What does it mean to deliver software with Continuous Compliance?
What does it mean to deliver software with Continuous Compliance?

What does it mean to deliver software with Continuous Compliance?

In this short video, Mike Long, our Co-founder and CEO, explains how teams delivering software in regulated industries can achieve CI/CD using CC = Continuous Compliance.

If you deliver software in a regulated environment you’ll be familiar with change management processes. And, if you practice DevOps, you’ll know that conventional approaches to managing change create a bottleneck at the end of your development cycle.

This is because change management is implemented as a manual gate just before the release process. It involves time consuming activities like meetings, release documentation and deployment approvals. It’s necessary work, but it doesn’t scale.

To go at the speed of DevOps in a regulated environment you need continuous compliance to keep pace with the rest of the automation in your pipelines. At Merkely, we achieve this by automating a secure chain of custody, from end to end, across your pipelines to ensure that everything running in production is compliant with your processes and risk controls.

By implementing logging and tracing you can keep a record of every change to every artifact as it makes its way from the initial commit all the way to production. Those changes are then secured in an append-only journal captured directly from your pipelines.

Then, by monitoring what’s running in production, and comparing what’s happening before and after the release, you can quickly identify discrepancies, close gaps, and deploy your software with continuous compliance.

Since launching Merkely we’ve onboarded DevOps teams in banking, payments, insurance, cryptocurrency and healthcare. All of them are now deploying compliant software at the speed of DevOps, see here. If you want to go as quickly as they do, talk to us about the challenges you’re facing and click the link in the description below.

https://www.merkely.com/start/

Top Articles

How regulated teams can avoid the DevOps Lite trap with DevOps Change Management

How to secure your software supply chain with Artifact Binary Provenance

Merkely 2021 - Making friends with change

Published September 8, 2021 in
Mike Long
Mike Long

Subscribe to The Merkely Meteor for all the latest news, updates and ch-ch-changes

Subscribe to the Merkely Meteor

More posts in technology

How regulated teams can avoid the DevOps Lite trap with DevOps Change Management

DevOps is being adopted across regulated industries, but old ITIL approaches to change management still create unnecessary lead times and risks. Fortunately, you don’t have to fall into the DevOps Lite trap with 20th century change management.

How to secure your software supply chain with Artifact Binary Provenance

In Merkely, we use Artifact Binary Provenance as the foundation for our audit trails. Artifact Binary Provenance is a fancy term, but the idea behind it is really quite simple. All it means is that we can identify the software we have running in production.

8 reasons why we do ensemble programming

At Merkely we do as much of our work as possible in a group setting, especially (but not limited to) programming. In our experience most tech teams don’t do this and we think they’re missing out on all kinds of advantages that come from working as an ensemble.

Subscribe to The Merkely Meteor for all the latest news, updates and ch-ch-changes

Merkely is committed to protecting and respecting your privacy. Don’t worry if you change your mind you can opt out at any time - Review our Terms and conditions and Privacy Policy
Subscribe
Merkely is committed to protecting and respecting your privacy. You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our Privacy Policy.
Subscribe to the Merkely Meteor