In this short video, Mike Long, our Co-founder and CEO, explains how teams delivering software in regulated industries can achieve CI/CD using CC = Continuous Compliance.
If you deliver software in a regulated environment you’ll be familiar with change management processes. And, if you practice DevOps, you’ll know that conventional approaches to managing change create a bottleneck at the end of your development cycle.
This is because change management is implemented as a manual gate just before the release process. It involves time consuming activities like meetings, release documentation and deployment approvals. It’s necessary work, but it doesn’t scale.
To go at the speed of DevOps in a regulated environment you need continuous compliance to keep pace with the rest of the automation in your pipelines. At Merkely, we achieve this by automating a secure chain of custody, from end to end, across your pipelines to ensure that everything running in production is compliant with your processes and risk controls.
By implementing logging and tracing you can keep a record of every change to every artifact as it makes its way from the initial commit all the way to production. Those changes are then secured in an append-only journal captured directly from your pipelines.
Then, by monitoring what’s running in production, and comparing what’s happening before and after the release, you can quickly identify discrepancies, close gaps, and deploy your software with continuous compliance.
Since launching Merkely we’ve onboarded DevOps teams in banking, payments, insurance, cryptocurrency and healthcare. All of them are now deploying compliant software at the speed of DevOps, see here. If you want to go as quickly as they do, talk to us about the challenges you’re facing and click the link in the description below.