While browsing Twitter, I came across Ron Jeffries’ retweet of the announcement of the new book Agile Methods for Safety-Critical Systems: A Primer Using Medical Device Examples by Nancy Van Schooenderwoert and Brian Shoemaker. Although there are ample resources about agile software development available, both in print and online, there are very few resources that focus on the application of the agile values and principles in complex systems involving both software and hardware being built in regulated industries.
When the book arrived, the size was very apparent. This is not a large volume – it’s only 126 pages (including the preface, afterward, and references). For the content, there are two main sections. The first section is an introduction to agile values, principles, and methods and spans the first 32 pages. The second section, an example medical device project and some concluding thoughts, covers the rest of the 76 pages.
Even though I’m very familiar with agile, I found the treatment refreshing. The focus was on the values and principles of agile from the Manifesto for Agile Software Development and the twelve Principles Behind the Agile Manifesto rather than specific frameworks and implementations. The inclusion of lean, with references to the work by Mary and Tom Poppendieck, was also welcome. By staying at the level of values and principles, the authors set readers up for a discussion of the application of those values and principles in the context of a project.
The case study portion of the book was incredibly helpful in seeing the agile values and principles used to execute a project in a regulated environment. However, the delivery wasn’t perfect. I felt that the various chapters – estimation, design and delivery, teams and roles, documentation and risk management, the agile transformation, agile planning, measurement and metrics, and scaling – were presented out-of-order. Planning the transition to agile methods should have come sooner, followed by the initial concepts around the business planning for agile projects and structuring of agile teams, before going into the activities that typically fall within an agile iteration, such as estimation, delivery, and documentation, followed by metrics and finally scaling the agile transformation. I also didn’t like the emphasis on user stories. Although popular, there are other methods of capturing requirements without the need for user stories, yet there was no discussion of other methods and how they can fit into the agile methods.
The subject of audits and appraisals was one that was not generally discussed in the book, and this was one subject that I hoped to see discussed in detail. Although there was discussion around various standards and how the agile methods meet the intents of the standards, there wasn’t a significant discussion of audits. Specifically, I would have liked to see a discussion of how organizations have approached ISO 13485 or similar audits, especially with auditors or appraisers that may not be as familiar with the application of agile methods.
Even having spent time studying plan-driven and agile methods as well as working in software process improvement in both types of organizations, I still had takeaways from this book. The biggest takeaway is something that I feel like I’ve known for a while, but has been validated – agile is not incompatible with any of the regulated industries. Whether you’re in medical domains and follow ISO 13485 and 21 CFR Part 820 or in aerospace and follow AS 9100 and DO-178, you can still implement and take full advantage of the benefits of many agile practices. The biggest lesson was a refocusing on the underlying values and principles that make lean and agile successful, outside of specific methods and frameworks.
I would recommend this book to anyone who is trying to work with agile in any kind of regulated environment. Even if you are familiar with the intent of your regulations and standards as well as the agile and lean methodologies, getting back to the underlying values and principles and seeing them explicitly tied to the purpose and intents of the regulations and standards within the context of a project is worth a couple of hours to read and reflect on the contents of the book.