| ||Ask HN: How to Reconcile SOX Segregation of Duties with DevOps?|
5 points by yukinon 15 days ago | hide | past | favorite | 4 comments |
|I'm in a Fortune 500 company that is under pressure to have proper segregation of duties between (1) who develops the code, (2) who approves the code, and (3) who deploys the code. In other words - SOX compliance, Change Approval Boards, etc..|
But from reading books like Accelerate, and the DevOps Handbook, to become a high performing organization, the organization needs to enable and empower developers to create automated pipelines to get their changes into production safely but as fast as possible. So it would fall under a "you build it, you run it, you own it" etc..
I'm struggling to understand how it is possible that in a world of SOX compliance, how it is possible to practice CD effectively? Or how to reconcile the agile iterative processes and embracing failure if you have to deal with a Change Approval Board?
Has anyone had any experience with this in their org of how to reconcile these two concepts?
| Apply to YC