit UAT 20% 20% 45 45% Development Testing Reporting 25% 25%

  11. Templates and Artifacts Templates and Artifacts Templates and Artifacts Templates and Artifacts Mapped areas of coverage Metrics of coverage per release (functional) Load/Performance Data pools, and negative efforts Standards, Best Practice and Due Diligence

  12. Templates (Cont.) Templates (Cont.) Templates (Cont.) Templates (Cont.) Sarbanes-Oxley Template Microsoft Excel Worksheet

  13. Artifacts (Cont.) Artifacts (Cont.) Artifacts (Cont.) Artifacts (Cont.) Example of Sarbanes-Oxley Document Microsoft Word Document

  14. Contact Information Contact Information Contact Information Contact Information www.SANS.com http://www.developer.com/java/ent/print. php/3320861 http://www.softlanding.com/sox/docs/wo rkingguide.pdf http://www.gain2.org/sox404toolsum.ht m www.FindLaw.com Elle.Ringham@fnf.com

  15. Questions? Questions? Questions? Questions? Thank you for your time! I cannot answer your legal questions. Please seek counsel for your specific needs. Elle Ringham, J.D.

  16. Quality Assurance Office Legal Compliance in Quality Assurance Elle Ringham, J.D. Spring 2005 Biography: Elle Ringham has been involved in Quality Assurance and Quality Management since 1990. Ms. Ringham graduated Law School in 2002, and has since incorporated compliance, auditability, SLA enforcement/measurement, etc. into her Quality Assurance practice. Elle considers education of all groups involved, coupled with a structured process improvement, to be the most effective way to introduce true Quality Assurance/Quality Management. Her approach ensures buy-in and support from everyone… stakeholders, executives, corporate counsel, developers, and QA resources. The law and Quality Assurance has been a misunderstood marriage. Using the definitions and practices of law within the detailed, methodical, approached of Quality Assurance, organizations can increase effectiveness of production. It takes a holistic approach to understanding expectations in order to increase the actual (and perceived) level of quality. This is especially true when you marry technology and the law. In the last few decades, The Department of Defense and the Department of Justice have understood the need for this marriage. However, their approach was to find technology issues (be it in the form of risks or dependencies) and adjust our legal system (and responses) accordingly. We in the civilian field aren’t blessed with such a luxury; thus, we educated ourselves on the legal issues and add this information to our process. The following follows the “Who, What, Where, When, How” approach. When one is entering into an unknown domain, “where to start” is often the most difficult question to answer. Use the screen shots as a reference to the class taken. Additional information follows each slide.

  17. Determining whether legal issues apply to your development efforts isn’t always simple. There may be obvious factors: Your efforts are within a well regulated industry, you are aware of Service Level Agreements, you are aware of state or federal agencies which oversee an aspect of your industry… etc. However, it may not be so obvious… you may have an eCommerce site, your portal collects information, you produce propriety software only, etc. Asking the right questions will certainly help, but what you do what the answers is equally important. The QA group will now take these answers and create templates for measurement and metrics, auditability metrics, and reports. Only your corporate counsel will know for sure whether a particular legal issue applies to your organization. Detailed legal advice needs to come from within, not a class or lecture like this. Although your research should be thorough, and your incorporation of legal elements into the QA process well defined, the actual legal elements are determined by legal counsel and state/federal agencies.

Recommend


More recommend