Tampere University of Technology

TUTCRIS Research Portal

Regulated Software Meets DevOps

Research output: Contribution to journalLetterScientificpeer-review


Original languageEnglish
JournalInformation and Software Technology
Publication statusPublished - 2018
Publication typeA1 Journal article-refereed


Context: Regulatory authorities require proofs from critical systems manufacturers that the software in their products is developed in accordance to prescribed development practices before accepting the product to the markets. This is challenging when using DevOps, where continuous integration and deployment are the default practices, which are not a good match with the regulatory software development standards.

Objective: We aim to bring DevOps and regulated software development closer to each other. First, we want to make it easier for developers to develop regulated software with tools and practices they are familiar with. Second, we want to allow regulatory authorities to build confidence on solutions provided by manufacturers by defining a mapping between DevOps and regulatory software development.

Method: We performed a literature survey and created research suggestions using exploratory research.

Results: Tighter integration between development tools, requirements management, version control and deployment pipeline would simplify the creation of regulatory compliant development practices.

Conclusions: Regulations could be improved for more agile and incremental method in quality approval, the final step before the actual deployment of the software. Improved development practices and tool integration, created in cooperation by tool vendors, system providers, and regulatory authorities, could support developers who are not comfortable with fixed, and rigid practices of regulated software development.

Publication forum classification

Field of science, Statistics Finland