JUCS - Journal of Universal Computer Science 27(8): 868-893, doi: 10.3897/jucs.71770
Lean integration of IT security and data privacy governance aspects into product development in agile organizations
expand article infoAlexander Poth, Mario Kottke, Kerstin Middelhauve§, Torsten Mahr|, Andreas Riel
‡ Volkswagen AG, D-38436 Wolfsburg, Germany§ Audi AG, D-85045 Ingolstadt, Germany| Volkswagen Financial Services AG, D-38122 Braunschweig, Germany¶ Université Grenoble Alpes, CNRS, G-SCOP, F-38000 Grenoble, France
Open Access

This article deals with the design of a product development-specific framework to support lean and adequate governance. This framework is based on layers of product-specific standards and regulations. The layers can be merged into a specific set to address the demands of a product to fit the state-of-the-art requirements of its domain. For the product domain, specific layers are presented with examples from IT security and data privacy for the software development phase. The approach is generic and can be extended to other domains like finance services or embedded products and their life-cycle phases.

Lean Software Development, Agile Software Development, IT Governance, IT Compliance