top of page
  • Writer's pictureAllison Bacher

Managing Compliance requirements in Agile projects

Updated: Mar 22, 2021

Agile has become a popular project management approach because of its emphasis on efficiency and quality. Let’s explore why it’s particularly relevant to Compliance projects in more detail…

The traditional gated software development lifecycle is sequential – there’s requirements gathering, design, build (writing the code), technical testing and user testing, followed by release. This approach doesn’t scale well, nor does it keep pace with the ever-accelerating time-to-market demands.

So any slippage, change request or scope creep, without a change in delivery dates puts considerable pressure on what’s delivered, resulting in missed deadlines, disappointing outcomes, lower quality and significant compliance challenges.

Waterfall vs Agile development

The iterative nature of Agile development means that all requirements, including fixed date compliance requirements, are prioritised and delivered in the order of business value and risk. Regular check-points are designed to enable User testing, stakeholder reviews and, importantly, any required re-prioritisation so that if anything slips or is not delivered, it will be the low priority items.

What’s different is more than just a change of techniques – it’s a culture change, requiring new ways of working and different levels of responsibility & accountability across the organisation. In essence, it means:

  • Short iterations where a “slice” of the product is built and tested

  • Collaboration across people and teams

  • Full transparency of delivery to date, changes and impediments

  • Greater, more frequent stakeholder input

  • Constant prioritisation and when necessary, re-prioritisation

  • Transparent “always-on” reporting

  • Iterative testing

  • Focus on quality, not quantity

  • Continuous improvement

Agile Product Backlog

Agile = Transparency and traceability

The Product Owner is the person from the business domain, not technology, that is responsible for requirements in Agile projects. Their business domain expertise positions them well to understand and prioritise requirements, fully understanding the impact of their decisions on delivery deadlines.

The requirements, described as the Product Backlog is typically managed electronically so all requirements, changes, delivery cadence and test results are transparent and traceable. Linking business objectives, requirements and tests mean that nothing is missed, and the organisation is fully prepared in the event of an audit. It’s easy to see who did what, when, why, dependencies and test results at the click of a mouse.

And unlike traditional requirements which are fixed upfront and then subject to lengthy change control processes, the Product Backlog is designed for ease of change. The development team needs requirements clear and signed off on average 2 – 6 weeks prior to each Sprint making it much easier to navigate change. It doesn’t mean it’s ok to constantly change requirements but it’s a pragmatic way to accommodate the change.

Top tips for Compliance Projects

Think re-use: Because Compliance requirements often affect multiple projects and regulation can change quickly, it’s worth investing the effort to create a backlog of Compliance requirements, ready for re-use. This enables development teams to have a reference point of their complexity, dependencies and potential impediments from the outset rather than starting entirely from scratch.

Think visuals: Smart teams use visual models to make sure they have a clear understanding of business processes and “one truth”. Visual models facilitate better conversations and in turn better requirements. Walk the entire team through the business process models to help them understand the impact of regulatory change and consider options for how you might meet those regulatory requirements in time.

Think documentation: Agile teams document “as little as they responsibly can” – don’t misinterpret that as no documentation! System and user documentation is built with each iteration rather than at the end, so be prepared to allocate time and resources to this important and often missed activity.


Quantum of Value joined StarCompliance for a webinar about applying Agile to compliance programs. The webinar covered how Agile helps all kinds of teams effectively prioritise tasks, deliver better results, and manage change more nimbly—reducing risk when delivering at pace.

Click here to watch the webinar and download the slides.


667 views0 comments

Recent Posts

See All


bottom of page