Compliance and Governance Webinar

1 Copyright ©2015 CollabNet, Inc. All Rights Reserved.

CollabNet

Compliance and GovernanceBuilding compliance and governance into your Application Lifecycle


Kevin Hancock, Senior Director Worldwide Field Operations

In his ten plus year at CollabNet, Kevin has led successful implementations of CollabNet products and services at some of the world’s largest enterprises.

Kevin works with organizations to transform their globally distributed application development teams into modern, agile organizations, helping to save millions of dollars while accelerating software delivery. Kevin holds a Bachelor of Science degree from Carnegie Mellon University, and a Masters degree from the University of Pittsburgh.

Today’s Presenter

• 20 years working in IT with the last 15 focusing on Development Organizations

• Experience with 1000’s of developers and 100’s of development teams

• Practical knowledge of building development communities across organizations

• Practical experience in scaling agile across enterprises


Who is CollabNet?

1st Cloud-Based ALMAgile Transformations

Open Agile ALM

1999 2005 2014

Apache / Subversion

2010

Leader• ALM, SCM, cloud, agile, open source

• Transformed 100s of largest,most respected IT orgs

• Enterprise agile experts

– 17,000+ ScrumMasters trained

Pioneer• Creator of Subversion (SVN)

• 1st cloud-based ALM solution

Proven Scale• 10,000+ customers

• 6M+ users

• 280 employees


• Introduction

• Considerations

• Organizational challenges

• Building in Compliance and Governance

• Financial Services Case Study

• Solution Example

• Question and Answer

Agenda

5 Copyright ©2015 CollabNet, Inc. All Rights Reserved.5 Copyright ©2015 CollabNet, Inc. All Rights Reserved.

ConsiderationsLaws, Regulations, and Audits


• Sarbanes-Oxley (SOX)

• Health Insurance Portability and Accountability Act (HIPPA)

• Payment Card Industry Data Security Standard (PCI)

• Gramm-Leachy Bliley Act (GLBA)

• SB 1386

• BASEL II

• Federal Information Security Management Act (FISMA)

Regulatory Compliance


How they apply to the Application Lifecycle

Act Considerations . . .

Sarbanes -Oxley

Privacy and integrity of financial data in publicly traded corporations.

HIPPA Confidentiality, integrity, and availability of healthcare information

PCI Confidentiality of credit card information stored and used by merchants

GLBAConfidentiality and integrity of personal financial information stored by financial institutions

SB 1386Confidentiality of customers’ personal information stored by any organization that does business in the state of California

BASEL IIConfidentiality and integrity of personal financial information stored by financial institutions. Availability of service and integrity of financial transactions.

FISMAConfidentiality, integrity and availability of information of sensitive information


•Confidentiality

• Integrity

•Availability

•Change management

•Auditing and Logging

•Access controls

•Segregation of duties

•Proactive reporting

Areas for development focus across the regulations

Strategies

Direction

Control

Governance

Identify

Analyze

ResponseRisk

Adherence

ReportCompliance


Challenges


The ever changing organization

• Organization growth through M & A

• Inclusion of contractors and third party developers

• Proliferation of applications and deployment option


Spectrum of processes

STABILITY

Predictability

AGILITY

Velocity

• Agile and Waterfall are two poles, and • Teams select to work in the myriad of processes in between.


ALM Monoliths

Late 1990s to ~2005

Management Team

Development Team

Tension between

Business Lines and Central IT

Management Team

Development Team

Point Tool Rebellion

~2005 to Now

Development Team

Management Team

Proliferation of tools


Building in Compliance


Blueprint for Enterprise Agility

- Centralize access & visibility- Plug-in & collaborate – code, issues, people

- Map business/enterprise architecture(project hierarchies, workspaces, artifacts, roles)

- Be social (e.g. code reuse)

- Support Agile and mixed process- Codify data definitions, tool integrations, workflows- Gain end-to-end visibility, traceability, repeatability

EmbraceCloud

ImplementCommunityArchitecture

Codify DevProcesses

OrchestrateDevOps

Leverage ExternalCloudsBuilding compliance and

governance into your processes and tools

Collaboration & Insight

Val

ue

- Automate Continuous Delivery & DevOps- Collaborate enterprise-wide

- Extend DevOps to ext. clouds- Integrate & govern 3rd party

services


Open ALM Platform

Open ALMPlatform

FlexibleProcess

Templates

CollaborationArchitecture

Connect disparatedevelopment and collaboration tools

to drive SW lifecycletraceability

Create libraries of common, repeatable

workflows

Map EA into business and technologyhierarchies to enable organizational-wide

discovery, collaboration, re-use and reporting


Case Study


A leading global investment bank with a strong and growing private clients franchise.

