Netspective Unified Process for Deterministic Software
An agile quality system and SDLC for regulated IT deliverables. Meet FDA, HIPAA, NIST, and FedRAMP requirements with audit-ready documentation and modern engineering practices.
Regulated software requires more than just code—it demands documented, auditable processes that meet FDA, HIPAA, NIST, and other regulatory standards. NUP provides the complete framework your team needs, combining proven methodology with modern engineering practices from industry leaders like Microsoft.
What is NUP?
Netspective Unified Process (NUP) is an Agile Quality System and Software Development Lifecycle (SDLC) designed for organizations building software in regulated industries. It bridges the gap between modern agile development speed and the rigorous documentation requirements mandated by regulatory bodies—enabling teams to deliver compliant software without reverting to slow, heavyweight waterfall approaches.
Computing Paradigm: Deterministic-First
This documentation covers the Deterministic-First computing paradigm—software systems where outcomes must be predictable, reproducible, and auditable.
Why Deterministic-First for Regulated Software?
| Requirement | Deterministic Approach | Benefit |
|---|---|---|
| Auditability | Every decision is traceable | Regulatory compliance |
| Reproducibility | Same inputs = same outputs | Testing and validation |
| Predictability | Behavior is well-defined | Risk management |
| Documentation | Logic can be fully documented | Audit readiness |
| Verification | Outputs can be verified | Quality assurance |
Why Regulated Software Needs a Documented Quality System
If your software touches healthcare data, medical devices, government systems, or life sciences research, regulators require proof that you follow documented, repeatable processes. Ad-hoc development isn't acceptable.
- Regulatory Mandates: FDA, HIPAA, NIST, and ONC all require documented software development processes with audit trails.
- Audit Readiness: When auditors arrive, you need organized documentation proving every decision and verification step.
- Risk Mitigation: Documented processes reduce errors, improve quality, and protect against compliance violations.
The Compliance Gap
Many teams struggle to bridge the gap between modern agile development and regulatory compliance requirements. They either:
- Move fast but create compliance debt that haunts them during audits
- Slow down dramatically with heavyweight waterfall processes
- Cobble together ad-hoc documentation that doesn't satisfy auditors
NUP solves this by providing an agile framework designed from the ground up for regulatory compliance, enhanced with modern engineering practices.
What This Documentation Covers
This comprehensive guide combines two authoritative sources:
NUP Methodology Foundation
Built on the OpenUP framework and Eclipse Process Framework, NUP provides:
- Core Concepts - Phases, disciplines, activities, and artifacts
- Roles & Responsibilities - 46+ defined roles from architects to QA specialists
- Tasks & Activities - 43+ documented tasks across the SDLC
- Compliance Guidelines - FDA, HIPAA, FedRAMP, SOC 2 mapping
- Templates & Checklists - Ready-to-use artifacts for every phase
Microsoft Engineering Playbook Practices
Industry-proven engineering fundamentals including:
- Agile Development - Backlog management, ceremonies, team agreements
- Code Reviews - PR processes, author/reviewer guidance, language recipes
- Automated Testing - Unit, integration, E2E, performance testing
- Observability - Logging, metrics, tracing, dashboards
- Security - Threat modeling, OWASP, DevSecOps practices
- CI/CD - Pipelines, infrastructure as code, deployment strategies
Documentation Structure
Navigate through the following sections:
| Section | Description |
|---|---|
| Core Concepts | NUP foundation: phases, disciplines, activities, artifacts |
| Roles | Team roles and responsibilities |
| Agile Development | Backlog, ceremonies, team agreements |
| Code Reviews | PR process, review checklists, language recipes |
| Automated Testing | Unit, integration, E2E, performance testing |
| Design | Design reviews, ADRs, patterns |
| Observability | Logging, metrics, tracing, dashboards |
| CI/CD & DevOps | Pipelines, IaC, deployment |
| Security | Threat modeling, secure coding, DevSecOps |
| Tools | Tool recommendations by discipline and technology |
| Practices | Development practices and best practices |
| Guidelines | Compliance and development guidelines |
| Checklists | Definition of Done/Ready, accessibility, security |
| Templates | Architecture, PM, QA, requirements templates |
| Examples | Case studies and implementation examples |
| Third-Party Resources | NIST, TOGAF, IEEE standards |
| ISO Compliance Matrix | Complete ISO 13485 and ISO 27001 traceability |
The NUP Lifecycle
NUP provides a structured yet flexible approach that ensures quality and compliance at every phase.
