Loading ...
Sorry, an error occurred while loading the content.
 

Dealing with mandated forms in Scrum Delivery Teams

Expand Messages
  • Michael Tibbert
    Hi, I am very curious on how others handle this situation. My company will be mandating a simple form to be completed and signed by the development team the
    Message 1 of 9 , Nov 3, 2011
      Hi, I am very curious on how others handle this situation.

      My company will be mandating a simple form to be completed and signed by the development team the code has been reviewed and adheres to software security development rules.

      How to others handle company/gov't mandated items within Scrum?

      Who within the teams are responsible to validate the items.
      (Team members within sprint or someone else)?

      When would the validation occur(e.g. story by story, at the end of a sprint, prior to a release)?

      Thanks for your help

      Regards,

      Michael
    • RonJeffries
      ... I would sign a whole bunch of forms on the first day we got them, and have someone fill in the date and submit them on whatever intervals management wants
      Message 2 of 9 , Nov 3, 2011
        On Nov 3, 2011, at 8:33 AM, Michael Tibbert wrote:

        When would the validation occur(e.g.  story by story, at the end of a sprint, prior to a release)?

        I would sign a whole bunch of forms on the first day we got them, and have someone fill in the date and submit them on whatever intervals management wants them.

        No, really.

        Ron Jeffries
        If it is more than you need, it is waste. -- Andy Seidl

      • Malcolm Anderson
        Michael Can you find out where this is coming from? In other words, Is this a regulatory issue or a certification issue? I ve found value in sitting down the
        Message 3 of 9 , Nov 3, 2011
          Michael

          Can you find out where this is coming from?

          In other words, Is this a regulatory issue or a certification issue?

          I've found value in sitting down the the compliance officer and asking what they want, and what else can we do that would satisfy compliance.

          If it's not a compliance issue then you need to find out what it is, because it's costing your team time, and your company money.  Something, as a Scrum Master that needs it's visibility raised.

          --

          Malcolm Anderson
          Scrum Coach & Agile Engineer
          http://www.PragmaticAgility.com/blog


          On Thu, Nov 3, 2011 at 5:33 AM, Michael Tibbert <michael.tibbert@...> wrote:
           

          Hi, I am very curious on how others handle this situation.

          My company will be mandating a simple form to be completed and signed by the development team the code has been reviewed and adheres to software security development rules.

          How to others handle company/gov't mandated items within Scrum?

          Who within the teams are responsible to validate the items.
          (Team members within sprint or someone else)?

          When would the validation occur(e.g. story by story, at the end of a sprint, prior to a release)?

          Thanks for your help

          Regards,

          Michael




        • George Dinwiddie
          Michael, ... In what ways are members of the development team reviewing each other s code? Are they pairing? What are these software security development
          Message 4 of 9 , Nov 3, 2011
            Michael,

            On 11/3/11 8:33 AM, Michael Tibbert wrote:
            > Hi, I am very curious on how others handle this situation.
            >
            > My company will be mandating a simple form to be completed and signed
            > by the development team the code has been reviewed and adheres to
            > software security development rules.

            In what ways are members of the development team reviewing each other's
            code? Are they pairing?

            What are these software security development rules? Are they something
            that can be expressed in an automated test?

            > How to others handle company/gov't mandated items within Scrum?

            I don't think the forms are an issue.

            > Who within the teams are responsible to validate the items.
            > (Team members within sprint or someone else)?

            This is not something that Scrum has an opinion on. I prefer pair
            programming for review. Some teams do formal reviews. Others do
            informal reviews when updating their code from the repository. And, of
            course, some teams do no review at all. I don't recommend the latter
            (and apparently neither does your management).

            - George

            --
            ----------------------------------------------------------------------
            * George Dinwiddie * http://blog.gdinwiddie.com
            Software Development http://www.idiacomputing.com
            Consultant and Coach http://www.agilemaryland.org
            ----------------------------------------------------------------------
          • Malcolm Anderson
            Ron That s a perfectly valid solution, but it assumes that there is no reason for the new requirement. Was there a recent security breach? Is there new
            Message 5 of 9 , Nov 3, 2011
              Ron

              That's a perfectly valid solution, but it assumes that there is no reason for the new requirement. 

              Was there a recent security breach? 

              Is there new regulation that places security responsibility on the company, and the company legal council has suggested a way to mitigate that regulation by making each developer sign a scapegoat paper? 
              "It wasn't our fault, but the developer responsible for this breach has been terminated"

              I don't know.

              I do know that if I can talk to the person who created a mandate that I can usually create a better solution to their problem that is systemic and doesn't need daily attention from my development staff to stay in compliance.

              I'm not saying that getting to see that person in that compliance department won't be an epic saga of heroic proportions, and that it just may be easier to sign and date the paper every 2 weeks. 

              I am saying that it's worth the effort.

              --

              Malcolm Anderson
              Scrum Coach & Agile Engineer
              http://www.PragmaticAgility.com/blog



              On Thu, Nov 3, 2011 at 6:08 AM, RonJeffries <ronjeffries@...> wrote:
               

              On Nov 3, 2011, at 8:33 AM, Michael Tibbert wrote:

              When would the validation occur(e.g.  story by story, at the end of a sprint, prior to a release)?

