Legal Compliance Assurance in Development Process
Legal compliance assurance in development process
Mitigating business risks associated with software legal compliance is best addressed by building legal considerations into the development process itself. The following options address compliance measures at different points in the development process. Some of the options listed, such as periodic and real-time assessment, can be used in combination for best results.
Option No. 1: Ignore
Deciding to ignore the compliance issue carries the lowest up-front cost but bears the highest risks.
Option No. 2: Preventative: Developer training and project planning
Some companies (especially small and midsize businesses) consider proper training and project planning sufficient in normal situations, accepting to undertake an audit during imposed due diligence efforts. Naturally, the more the developers are trained on matters of software legal compliance issues, the more effective the development process. However, this is a rather expensive proposition given the explosive growth in the number of distinct software licenses, the high cost of developer training, and the constant churn within the development environment. With this option, compliance rests solely on developers and any assurances are their responsibility.
Option No. 3: Post-development
Taking action later in the project life cycle can take the form of external or internal auditing, and impacts the final stages of testing as well as the quality assurance process. This option can bear higher costs due to professional services, the cost of any necessary changes to the software after the fact, subsequent retesting and re-auditing. This option gets results, does not impact development workflow, and can be rendered more cost-effective with software tools designed for this purpose. It can, however, prolong the project life cycle near the end, resulting in delays to the delivery of the final product that are hard to predict.
Option No. 4: Periodic
Periodic auditing of software during development involves course corrections along the way if any policy violations are detected. This can be done with automatic tools. It's also less expensive than waiting until after the development process thanks to the shorter delays in getting the fixes done and retested.
Option No. 5: Real-time
The most proactive measure for software compliance assurance is to detect license violations immediately at the developer workstation in real time. This way, the development process is not disturbed. Plus, the cost of corrections is minimized, as any necessary corrections (which might include justification of selection, code changes or replacement) are done on-the-spot. Any necessary corrections can also be done without involvement of other resources and without the need for retesting. This process can be automated via software tools in ways that are unobtrusive, easy to adopt and, most importantly, do not require developer training in matters of legal compliance.
Detecting possible violations in real time is the most cost-efficient and lowest risk option in the long term. The later in the software life cycle such fixes are affected, the more expensive they become. If the legal compliance issues are discovered during the development process, the fixes become less onerous and the business risks are reduced.