Six-Phase Development Lifecycle
| Phase | Purpose | Key Deliverables |
|---|---|---|
| Discovery | Understand requirements, stakeholders, and constraints | Requirements, Vision, Feasibility |
| Design | Architect the solution and make technical decisions | Architecture, Design Docs, ADRs |
| Development | Build features iteratively with quality gates | Working software, Tests, Documentation |
| Verification | Validate quality through testing and review | Test Results, V&V Evidence, Compliance |
| Deployment | Release to production with controlled rollout | Deployment Artifacts, Release Notes |
| Maintenance | Operate, monitor, and continuously improve | Metrics, Incident Reports, Updates |
Extended Enterprise Lifecycle (Seven Phases)
For large enterprise initiatives, NUP extends the traditional OpenUP four-phase model:
- Strategy: Establish organizational strategy, business objectives, and portfolio alignment.
- Envision: Create a shared vision, identify stakeholders, and establish the project roadmap.
- Inception: Define project scope, feasibility, and obtain commitment to proceed.
- Elaboration: Establish architecture baseline and validate project can deliver objectives.
- Construction: Iterative development with continuous quality gates and documentation.
- Transition: Prepare and execute controlled release to production environments.
- Production: Operate, monitor, and continuously improve the system in production.
Core Principles
From NUP Methodology
- Iterative & Incremental - Each phase divided into iterations producing executable builds
- Role-Based - Clear definition of who does what (performers and contributors)
- Artifact-Centric - All work produces managed, version-controlled artifacts
- Compliance-First - Every artifact designed with auditors in mind
From Microsoft Engineering Playbook
- Quality Over Speed - "Keep the code quality bar high. Value quality and precision over 'getting things done.'"
- Know Your Playbook - Follow documented processes; fix them when broken
- Peer Reviews - Code reviews on every pull request
- Testability - Code is incomplete without tests
- Observability - Measure how well the application is behaving
Regulatory Framework Coverage
NUP is designed to satisfy the documentation and process requirements of major regulatory frameworks.
- FDA QSR: Quality System Regulation for medical devices and health software
- HIPAA: Health Insurance Portability and Accountability Act compliance
- NIST CSF: Cybersecurity Framework for critical infrastructure
- ONC: Office of the National Coordinator for Health IT certification
- FedRAMP: Federal Risk and Authorization Management Program
- SOC 2: Service Organization Control 2 Type I & II compliance
Integrates with Your Quality Management System
NUP isn't meant to replace your existing QMS—it's designed to integrate seamlessly. We provide the foundation documents and processes that slot directly into your organization's quality infrastructure.
- Customizable Templates: All artifacts can be branded and tailored to match your organization's terminology and structure.
- Traceability Built-In: Requirements, design decisions, and verification steps are linked for complete audit trails.
- Proven in Production: NUP has been used to deliver compliant solutions for healthcare, government, and life sciences clients.
What You Get
- Complete SDLC process documentation
- Template library for all lifecycle artifacts
- Regulatory mapping guides (FDA, HIPAA, NIST, etc.)
- Modern engineering practices (agile, testing, CI/CD)
- Audit preparation checklists
- Security and observability guidance
Getting Started
- Start with Core Concepts - Understand the NUP foundation (phases, disciplines, roles)
- Review Your Compliance Needs - Check the Guidelines section for your regulatory framework
- Adopt Engineering Practices - Implement agile, code reviews, and testing practices
- Use Templates - Leverage ready-made templates for your artifacts
- Measure & Improve - Use observability and checklists to continuously improve
Compliance
NUP is a comprehensive Quality Management System (QMS) that serves as a superset of ISO 13485 (Medical Devices QMS) and ISO 27001 (Information Security Management). Every NUP practice fulfills and extends the corresponding ISO requirements, enabling organizations to achieve compliance while benefiting from modern agile engineering practices.
This documentation fulfills ISO 13485 requirements for QMS general requirements (4.1), documentation (4.2), QMS planning (5.4.2), human resources (6.2), planning of product realization (7.1), design and development (7.3), production and service provision (7.5), and monitoring and measurement (8.2), and ISO 27001 requirements for security policies (A.5.1), security roles (A.5.2), information security in project management (A.5.8), secure development lifecycle (A.8.25-29), and change management (A.8.32).
How is this guide?
Last updated on