The DevOps Audit Defense Toolkit can help:
http://itrevolution.com/devops-and-auditors-the-devops-audit-defense-toolkit/
Pete.
On Fri, Sep 25, 2015 at 5:11 AM, Yves Dorfsman <y...@zioup.com> wrote:
>
> I'd like to hear from people who worked in environments requiring
> "separation
> of duty" (SOX, PCI) and how they have dealt with:
>
> - continuous delivery: how do you automate deploys if a "trusted human
> who
> is not a dev" has to sign off each deploy?
>
> - mixed team and separation of duty: especially on smaller teams, the ops
> people might be involved in some of the developments, in some areas, both
> dev
> and ops will be involved (build and deploy code), which leads with people
> with
> needing both repository access to code and ops access to infrastructure.
>
>
>
> Thanks.
>
> --
> http://yves.zioup.com
> gpg: 4096R/32B0F416
>
> _______________________________________________
> Tech mailing list
> Tech@lists.lopsa.org
> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
> This list provided by the League of Professional System Administrators
> http://lopsa.org/
>
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
