World Class Software Learns from Regulated Industries

November 14, 2019

World class software is a term to describe the quality of software development that Wovenware promotes and delivers. World Class Software not only follows the industries best practices, but also innovates during the process. This type of development demands that the solutions developed are future proof and easily scalable within any scenario. The architecture must be simple to implement and flexible enough to evolve through time. It is software developed with security as one of the main goals so that potential vulnerabilities are detected and corrected early in the development by implementing software helping deliver a complete robust system.

The visionaries behind a World Class Software is the world class team working during the development lifecycle. Before this team goes to work, the first thing we have to learn are the guidelines that make up a World Class Software. Unfortunately, a detailed list defining what makes a World Class Software does not exist, but there are a couple of regulations that help paint a clear picture towards what World Class Software should aim for. Along with these regulations comes the Regulated Industries that these regulations are for. There are a couple of regulated industries that have complex and robust guidelines towards information security, information management, forensic and audit processes, procedure, and technology management.

Regulated Industries are businesses that their line of work require them to follow government rules to operate. Some of these regulated industries include: education, financial, human resources, health care, and telecommunications. These government rules provide guidelines to define the minimum standards that World Class Software should follow. These guidelines provide insight towards features that the software should contain, how data must be managed, what the software should do, how they should behave, and how they should be maintained. An example of a non-technical regulation is the Jeany Cleary Act, which is a federal regulation requiring Higher Level Education institutions to disclose crime and security statistics. This kind of regulation helps a developer identify the type of information the system needs to be able to gather and process.

The financial industry has an interesting regulation regarding the use of federal tax information (FTI). The complexity involved in working with FTI data requires any developer to read IRS Pub. 1075 to fully grasp robustness of what needs to be developed. IRS Pub 1075 fully details what a robust and complete audit system must contain in order to deliver better results and error free software. On the other side, HIPAA privacy rule establishes clear guidelines on how to de-identify and manage health information. This type of regulation insides over the design process of a software because they provide considerations into the way data should be stored. Generally, regulations will not specify the exact details of how the rules should be implemented during the development, they provide a general overview of what should be done in order to comply. Although these could represent a challenge, it’s up to the developer to embrace the challenge and innovate to outperform.

When working with regulated industries, challenges do arise at any moment. The operations of these industries can change overnight with the stroke of a pen in Congress, local State Legislature or Senate. While these challenges present themselves, the important thing to remember is that when a challenge appears, an opportunity for innovation arises. Innovation does not have to happen only in technology. Technology can promote the innovation of processes and help streamline the workload pushing an industry to operate better and within compliance.

Regulations not only include government laws and statutes. Business and organizations in a regulated industry create their own internal regulations and procedures for operations. These internal rules and directives expand on the government regulations and very often they provide even clearer guidelines to follow. More so, these internal regulations can have the effect of creating technical documentation and procedures to be followed by the development teams during and after the implementation of the solution.

The following list contains several of U.S. Government regulations that intends to serve as repository for regulations to aid any developer in the creation of World Class Software:

  1. Computer Security Act of 1987 (40 USC 759)
  2. Federal Manager’s Financial Integrity Act (31 USC 3512)
  3. Paperwork Reduction Act of 1995 (44 USC 3501)
  4. Executive Order 12958 – Classified National Security Information
  5. HIPAA/HITECH 2009
  6. IRS Pub. 1075
  7. FIPS PUB 112 – Standard on Password Usage

The one thing I would like people to take from this post is that you do not have to work in a government regulated industry to apply the knowledge acquired from these rules. Now that the world-class team has armed themselves with the knowledge found in regulations, it is time to start analyzing requirements and design with this knowledge at hand. The real innovation starts with a high level view of the details that entail developing World Class Software.

 

Leave a Reply

  • (will not be published)