Rethinking QA at AXA: How regional privacy policies add complexity to QA

This blog is part of a series featuring IT leaders who have driven successful quality transformations across organizations such as AGL, Equifax, McDonald’s, and Zurich. These first-hand accounts are excerpted from the Tricentis-sponsored Capgemini report, Reimagine the future of quality assurance.

Nathalie Turgeon, Head of Project Delivery, AXA Shared Services Centre (Manila, Philippines)

AXA is a global insurance company headquartered in France and has been trading for over 200 years, having been founded in 1816 as Mutuelle de L’assurance contre L’incendie (the Ancienne Mutuelle). It has about 180 global centers around the world and recorded revenues of €102.9 billion last year.

Regionalization adds to complexity

AXA has a global footprint across 180 global centers and the Philippines is the epicenter for the Asian markets managing multiple regional applications for the region. We have a number of QA policies and procedures in place to manage data privacy. We are responsible for any customer data that resides within those regional applications so we have data privacy, and we have Quality Assurance (QA) built around that.

The added layer of complexity is that those are for regional applications. However, we have also had to learn to clearly understand and work with the different entities such as Thailand, for instance. Obviously when it comes to customer data worldwide, most countries have some sort of data privacy legislation — some more than others.

We had to learn and understand all of those different legislations relating to customer data. We have to bring each local country’s data privacy frameworks, or procedures and policies, and align those with our regional applications. It’s quite complex, because we might have more stringent policies and procedures from a regional perspective than a local one might have.

It is important we have the right QA framework, but that’s a framework — that’s a guideline for us to use. What we then have to do is align with the different regions and, sometimes, we have to get them to all align to a certain direction in terms of customer data. That is an added layer of complexity.

When you have just one country, such as Australia, for instance, it is pretty straightforward. The customer data privacy laws are clear cut, they apply to everyone, and that is the end of the story. Everyone can apply them. We have added layers of complexity given the number of entities that we deal with.

With customer data, particularly where you have multiple layers and multiple entities, you need to have tight security measures in place, and it’s not just that you need to have it from a regional perspective.

Obviously, we have a strong security team here from the regional application side of things. And because we also serve so many other countries, we obviously need to ensure they equally have the same level of security in place. And that’s more than just the QA.

It is about having very tight controls in place. Given the speed at which things are moving now it’s an ongoing challenge to obviously stay on top of that and make sure that there are no breaches. Are we 100 per cent foolproof? Maybe not. Do we know where our gaps are? Yes. Do we have a plan, a very strong plan, to close those gaps? Yes.

Digital vs. legacy

The skills required in the quality assurance team is changing, both from a digital and legacy perspective. You need different skillsets than obviously what you would need for a framework you would use for digital, and also in the way you would apply it.

We tend to be heavily focused on the legacy side. What happens today is that there’s an assumption that we need more QA on the legacy side because there are a lot more issues there — the technology is older, therefore it requires a much more rigid framework and more focus. Because digital is faster, it’s newer, it’s changing every day. Therefore, we probably don’t need as much. When you look at QA, that’s not the intent of QA. It’s not there for you to assess where and how you need it. It is something that you should apply regardless of your methodology and you need to find a way to have the right skillsets and approach to apply that.

Breaking the bottlenecks

It is getting harder for us. From a digital perspective we are able to implement a lot faster and in an Agile way. And we have that in place here. What that means though is that you still have predominantly a lot of legacy that sits around that. It is very difficult to manage QA effectively. And, again, in a flexible and Agile way, given the speed at which we operate on the digital side.

So we’re often seeing that we are trying to impose, for instance, legacy processes or procedures on the digital side of things, thinking that it’s a good QA practice. But in actual fact, it doesn’t fit. It’s not delivering us the QA that we need because we haven’t amended it to fit the Agile methodology, if you like. That’s a real challenge — not just for AXA, but for a lot of organizations. So we tend to think of QA more in terms of the legacy side of things rather than how do we automate it so that we can provide the right framework to fit both. Or do you actually need two frameworks? We tend to think that we only should have one framework which will cover everything. So then the next question is, do we actually need two frameworks to help us understand and ensure the quality?

New KPIs

If I look at what we put out in terms of our digital products and applications, indirectly we’re measuring the quality based on the customer experience. It’s real-time. Whereas we don’t, in a lot of instances, get real-time in legacy. Therefore, our KPIs are all in hindsight.

Currently, I wouldn’t say that we’ve integrated, in terms of QA, for digital. I think it’s still very much geared towards legacy. And so we’re working through what does that need to be. Obviously we are looking at the marketplace to try and find how other insurance companies have integrated that.

Then obviously the tools come into it. And certainly from an Asian markets perspective, I would say that we’re at the lower end of the scale in terms of maturity for QA. At the moment, it’s done across various areas rather than having a proper overarching QA framework. And so we’re building that out at the moment and taking into account bringing legacy and digital together.

Three key partner qualities

The first thing that jumps to mind is thought leadership. If you look at our business, we’re insurance people. If I get a vendor, I want some thought leadership put on the table in terms of the market and what’s happening on a global perspective — not just a local perspective. That’s really important.

While we have strategies and roadmaps and so forth, these sometimes can be very inward looking. I look for some thought leadership from partners that I work with, along with skills and capability from a global perspective.

Trust is important. If I partner with someone, it starts from a trust basis. I just assume that from the outset. The relationship has to be on an equal basis. I’ve worked in many companies where their vendors are not engaged on an equal footing, and the vendors tend to have a lot of global experience and exposure to the marketplace — a lot more than we would internally. And we quite often do not give them enough air time to help us with our direction and our strategy. So a partnership on equal footing is really important.

We limit ourselves in the way that we use vendors in terms of what we want them to do, for instance with a specific scope of work. And what I’m saying is that, within this scope of work, we often don’t get them to help us validate the direction of that scope of work. Given their experience, exposure and skills and capability, we don’t often tap enough into them to ask: are we doing this the right way? Would you do it differently? For us to really maximize our vendors, we need to be a more open-minded.

***

For additional insights from quality leaders, read the complete 100+ page Capgemini report, Reimagine the future of quality assurance.