No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

8 Steps to Creating Comprehensive Requirements

by Ruth Zive
June 24, 2016
in Compliance
Best practices for maintaining compliance in highly regulated industries

Compliance is critical, but it is often difficult. A survey by KMPG of 400 U.S. CEOs found that respondents were most worried about the regulatory environment in terms of company impact. Software developers operating in regulated environments have a particularly challenging job: they must define comprehensive, high-quality software requirements to ensure compliance. Failing in this area can jeopardize the project as well as the organization itself, both legally and financially.

For companies in regulated industries to succeed, software development teams must develop an understanding of their complex regulatory environments, the skills needed to interpret rapidly changing regulations and the ability to develop clear, complete compliance requirements. Below is a list of eight best practices to reach those goals.

1. Identify Regulatory Stakeholders and Engage Them Effectively

Use the three pillars of GRC to identify relevant stakeholders. Who is involved in governance, risk management and compliance in your organization? These are the stakeholders who will be the busiest – and thus the most difficult to set up meetings with, so it’s important to identify them early and plan up front for the most efficient ways to engage them. Get on calendars early, do your research and develop laser-focused interview questions – ideally selected from a predefined repository of compliance-related questions. A business analyst doesn’t need to know everything about compliance, but it’s important that he knows the right people to talk to in order to capture a complete, accurate set of compliance requirements.

2. Get to Know Your Organization’s Regulatory Environment

Understanding the concepts of GRC and the relationships between those concepts gives product owners and business analysts a framework to help identify the right stakeholders and understand relevant business processes. Read up on these capabilities and identify the groups within your organization responsible for them. Research regulations that impact your industry and your region. Talk to the experts and ask questions. Understanding the business of managing compliance in your organization provides clarity for better analysis.

3. Mine Existing Documentation for Foundational Understanding

Obviously, one of the best ways to understand regulatory requirements is to read and understand the most recent relevant regulations and guidelines. Stay up to date on regulatory change by subscribing to relevant government and industry websites. And don’t overlook requirements from prior projects as a source of information. Review and consolidate them to begin developing a reference library.

4. Model Business Processes to Improve Understanding

The software development industry has seen a significant increase in the use of visual models because it helps project teams and stakeholders have deeper conversations, leading to better requirements. Business process models in particular improve understanding and help teams understand the impact of regulatory change. Develop business process models for the key processes in your environment, as well as the processes related to governance, risk management and compliance to improve the quality of your compliance requirements and your ability to analyze them robustly.

5. Build a Repository of Common Compliance Requirements

Because compliance requirements frequently affect multiple projects and systems, they are prime candidates for reuse. This includes requirements related to concepts like access security, data confidentiality, data availability, authentication, logging and auditability, to name a few. Centralizing compliance requirements and the visual models associated with them will provide support for multiple teams as they define user stories and functional requirements. Other artifacts—like risk definitions and stakeholder lists—can be centralized as well. Think about both external regulatory requirements and those needed to support internal governance needs. By developing a shared repository of these critical nonfunctional requirements, an organization can define them in one place and teams can reference them as needed, eliminating unnecessary work and improving requirements quality.

6. Document Traceability from Regulations to Requirements

Establishing traceability between compliance requirements and related artifacts like business value, process steps, risks, stakeholders, other requirements and the original regulation itself provides teams with a powerful analysis tool. It helps them define stronger requirements and assess the impact of regulatory change. It also provides them with a compliance plan to illustrate to auditors how the team is working to develop compliance. Robust analysis is the best way to enable compliance; traceability is an important technique to support that analysis.

7. Don’t Shortchange Analysis

The regulatory environment is complex and changing, so product owners and business analysts need to spend time analyzing to understand the impact of regulatory change. Particularly in Agile environments—where upfront analysis is shunned—teams need to understand that there will need to be some pre-work done in order to understand compliance and governance processes before they start executing on sprints. Don’t get stuck in “analysis paralysis,” but do allow enough time to analyze the environment, regulatory information, business processes and other visual models to gain a strong understanding of compliance requirements.

8. Invest In a Tool to Support Analysis and Manage Requirements

You can improve your ability to control complex compliance requirements by developing people and process, but a purpose-built requirements management tool provides the higher level of support needed in the complex world of regulatory compliance. Select a tool that supports the creation of new object types and visual models, complex traceability between artifacts and reuse through a centralized repository. These capabilities will accelerate the elicitation of requirements and reduce duplication of efforts, leading to higher-quality requirements and lower risk to software success.

Comprehensive Compliance

Because regulatory issues have become increasingly important to organizational leaders, product owners and business analysts have to get compliance requirements right. They need to be able to analyze the full impact of regulatory change and define compliance requirements in a way that developers and testers interpret them accurately. And with business accelerating its pace, they must do it as quickly and efficiently as possible. Following industry best practices will help organizations ensure that they have a thorough process to create fully compliant products.


Previous Post

Labaton Sucharow Whistleblowers Tipped SEC About Bank of America’s Multibillion-Dollar Securities Violations

Next Post

Does Your Organization Suffer from Process ROT?

Ruth Zive

Ruth Zive

June 24 - Ruth ZiveRuth Zive is VP of Marketing at Blueprint Software.  Ruth is a metrics-driven marketing strategist who has worked for two decades serving B2B clients in the technology, health care and financial services industries. At Blueprint, Ruth is responsible for product marketing, analyst relations, branding, demand generation and inside sales initiatives.

Related Posts

boris johnson resigns as UK prime minister

Report: Most Countries Failing to Stop Corruption

by Staff and Wire Reports
February 2, 2023

Denmark remained the least corrupt country in the world for the fifth year running, according to the recently released Transparency...

exec fired

44% of Companies Say They’ve Disciplined Execs for Ethics Breaches

by Staff and Wire Reports
February 2, 2023

More than two-fifths of companies (44%) say they have fired or disciplined senior leadership for unethical conduct in the past...

clausematch ai

Clausematch Releases Knowledge Graph to Drive Digitization of Regulation With AI

by Corporate Compliance Insights
February 2, 2023

Global RegTech provider Clausematch has released its digital knowledge graph in open source, allowing regulators and financial service companies to...

logicgate_climbchannel

LogicGate Hopes to Expand RiskCloud’s EMEA Reach

by Corporate Compliance Insights
February 2, 2023

Risk and compliance provider LogicGate is expanding its international presence thanks to a new partnership with Climb Channel Solutions, a...

Next Post
The effect of process ROT on risk and compliance

Does Your Organization Suffer from Process ROT?

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT