Veterans Affairs Canada Takes on Compliance

The agency's IT team taps IBM Rational platform to create an auditable and repeatable processes. 

Mitch freeman can envision the day when his software development team is nimble and responsive, able to support all the technology needs of his agency, and comply with the standards set forth by his agency's governing body.

Freeman, chief of application management and support services at Veterans Affairs Canada, is charged with modernizing the way his 175-person IT team develops and maintains all the software needed by the organization. VAC, with 3,500 employees and offices throughout Canada and France, ultimately reports to Parliament through the minister of veterans affairs.

"We're a full-service de??í??ívelopment shop, doing everything from user re??í??íquirements to design, development and testing, for every type of application you can imagine, both internally and public-facing," Freeman said.
Those applications include everything from programs for disability pensions, veterans' allowances and pension advocacy to health care, legal assistance, commemoration and more.

Up until it considered a change, the IT team had been using a classic software development life-cycle methodology called the waterfall model, which specifies goals for each development phase but allows for little revision. Freeman said the team found the approach cumbersome and that it created many challenges.
Because VAC develops and supports so many complex applications, executives began looking for the best way to ensure a proven, repeatable and auditable software development proc??íess. They found their solution with IBM Rational's developer platform.

Along with the number and complexity of the applications the department creates, another driver for a change in approach was the need to adhere to a growing number of compliance regulations, including TBITS (Treasury Board Information and Technology Standard) 27, which requires agencies to increase standardization, improve processes and maximize return on investment.

The last arrow in the quiver was MITS (Management of Information Technology Security), an operational security standard issued last year by the Treasury Board Secretariat that further highlighted the need for a proven methodology for creating reliable and secure software.

Partly because the organization had already been using some IBM Rational tools for integrated functional testing and regression testing, partly because Rational was one of the recommended MITS solutions, and partly through discussions with other government organizations, the team in 2006 chose to implement several modules of the IBM Rational Software Delivery Platform.

Because the platform is huge and complex, with nine disciplines across four phases, Freeman de??í??ícided to take it slow. "We consulted with other government departments that had tried and failed to implement RUP [Rational Unified Process development methodology] in its entirety all at once, and that taught us to implement this type of big process in small, containable, bite-sized pieces," he said.

So before jumping, Freeman created a pilot to confirm that the process under consideration would work in a real-world situation. He started with the organization's biggest area of concern-requirements gathering and definition. The team then created a test case using IBM Rational's RequisitePro, part of the Rational Software Delivery Platform bundle it had purchased, to automate and support the development shop's requirements-??ígathering process.

"It allows you to trace the business requirement to use case functionality that then allows you to link to the test plans and test cases, and link to the development models and actual code," Freeman said.
The team is about half-finished with the pilot to confirm that its document process works. Once the pilot is completed, Requisite??íPro will be used to automate the process.
Once it's working well, the next step will be to implement IBM Rational's ClearCase LT, a configuration management tool that Rodney Helal, IBM's software account manager for the Canadian government, said will help automate software building.

The organization also will use IBM Rational's ClearQuest, a bug- and defect-tracking tool. When a test case fails, the information gathered from it is automatically sent to the developer without someone having to rekey it.
IBM Rational's Test??íManager will control and monitor actual testing, while Software Architect, an add-on that is not part of the suite, will help the organization perform data and component modeling instead of straight code development, Freeman said.

Once the new tools are fully implemented, Freeman said he expects them to provide better traceability while giving the IT organization an auditable and repeatable process that is documented and well-illustrated.

"Ultimately, it's about traceability," Freeman said. "We plan to use these tools to support the gathering of user requirements and traceability throughout the process, so when a change occurs to a business function, it can be easily traced back to use cases, test cases and code that would then be suspect because that business function has changed. And it will allow us to implement changes on an incremental basis, making it easier to accommodate change earlier in the project, thereby reducing risk."

No project is without its challenges, and lessons were learned-sometimes the hard way.
Perhaps most important, it's imperative to involve the right people in the decision-making process, Freeman said.
"Make sure you consult people who are part of the process on what to use and how it should work, as opposed to trying to use a top-down approach," he said.

In addition, he said, the tools should complement the process, and not the other way around, he said.
Although Freeman said it will be a while before the IBM Rational platform is fully implemented and proved, he is looking ahead. He said stake??íholders have briefly discussed the portfolio management components of the Rational suite, as well as the possibility of implementing the Rational Build Forge product. Both products could further enhance the software development life-cycle proc??íess, he said.

As for the Rational suite itself, IBM's Helal said that because enhanced security and privacy of customer and application data is an area of growing regulatory focus, it is an area of increased emphasis. To that end, IBM will incorporate the recently acquired Watchfire, a Web application security-testing tool, into the Rational suite and has released IBM Rational AppScan to help developers integrate security testing into the software delivery process.