Painless Compliance in 3 Steps

Ask any IT person from the financial sector about SOX requirements and they’ll probably use some colorful language about how much time and money it sucks away. According to the 2016 Sarbanes-Oxley compliance survey by global consultant Protiviti, the average annual internal cost of SOX Compliance Costs is over $1.2 million dollars, with 27% of these firms spending 2 million or more.

Having worked with lots of financial institutions in my time, I’ve seen my fair share of IT people feeling overburdened by the demands of keeping up with regulations. Documenting processes and changes, ensuring segregation of duties, and so on is tedious and time-consuming. To be effective and lighten the compliance load you need automation, yes, but you also need intelligence about what’s happening across your pipeline. Release orchestration gives you both, which means you stay sane and keep the auditors happy. But before you cross over that rainbow, you need to take some steps to get your house in order.

Step 1. Clean Up Your Software Delivery Pipeline

You can’t begin to automate compliance documentation if you’re pipeline is messy and inefficient. To clean it up, you first need to first find any bottlenecks that are standing in the way of streamlining the pipeline—the whole pipeline. Release orchestration gives you visibility from end to end, all the way from design through to production. Once you figure out exactly where your problems are, you can start to optimize your processes.

Step 2. Ditch the Manual Workflows

Creating deployment workflows is like using static maps. If you come across road construction for example, you need to look at your map, recalculate your route, and commit it to memory to get to where you’re going. Doing so will probably delay your ETA too. Similarly, if you change any part of your deployment process, you must manually reconfigure steps and any dependencies affected by the change. This can make it time consuming for an enterprise, with its hundreds of applications, to accurate records for compliance. In contrast, off the shelf release orchestrators are more like a GPS, which track your changes and automatically recalculate the route. All the underlying steps are still there, they’re just handled by the software. If you change some part of the release process, a release orchestrator automatically adjusts every step in your workflow, including all dependencies, approvals, and so on, ensuring up to date and accurate records for compliance.

WHITE PAPER

Release Pipeline Orchestration 

An Essential Practice for Continuous Delivery at Enterprise Scale

Learn how release pipeline orchestration solutions help even the largest of enterprises efficiently manage and optimize their software release pipelines.

 

Step 3. Automate Your Documentation

Cleaning up the pipeline and orchestrating your release process lays the groundwork for automating documentation. Enterprise-grade release orchestration tools capture a full audit trail automatically, which means you can easily show how you’ve supported compliance requirements, track the evolution of releases and demonstrate any deviations from your original plan. Release orchestrators also allow you to standardize release processes and enforce company compliance processes. This allows auditors to certify the release process itself, then simply confirm that all steps have been followed. In effect, the auditor becomes part of the process rather than an afterthought. By cleaning up your pipeline and automating your workflows and documentation, you and your auditors can enjoy happier, pain-free days ahead.

Related Reading

• Improve Compliance with Enterprise DevOps
• Continuous Delivery for Financial Services
• Enterprise DevOps for Insurance