There's an interesting thread, in the Yahoo group, on the potential for using XP in a regulated environment. Root of Yahoo group thread: http://groups.yahoo.com/group/extremeprogramming/message/103534 Nancy Van Schooenderwoert posted a good note on her XP team passing a GAMP audit: http://groups.yahoo.com/group/extremeprogramming/message/103677 An interesting quote and reference to a relevant FDA document: http://groups.yahoo.com/group/extremeprogramming/message/103587 section 4.7: ''"Due to the complexity of software, a seemingly small local change may have a significant global system impact. When any change (even a small change) is made to the software, the validation status of the software needs to be re-established. Whenever software is changed, a validation analysis should be conducted not just for validation of the individual change, but also to determine the extent and impact of that change on the entire software system. Based on this analysis, the software developer should then conduct an appropriate level of software regression testing to show that unchanged but vulnerable portions of the system have not been adversely affected. Design controls and appropriate regression testing provide the confidence that the software is validated after a software change."'' http://www.fda.gov/cdrh/comp/guidance/938.html#_Toc517237944 Charles R Martin lists several steps that may be required: http://groups.yahoo.com/group/extremeprogramming/message/103567 A question: Can automated tests enforce the wrong behavior? http://groups.yahoo.com/group/extremeprogramming/message/103616