• 90,000+ employees

• CollabNet Users = 13,500 (employee’s, contractors and 3rd

parties)

Issues

Overview


CollabNet Hosted TeamForge

The solution


Where is the Community


The place where the Bank builds software!

Governance

• Repeatable processes

• Public, Private and Gated Workspaces

• Change management actions enforced as part of processes

Compliance

• Role based access controls

• All actions logged and auditable

• Change management actions enforced as part of process

What is the Community


•Decreased cost per developer

–Central instance via SaaS: better economies of scale and higher availability

–Standard tools: lower support costs, fewer integration points, better resource mobility

–Central integration and certification: reduced effort per team, higher quality

• Increased productivity per developer

–80% of developers saw an increase in productivity

–40% of 1-2 hours per week, 40% of more than 2 hours per week

Value


CollabNet TeamForgeBuilding governance and compliance into your ALM platform


Event

Data Store

TeamForge Platform Architecture

Trackers

Project / Portfolio

Administration

Collaboration

Run time

Event Mgmt.Operational

Data StoreTool Chain

setup

Teams

Users

Roles/Perms

Event Sources

Associations

Domain

Objects

Activities

Universal

Search

Native

Artifact UI

Lifecycle

Reports

Federated

Tool UI

Activity

Streams

Pipeline

Monitors

External

Listeners

Notification

Activities, Objects, Associations

Events

Events

User Workspace

Configure

Configure

Store

Federated Tools

Native Artifacts

Custom

Objects


TeamForge: Collaborative Software Development & Delivery

Reporting & Governance search

traceabilitydocuments

wikis

discussions

Release

Test

Build

Track

Code

Plan

My page

Reports

Projects

Monitoring

My settings

Open ALM

CollaborationArchitecture

Communities

My workspace

Deploy

GitEye

Orchestrate

ProcessTemplates

Dashboards & Report Catalog

Desktops

• Integrated ALM development and collaboration tools

• Flexible and repeatable process templates

• Cross-project collaboration architecture

• Reporting & Governance


TeamForge Demonstration


› Across geographies, projects, teams, software assets

› Serve all modes of development and all goals of the application with compliant enterprise-controls

› High-grade security with RBAC, permissions management, authentication, encryption, auditing

› For creation and sharing of common, repeatable processes across your organization

› Throughout the development lifecycle and across projects, tools, and teams

With TeamForge platform, You Gain

› Organization-wide discovery, collaboration, re-use, and reporting


Questions?


• Attend our live Compliance and Governance workshop

– http://www.collab.net/company/news-and-events/events

• Contact CollabNet to conduct a POC around your governance initiative

– http://www.collab.net/contact-us

• Schedule a demonstration of TeamForge

– http://www.collab.net/contact-us

• Download the whitepaper

– http://visit.collab.net/15Q2ComplianceandGovernanceSolutionBriefTriplePlayCampaign_LandingPage.html

• Read our blogs

– http://blogs.collab.net/ta

Next steps

http://www.collab.net/company/news-and-events/events

http://www.collab.net/contact-us

http://www.collab.net/contact-us

http://visit.collab.net/15Q2ComplianceandGovernanceSolutionBriefTriplePlayCampaign_LandingPage.html

http://blogs.collab.net/ta


Thank You

Kevin Hancock

[email protected]

mailto:[email protected]


© 2015 CollabNet, Inc., All rights reserved. CollabNet is a trademark or registered trademark of CollabNet Inc., in the US and other countries. All other trademarks, brand names, or product names belong to their respective holders.

CollabNet, Inc.So San Francisco, CA

www.collab.net

+1-650-228-2500+1-888-778-9793blogs.collab.nettwitter.com/collabnetwww.facebook.com/collabnetwww.linkedin.com/company/collabnet-inc

http://www.collab.net/

blogs.collab.net

twitter.com/collabnet

http://www.facebook.com/collabnet

http://www.linkedin.com/company/collabnet-inc

blogs.collab.net

blogs.collab.net







Technology

Compliance and Governance Webinar