Skip to main content
DevOps icon showing cogs

This post is from the XebiaLabs blog and has not been updated since the original publish date.

Last Updated May 30, 2018 — DevOps Expert

Dear Auditor: Let’s Increase Application Release Velocity Together


Back in April of this year, I had the honor of participating in the DevOps Enterprise Forum, hosted by Gene Kim and the IT Revolution team. The three-day event in Portland, Oregon gathered many of the world’s DevOps thought leaders to address obstacles impacting the DevOps movement and develop guidance to assist the DevOps community at large.

One of the biggest challenges of DevOps, especially in heavily regulated industries, is figuring out how to best integrate auditing best practices and guidelines into application development delivery processes -- without compromising velocity or quality. To address this challenge head on, I joined a team of respected DevOps industry individuals at the event, including Ben Grinnell, James Wickett, Jennifer Brady, Sam Guckenheimer, Scott Nasello, and Tapabra Pal. The team’s goal was to work with the Audit community to determine the best methods for addressing the audit-specific challenges associated with software releases and to create some initial guidance for the DevOps community to follow and build on. To extend an olive branch to the Audit community, the team penned an open letter titled, “Love Letter to the Auditor.” Supported by open source guidance, the letter is ultimately intended to help the DevOps community understand the controls they need to put in place and the risks they need to address in order to develop effective code.Dear AuditorThe letter includes a link to an initial list of audit concerns documented in a DevOps Risks and Controls Matrix. The matrix provides details around each control and the team’s best practices and evidences that have been collected to support the control. The matrix is intended to be collaborative and to be expanded over time by the community. More context surrounding the letter is available in our recently recorded and now on-demand webinar, “On the Road to Shangri-La: Scaling CD from Teams to the Enterprise.” In this session Gene Kim and I discuss the letter (which occurs around the 45-minute mark). Finally, for more information about the project, visit Resources:

More from the Blog

View more
Ascension Launch Banner
Apr 26, 2022

Get ready for peak performance with’s newest AI-Powered DevOps Platform Ascension Release

Today, is excited to announce our latest AI-Powered DevOps ...
Read More
Jan 24, 2022 Value Stream Delivery for SAFe®: The key to amazing business outcomes

The Scaled Agile Framework (SAFe) is the world’s leading framework for ...
Read More
Dec 09, 2021

How SaaS and cloud-based solutions helped the U.S. Department of Veterans Affairs achieve digital transformation

Modernizing legacy systems was an ongoing goal for the U.S. Department ...
Read More
Nov 29, 2021

Increase velocity and reduce risk with AI and machine learning

Artificial Intelligence (AI) and machine learning (ML) have proven use ...
Read More
Contact Us