Manage Compliance

Development of complex products is always a regulated environment. Examples are standards set by governing bodies like the FAA or FDA, ISO or IEEE standards, quality, safety, security, environmental, or health standards, or market requirements like Automotive SPICE or CMMI. Manage compliance with all relevant standards is a key aspect of process management.

Stages enables process managers to map their processes against standards, detect and close gaps, and generate evidence for audits, assessments, and appraisals.

Watch our basic videos on compliance here.

Map Processes against Standard Requirements

The basic idea is to break down the standard documents into their individual requirements and map the processes against those requirements. The standard requirements are modeled as a process, which is marked as a reference model.

Typically a process has to comply only with specific sections of a reference model. Those sections are called scopes. The processes are then mapped against these scopes.

To define that a process needs to be compliant with to a set of reference model scopes, use the Management > Compliance menu and add them via the Add Reference Model button.

To start the mapping, click or tap on the reference model name. Stages then shows the reference model, but only those parts that are covered by the assigned scopes. Use the navigation to drill down to the requirements.

To allow a quick overview which standard requirements are already mapped and where there are still gaps, the coverage of each requirement is also shown in the navigation (1).

To assign process content to a specific requirement, use the context menu in Compliance References box (2) . The assignment works exactly the same as in assigning process elements to each other. You can use the element comment for each assignment to record details about each mapping, e.g. which chapter of a work product covers the standard requirement.

Finally, it can be defined how well a set of mappings covers a standard requirement. To set the coverage, use the context menu in the Compliance Coverage box (3) .

Defining the correct coverage is typically expert judgement, but you can use the following scheme as an orientation:

  • Zero Stars (None): The process does not cover the requirement at all.
  • One Star (Incomplete): The process has some evidence to cover the requirement, but there are some aspects still missing.
  • Two Stars (Fair): The process should cover the full requirements, but the coverage was not yet validated by an expert.
  • Three Stars (Complete): The process covers the full requirement and the coverage was validated by an expert.

You can also take notes, e.g. why you mapped those element or aspects that are still missing.

To finish the mapping, use the X in the top right corner that shows both the reference model name and the name of the workspace where the process resides.

The above video shows the whole sequence of actions to assign reference model scopes, map the process to the individual requirements, and finally determine the coverage of the mappings.

View Compliance in Process Context

Some process participants need to understand why a certain activity or work product is required. This can be accomplished by using the Compliance perspective when viewing the process content.

This perspective is configurable, but normally shows the description of the process element and its compliance mappings side-by-side. The users can follow the links to the respective compliance requirements, ideally by opening the link in a new browser tab or window.

Show Compliance Traceability

To see how the compliance requirements can be traced to the process content, use the pre-defined Compliance Traces report. It is typically installed in Reports > Compliance > Compliance Traces.

To generate the traces, select the desired reference model scopes and run the report.

The report shows the compliance requirements and the process content that is mapped to them. It also contains the coverage, notes, and other information. There are direct links to the compliance requirements and the mapped process element. The links automatically open a new browser tab.

In some cases, it saves a lot of time to map reference models onto each other. If you would like to also include those indirect traces, switch on Include Mappings across Reference Models.

Finally, the traces can be exported to Excel via the normal report Excel export.

Show Compliance Gaps

The same report can also be used to find the compliance gaps. Simply set Include Gaps to “Yes” or “Only Gaps” and run the report as described above.

Generate Evidence

To generate the evidence for audits, assessments, or appraisals, the same report can be used. Simply run the report in the workspace containing the project's valid process. If a compliance requirement is mapped to a work product with files, those are included in the Evidence column.

The report results can be imported into common appraisal tools like Appraisal Wizard and Capability Advisor, so auditors can start their assessment right away.

These pre-defined reports can be modified by the customer. Individual reports can also be created. See here for more info on how to create custom reports.