Skip to main content

This post is from the XebiaLabs blog and has not been updated since the original publish date.

Last Updated May 30, 2018 — DevOps Expert

Dear Auditor: Let’s Increase Application Release Velocity Together


Back in April of this year, I had the honor of participating in the DevOps Enterprise Forum, hosted by Gene Kim and the IT Revolution team. The three-day event in Portland, Oregon gathered many of the world’s DevOps thought leaders to address obstacles impacting the DevOps movement and develop guidance to assist the DevOps community at large.

One of the biggest challenges of DevOps, especially in heavily regulated industries, is figuring out how to best integrate auditing best practices and guidelines into application development delivery processes -- without compromising velocity or quality. To address this challenge head on, I joined a team of respected DevOps industry individuals at the event, including Ben Grinnell, James Wickett, Jennifer Brady, Sam Guckenheimer, Scott Nasello, and Tapabra Pal. The team’s goal was to work with the Audit community to determine the best methods for addressing the audit-specific challenges associated with software releases and to create some initial guidance for the DevOps community to follow and build on. To extend an olive branch to the Audit community, the team penned an open letter titled, “Love Letter to the Auditor.” Supported by open source guidance, the letter is ultimately intended to help the DevOps community understand the controls they need to put in place and the risks they need to address in order to develop effective code.Dear AuditorThe letter includes a link to an initial list of audit concerns documented in a DevOps Risks and Controls Matrix. The matrix provides details around each control and the team’s best practices and evidences that have been collected to support the control. The matrix is intended to be collaborative and to be expanded over time by the community. More context surrounding the letter is available in our recently recorded and now on-demand webinar, “On the Road to Shangri-La: Scaling CD from Teams to the Enterprise.” In this session Gene Kim and I discuss the letter (which occurs around the 45-minute mark). Finally, for more information about the project, visit Resources:

More from the Blog

View more
Mar 01, 2021

Discover the change management practices that are ripe for optimization

Change has become the most important part of modern digital product cr ...
Read More
Feb 22, 2021

Reckoning DevOps’ role in the enterprise value stream

If you’re a software or digital solutions company, you may use DevOps ...
Read More
Feb 10, 2021

Customer spotlight: Schneider avoiding bumps in the road with DevOps adoption

Everyone wants to deliver software faster and more reliably. Companies ...
Read More
Jan 06, 2021

How testing automation can build a culture of QA while accelerating continuous delivery

An organization’s level of automated test coverage is quickly emerging ...
Read More
Contact Us