I’ve heard a lot of questions about DevOps, audit, compliance, and how they all fit together. I’ve fielded more questions from more people recently. In my mind, that means more people are applying DevOps patterns and practices to their work and the work they’re doing is real (as opposed to sandbox, pilot, or “let’s try this stuff out” projects). Why else would they be interested in audit and compliance?

Here are some resources that might be helpful if you’re “doing the DevOps” and interested in making audit and compliance efforts go more smoothly.
Continue reading →

Many organizations want to adopt DevOps practices to get the benefits associated with it: faster time to market, increased stability and quality, and more time to build stuff that’s valuable to the bottom line. But they often get tripped up by audits and compliance checks to make sure the organization is adequately addressing risk. DevOps practices don’t align well with traditional audit practices. So these organizations are often left asking themselves, “How do I position my organization for an audit when I’m using DevOps practices?” Until recently, there hasn’t been a really good answer.

But that’s changing.
Continue reading →