How Path To Production Ensures Safety And Soundness On Our Digital Transformation Journey
CIOReview
CIOREVIEW >> Storage >>

How "Path To Production" Ensures Safety And Soundness On Our Digital Transformation Journey

Ramon Richards, Senior Vice President of Integrated Technology Solutions, Fannie Mae
Ramon Richards, Senior Vice President of Integrated Technology Solutions, Fannie Mae

Ramon Richards, Senior Vice President of Integrated Technology Solutions, Fannie Mae

At Fannie Mae, our mission is to provide a reliable source of affordable financing for homeowners and renters in the United States. As a leading source of mortgage financing, Fannie Mae purchases mortgages from lenders and helps facilitate the flow of capital into the housing market by issuing and guaranteeing mortgage-related securities. We embrace innovation and invest in technology to accomplish this mission in a safe, sound, and efficient manner.

The technology side of this business requires a delicate balance of agility, speed, and security. With it comes the need for critical governance, control, and risk parameters to guide our development of software products. Historically, that’s been good for safety and security, but can slow down the pace at which we can deliver new capabilities for customers.

This challenge, coupled with our company-wide focus on digital transformation, motivated us to take a look under the hood and assess the Fannie Mae software development lifecycle. We discovered opportunities to eliminate redundancies and shift the engagement of key governance and control stakeholders up in the process.

We launched Path to Production, or P2P, earlier this year to address these challenges and reimagine the way we work to develop software at Fannie Mae. It’s a software change framework that weaves security and risk management practices into a single streamlined process for development-related work. It standardizes the way our delivery teams engage key stakeholders for software changes and allows us to deliver with greater efficiency, speed, stability, and security.

What’s been a significant undertaking started with some clear objectives:

Create a process that fosters proactive engagement among cross-functional teams throughout the software development process.

Move validations and verifications that had traditionally occurred at the end of the development process to the beginning to avoid delays and redundant reviews.

Simplify management of software delivery process across multiple platforms and business applications by automating controls and integrating with existing tools and frameworks where possible.

Increase the transparency and reportability of technology work across the organization by tracking all new and change-related work in one place.

P2P is a holistic framework that addresses these objectives. It introduces a permit-based development framework that helps facilitate delivery teams’ early engagement in the right activities, from ideation to operation. Like a license to drive, delivery teams must secure permits at each critical juncture.

We implemented a self-governed review process to ensure Information Technology General Controls (ITGCs) are adequately designed and implemented, and to avoid major disruptions to key strategic commitments. The process is intended to be efficient and has been designed to maximize the use of automation:

A team will first register a project, idea, or proof of concept in an internal application.

If the idea passes the prioritization process, the team is issued a permit to launch, which gives the green light to initiate the formal P2P workflow.

From there, subsequent permits allow teams to design/build, and eventually operate the new application or enhancement to an existing application.

Securing permits ensures governance and risk controls are built into the process and establishes evidence of compliance. This takes the burden off development teams to secure manual approvals and it builds consistency, stability, and security into the products we deliver as a company.

Beyond compliance, this approach has huge implications for the way we bring products to market and influence the evolution of a more digitized mortgage finance industry. With P2P, we’ve created an automated, integrated framework of activity that streamlines software development and provides straight-through processing. This translates to faster delivery of new capabilities that benefit our customers, which include homeowners and renters, and help us accomplish our mission. We are excited about the possibilities P2P creates for our innovative future.

Read Also

How CannonDesign leverages technology to remain versatile during COVID-19

How CannonDesign leverages technology to remain versatile during...

Ernesto Pacheco, ASAI, DVAB, Firm Visualization Leader, CannonDesign
The Changing Role of IT within Banking Sector

The Changing Role of IT within Banking Sector

Alessandro Campanini, Group Chief Information Officer,Mediobanca
margin-right:10px;

margin-right:10px;

Oliver Pulcher, Director of Corporate Development, Strategy, International Affairs and UAS at DFS Deutsche Flugsicherung
Systematic Detection Of Drones At Airports

Systematic Detection Of Drones At Airports

Angela Kies, Head Of Unmanned Aircraft Systems And Drone Detection Project Lead, DFS Deutsche Flugsicherung
Use Of Drone Technology To Improve Productivity In The Oil And Gas Sector

Use Of Drone Technology To Improve Productivity In The Oil And Gas...

Mark Hutcherson, Director, Low-Carbon Projects and Technology at ConocoPhillips
Parallel Developments In Civil And Military Drone Technologychallenges And Opportunities

Parallel Developments In Civil And Military Drone...

Andrew Munday, Director of Advanced Engineering and Technology, Atkins