Lora Bentley spoke with Collaborative Software Initiative CEO Stuart Cohen, who says collaborative development, aka "community sourcing," is a natural fit for companies looking for solutions that will meet common compliance requirements. Together, they can lower their development costs, mitigate risk and help to create de facto industry standards.
Bentley: First, how did Collaborative Software Initiative (CSI) come about?
Cohen: I founded Collaborative Software Initiative in April 2007 after leaving the Open Source Development Labs. While at OSDL, the customer advisory board was increasingly looking for ways to collaborate on building business applications in the same fashion that they had become used to with building and contributing to the Linux operating system. There was an unmet demand for a partner who could facilitate this development in order to lower costs of development while increasing quality of code, transparency and high-quality support for enterprise applications. Collaborative Software Initiative today builds communities of subject matter experts, project managers and software developers to produce business applications at a fraction of the cost of traditional development models.
Bentley: Are the projects client driven, or are they determined by an internal group?
Cohen: Our projects are completely client driven. Industry organizations, customers and partners approach us when they find they have common requirements for business applications. The projects started in the areas of compliance, regulations and industry standard applications and have expanded from there. By working with Collaborative Software Initiative, customers share the cost of development and have ultimate control over the end result, due to the involvement of subject matter experts. We define subject matter experts as the people who are using the applications every day and who collaborate with developers to make sure the product functions properly. For example, with TriSano, CSI's infectious disease and bioterrorism outbreak management system, doctors and nurses are the subject matter experts who help to make up the community.
Bentley: So how do you approach your projects? What is the process?
Cohen: We establish a core team based on the collective goal of the original participants. The core team is made up of both subject matter experts and developers. The team develops a roadmap and begins to build the application(s). Once the application has been developed and put through QA, the team together decides how best to deploy the applications and how to sustain and support it. It is usually offered as an on-premise installation, software as a service, via cloud computing, or potentially as an application appliance.
Bentley: Generally, how does this process aid in meeting compliance goals and requirements?
Cohen: Collaborative development, or community sourcing, is a natural model for companies that need to meet compliance requirements. These companies work together in trade associations to develop common solutions that meet their requirements and meet the federal regulations. By joining a core team, they can lower their costs of development and support. The result is risk mitigation, shared reward and de-facto standards that the industry can all use.
Bentley: And for a more specific example, can you tell us about CSI SIG and how it can help users with Gramm-Leach-Bliley Act requirements?
Cohen: CSI SIG is a multi-user Web application that allows rapid response to, and assessment of, the BITS SIG questionnaire. CSI SIG is built on proven, industry standard, open source technologies, making it the most flexible and capable solution for vendor self-assessment. Once gathered, it is critical that vendor self-assessment data be analyzed to determine the level of risk a vendor poses. Data gathered using CSI SIG is exportable in a standards-compliant XML format, making it simple and easy to import into any operational risk management application that can process XML documents.
Enabling a smooth flow of data from vendor to institution and back again is absolutely critical to an effective vendor assessment process. CSI SIG has a number of features to allow institutions and their potential vendors to quickly, easily, and securely exchange data. The use of standards is critical for smooth inter-operation between diverse systems. CSI SIG can import and export XML files in a freely available format to ensure that data can move smoothly from CSI SIG, where it is gathered, to any other system that needs it. CSI SIG also uses industry standard AES encryption to ensure that your data remains secure while in transit.