Toggle Menu

Insights / Digital Service Delivery / Helping IT and Audit Work Better Together: The DevOps Audit Defense Toolkit

July 25, 2014

Helping IT and Audit Work Better Together: The DevOps Audit Defense Toolkit

2 mins read

Many organizations want to adopt DevOps practices to get the benefits associated with it: faster time to market, increased stability and quality, and more time to build stuff that’s valuable to the bottom line. But they often get tripped up by audits and compliance checks to make sure the organization is adequately addressing risk. DevOps practices don’t align well with traditional audit practices. So these organizations are often left asking themselves, “How do I position my organization for an audit when I’m using DevOps practices?” Until recently, there hasn’t been a really good answer.

But that’s changing.

Over the last few months, I’ve had the privilege of working with Gene Kim, James DeLuccia, and Byron Miller (three super smart people who are incredibly knowledgeable about DevOps and audits) on a project to develop the DevOps Audit Defense Toolkit. The vision for the project is to define the authoritative guidance for how management and auditors should conduct audits in organizations where DevOps practices are in use.

The first draft of the toolkit is out and we’ve already received some incredibly useful feedback on it. If you want a good overview, George V. Hulme wrote a terrific article on CSO Online about the project, why we’re doing it, and what we hope to accomplish. You can also join a growing Google+ community for the toolkit – people are posting some great content there.

This is a really exciting project, especially when I think about the impact the toolkit can have on bringing the DevOps and audit communities closer together and make audits less painful and more productive. While we have more work to do on the toolkit, we know it’s possible – something Simon Storm demonstrated in his awesome presentation at the DC Continuous Delivery meetup a couple months ago. Hopefully the DevOps Audit Defense Toolkit can help more organizations realize those same benefits.

You Might Also Like


Overcoming Obstacles to Continuous Improvement in Your Organization

Does driving change in your organization sometimes feel like an uphill climb? You’ve tried implementing...


Simplifying Tech Complexities and Cultivating Tech Talent with Dustin Gaspard

Technical Program Manager, Dustin Gaspard, join host Javier Guerra, of The TechHuman Experience to discuss the transformative...


How Federal Agencies Can Deliver Better Digital Experiences Using UX and Human-Centered Design

Excella UX/UI Xpert, Thelma Van, join host John Gilroy of Federal Tech Podcast to discuss...