JUCS - Journal of Universal Computer Science 27(8): 868-893, doi: 10.3897/jucs.71770
Lean integration of IT security and data privacy governance aspects into product development in agile organizations
expand article infoAlexander Poth, Mario Kottke, Kerstin Middelhauve§, Torsten Mahr|, Andreas Riel
‡ Volkswagen AG, D-38436 Wolfsburg, Germany§ Audi AG, D-85045 Ingolstadt, Germany| Volkswagen Financial Services AG, D-38122 Braunschweig, Germany¶ Université Grenoble Alpes, CNRS, G-SCOP, F-38000 Grenoble, France

Corresponding author: Andreas Riel ( andreas.riel@grenoble-inp.fr )

© Alexander Poth, Mario Kottke, Kerstin Middelhauve, Torsten Mahr, Andreas Riel.
This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY-ND 4.0). This license allows reusers to copy and distribute the material in any medium or format in unadapted form only, and only so long as attribution is given to the creator. The license allows for commercial use.
Citation: Poth A, Kottke M, Middelhauve K, Mahr T, Riel A (2021) Lean integration of IT security and data privacy governance aspects into product development in agile organizations. JUCS - Journal of Universal Computer Science 27(8): 868-893. https://doi.org/10.3897/jucs.71770
Open Access
Abstract

This article deals with the design of a product development-specific framework to support lean and adequate governance. This framework is based on layers of product-specific standards and regulations. The layers can be merged into a specific set to address the demands of a product to fit the state-of-the-art requirements of its domain. For the product domain, specific layers are presented with examples from IT security and data privacy for the software development phase. The approach is generic and can be extended to other domains like finance services or embedded products and their life-cycle phases.

Keywords
Lean Software Development, Agile Software Development, IT Governance, IT Compliance