              I would sign a whole bunch of forms on the first day we got them, and have someone fill in the date and submit them on whatever intervals management wants them.

              No, really.

              Ron Jeffries
              If it is more than you need, it is waste. -- Andy Seidl



            • woynam
              That sounds like a lot of work. Since you re going to be filling out a lot of these forms, wouldn t it be better to get a rubber stamp made with the team s
              Message 6 of 9 , Nov 3, 2011
                That sounds like a lot of work. Since you're going to be filling out a lot of these forms, wouldn't it be better to get a rubber stamp made with the "team's" signature/logo, and use that?

                Since the whole team is responsible for the successful execution of the Sprint, everyone's name should be on the form.

                Mark

                --- In scrumdevelopment@yahoogroups.com, RonJeffries <ronjeffries@...> wrote:
                >
                > On Nov 3, 2011, at 8:33 AM, Michael Tibbert wrote:
                >
                > > When would the validation occur(e.g. story by story, at the end of a sprint, prior to a release)?
                >
                > I would sign a whole bunch of forms on the first day we got them, and have someone fill in the date and submit them on whatever intervals management wants them.
                >
                > No, really.
                >
                > Ron Jeffries
                > www.XProgramming.com
                > If it is more than you need, it is waste. -- Andy Seidl
                >
              • Michael James
                How about writing it into the definition of done and letting the team figure out how to implement it? Anything that doesn t match your company s required
                Message 7 of 9 , Nov 3, 2011
                  How about writing it into the definition of "done" and letting the team figure out how to implement it?  Anything that doesn't match your company's required definition of "done" probably shouldn't be demonstrated to everyone at the Sprint Review Meeting.  After trying this, if the team declares that compliance is a large impediment (we don't know yet if they will) of course that cost should be made visible to the Product Owner, who is responsible for business decisions such as this.

                  --mj

                  On Nov 3, 2011, at 5:33 AM, Michael Tibbert wrote:

                   

                  Hi, I am very curious on how others handle this situation.

                  My company will be mandating a simple form to be completed and signed by the development team the code has been reviewed and adheres to software security development rules.

                  How to others handle company/gov't mandated items within Scrum?

                  Who within the teams are responsible to validate the items.
                  (Team members within sprint or someone else)?

                  When would the validation occur(e.g. story by story, at the end of a sprint, prior to a release)?

                  Thanks for your help

                  Regards,

                  Michael


                • Michael Mallete
                  I had some similar experience wherein, yes, some of these activities do have business value. For example, PCI compliance and some government sanctioned stuff
                  Message 8 of 9 , Nov 3, 2011
                    I had some similar experience wherein, yes, some of these activities do have business value. For example, PCI compliance and some government sanctioned stuff that becomes integrated with the idea of "done." What the teams I was with do is to add them either as PBI's or part of the acceptance criteria of PBI's

                    On Thu, Nov 3, 2011 at 9:46 PM, Michael James <mj4scrum@...> wrote:
                     

                    How about writing it into the definition of "done" and letting the team figure out how to implement it?  Anything that doesn't match your company's required definition of "done" probably shouldn't be demonstrated to everyone at the Sprint Review Meeting.  After trying this, if the team declares that compliance is a large impediment (we don't know yet if they will) of course that cost should be made visible to the Product Owner, who is responsible for business decisions such as this.


                    --mj

                    On Nov 3, 2011, at 5:33 AM, Michael Tibbert wrote:

                     

                    Hi, I am very curious on how others handle this situation.

                    My company will be mandating a simple form to be completed and signed by the development team the code has been reviewed and adheres to software security development rules.

                    How to others handle company/gov't mandated items within Scrum?

                    Who within the teams are responsible to validate the items.
                    (Team members within sprint or someone else)?

                    When would the validation occur(e.g. story by story, at the end of a sprint, prior to a release)?

                    Thanks for your help

                    Regards,

                    Michael



                  • Wouter Lagerweij
                    Hi Michael, The question is why this is mandated, and what is the meaning of this signature. If this is simply a regulatory thing, and your process already
                    Message 9 of 9 , Nov 3, 2011
                      Hi Michael,

                      The question is why this is mandated, and what is the meaning of this signature.

                      If this is simply a regulatory thing, and your process already takes care of the actual work necessary (it's in your definition of done), I think Rons solution is the most straightforward: just get the paperwork out of the way.

                      If there's an underlying trust issue, then the form simply makes things worse. Have the team think of ways to improve the process. Find out what is needed, and how it can be tested/verified. Then either the paperwork won't be needed, or the previous solution works...

                      Wouter

                      On Thu, Nov 3, 2011 at 1:33 PM, Michael Tibbert <michael.tibbert@...> wrote:
                       

                      Hi, I am very curious on how others handle this situation.

                      My company will be mandating a simple form to be completed and signed by the development team the code has been reviewed and adheres to software security development rules.

                      How to others handle company/gov't mandated items within Scrum?

                      Who within the teams are responsible to validate the items.
                      (Team members within sprint or someone else)?

                      When would the validation occur(e.g. story by story, at the end of a sprint, prior to a release)?

                      Thanks for your help

                      Regards,

                      Michael




                      --
                      Wouter Lagerweij         | wouter@...
                    Your message has been successfully submitted and would be delivered to recipients shortly.