Overview
The purpose of this post is to provide a strategy for approaching and resolving a “concern” that has been identified within a application. Overall, the idea is to “add structure” to the process of responding to defects (remediation) in your application.
Steps to Remediation
Using a resolution methodology referred to as CERT, the steps to resolving an issue are:
- Create an identification “statement and owner”
- Assess and Estimate the issue and its effect
- Define a plan for Remediation (and execute it)
- Translate the results of the remediation
Create
The first step to resolution is to create an identification statement that clearly defines the presumption of the problem, issue or concern. This is an absolutely critical component in the resolution process. A typical identification statement will be business oriented rather than technical oriented. Here is an example:
“The process that copies the current forecast to the prior forecast does not replicate the line item detail although account level totals are accurate…”
In addition, it is advisable that the following be included in the identification statement:
- A unique ID
- The steps to reproduce the issue
- Release Version
- Actual Results
- Expected Results
From the business identification statement, you will then develop and add the technical specifics that support the issue, its affect and its proposed remediation or resolution. This work will be done as part of the assessment and estimation part of the CERT process.
Finally, there must be an “owner” established for the identified issue. The owner will be responsible for:
- Verifying the identification statement – is this what seems to be the trouble?
- Assisting in the assessment and estimation process (from a business perspective) – what will this issue cost us?
- Verifying and approving the success of the remediation and resolution – Do I state that I agree that the issue has been resolved by implementing and deploying this remediation?
Estimate
During the assessment and estimation step of the CERT process you will need to perform a detailed assessment of the issue identified in the identification statement and determine how and where the application is affected (from a business and technical perspective) by the issue. In addition, several options for remediation should be identified along with estimations of effort and risk for each. Efforts should be broken down into specific work tasks and resources assigned wherever possible (even for those tasks that are yours!).
Always keep in mind that a resolution may simply involve educating the business owner on how a particular process or feature in an application works (“it’s working as designed”) and no actual changes to the application may be needed for resolving this issue.
Remediate
The remediation step involves:
- Selecting an option for remediation (from your estimates)
- Developing a plan for implementing and testing that option and
- Executing the plans
Selecting the Remediation Option
After having performed a thorough assessment of the issue, you should have at least 2 options for approaching the remediation and resolution of the issue. Based upon resources, schedules and various other concerns, you can select the option most appropriate for remediation. This selection should be made with input from the issues (business) owner.
Developing Implementation and Testing Plans
Once the appropriate option has been selected it is important to establish a plan for implementing any application modifications required as well as a plan for testing – verifying that the selected option has been implemented as designed and the results of that implementation yield the expected results. These plans should involve both the technical team and the business owner and include a process for deploying the resolution as often is the case; a remediated issue’s deployment is the cause of other application issues.
Execution
Once you have developed your plans for implementing a resolution, testing it and deploying it, you can then execute your plans. It is advisable that when possible, a formal signoff take place indicating a plan has been completed and noting any deviations from the plans that may have taken place.
Translate
Summarized defect reports are one of the most important deliverables to come out of a remediation process. They have a direct impact on the quality of the product, so you should take the time to translate the CERT information into a summarized defect report.
Finally once the resolution has been implemented, tested and deployed, all of the CERT process information (issue statements, owner names, plans, execution (test) results, completion dates, resources names, etc.) should be archived (stored) with the source code that was deployed.
This documentation can be useful should a resolution deployment need to be backed or “rolled” out, during environment management and migrations, and as input to future assessments and estimating efforts.
Conclusion
All software will contain defects and your ability to routinely respond in an effective manner is one of the keys to your success and the success of the project. Utilizing the CERT process is a simple way of adding structure and keeping things under control.