Skip to main content
DevOps Image

This post is from the XebiaLabs blog and has not been updated since the original publish date.

Last Updated May 30, 2018 — DevOps Expert

Dear Auditor: Let’s Increase Application Release Velocity Together


Back in April of this year, I had the honor of participating in the DevOps Enterprise Forum, hosted by Gene Kim and the IT Revolution team. The three-day event in Portland, Oregon gathered many of the world’s DevOps thought leaders to address obstacles impacting the DevOps movement and develop guidance to assist the DevOps community at large.

One of the biggest challenges of DevOps, especially in heavily regulated industries, is figuring out how to best integrate auditing best practices and guidelines into application development delivery processes -- without compromising velocity or quality. To address this challenge head on, I joined a team of respected DevOps industry individuals at the event, including Ben Grinnell, James Wickett, Jennifer Brady, Sam Guckenheimer, Scott Nasello, and Tapabra Pal. The team’s goal was to work with the Audit community to determine the best methods for addressing the audit-specific challenges associated with software releases and to create some initial guidance for the DevOps community to follow and build on. To extend an olive branch to the Audit community, the team penned an open letter titled, “Love Letter to the Auditor.” Supported by open source guidance, the letter is ultimately intended to help the DevOps community understand the controls they need to put in place and the risks they need to address in order to develop effective code.Dear AuditorThe letter includes a link to an initial list of audit concerns documented in a DevOps Risks and Controls Matrix. The matrix provides details around each control and the team’s best practices and evidences that have been collected to support the control. The matrix is intended to be collaborative and to be expanded over time by the community. More context surrounding the letter is available in our recently recorded and now on-demand webinar, “On the Road to Shangri-La: Scaling CD from Teams to the Enterprise.” In this session Gene Kim and I discuss the letter (which occurs around the 45-minute mark). Finally, for more information about the project, visit Resources:

More from the Blog

View more
Jun 10, 2021

Desilo DevOps: The power of bringing all your tools and data into one view

When discussing value stream management (VSM), our resources talk a lo ...
Read More
Jun 07, 2021

"How do I get started?" Key steps to improving your end-to-end DevOps process

There is an extraordinary variety of DevOps solutions available on the ...
Read More
May 24, 2021

Integrate your DevOps toolchain, simplify your life

Organizations can view the entirety of the tools and platforms they us ...
Read More
May 17, 2021

Why Companies in Competitive Industries Adjusted Better During COVID-19

As we continue to assess the dramatic effects of the global COVID-19 p ...
Read More
Contact Us