We even explored creating a separate database for the regulated components and data elements. Although that idea was not feasible for us, I suggest giving the idea some consideration for your project. The drain of maintaining the compliant state will negatively impact the schedule and budget. Knowing which functional or feature sets directly or indirectly touch regulated components will help you decide how well optimized the release-and-delivery plan is in regards to regulated components. When changes come down the pike that touch regulated components, you need to be on top of the impacts and risks to the validation efforts that have already taken place and the tests that still remain. Be very aware of the time it will take to certify the regulated components. Targeting the last set of sprints as the time for deploying the regulated components will save on recertifying those components. Moving regulated components to production without certification can be extremely costly to the organization.
Summary
Penalties for noncompliance quickly reach into hundreds of thousands (and possibly millions) of dollars, and the negative public exposure can damage a company’s reputation. In some cases, besides monetary damages, a company might be forced to go back to paper until all the exposures are mitigated. The trend for governments across the world to impose continued regulations will increase. As QA professionals, the burden to deliver quality in the compliant state falls squarely into our hands. Quality is a marathon and not a sprint, and the investment to maintain the compliant state needs to be articulated clearly to management. It is a continual process that must be integrated into the fabric of the organization. The cost for compliance is high and can be deemed a cost of doing business, but that is not good enough. As QA professionals, we need to explain the cost and risk-benefit equation of testing and regulatory compliance and articulate to business owners the real cost of quality in attaining the compliant state.
Pages
About the author
Paul Fratellone is program director of quality and test consulting in the testing business unit of MindTree. Paul’s career of more than twenty-five years in information technology has been concentrated in testing, compliance, and quality management. He strives to achieve consistent execution to attain a predictable level of quality that is commensurate with the investment and enables leadership to objectively measure the success and continuous benefits from these investments.
