Test Driven Compliance
1 like56 views
This document discusses automating compliance controls using test-driven compliance. It recommends translating regulations into defined processes to improve quality, outlining how checklists can provide protection and discipline. Implementing test-driven compliance using a standard unit testing framework provides benefits like standard reporting, failure explanations, and easy integration with continuous integration processes. Compliance can be treated as a socio-technical system like DevOps.
Test Driven Compliance
- 1. @meekrosoft Automating your compliance controls with Test Driven Compliance Mike Long @meekrosoft
- 3. @meekrosoft Regulated Industries ACME Corp. Translate into processes Continuous Documentation Meetings and Signoffs 則1.1 Regulations
- 4. @meekrosoft Regulated Industries ACME Corp. Translate into processes Continuous Documentation Meetings and Signoffs 則1.1 Regulations
- 5. @meekrosoft Compliance with Standards Ensure that products and services are safe, reliable and of good quality. Reduce costs by minimizing waste and errors and increasing productivity. Help companies to access new markets
- 6. @meekrosoft Defined Processes Improve Quality Checklists seem to provide protection against such failures. They remind us of the minimum necessary steps and make them explicit. They not only offer the possibility of verification but also instill a kind of discipline of higher performance.
- 7. @meekrosoft SW Compliance across the value stream Confidential - Do Not Share Scope Product Management Software Development IT Operations
- 8. @meekrosoft
- 9. @meekrosoft
- 10. @meekrosoft
- 11. @meekrosoft So how do we get rid of silos, batches, queues and gates while staying compliant?
- 12. @meekrosoft DevOps is a SocioTechnical System
- 13. @meekrosoft Compliance ALSO is a SocioTechnical System
- 14. @meekrosoft Compliance ALSO is a SocioTechnical System ?
- 15. @meekrosoft Behaviour Driven Development Matt Wynne, Cucumber https://cucumber.io/blog/bdd/intro-to-bdd-and-tdd/ compliance
- 16. @meekrosoft BDD Control Frameworks GIVEN a current branch is a pull request and no review WHEN merge build is run THEN fail the build
- 17. @meekrosoft Code reviews Coding Standards Verifiable builds Test coverage Static Analysis Vulnerability Scanning Verifiable deployments Identify Change Controls
- 18. @meekrosoft Implementing Test Driven Compliance Using a standard Unit Testing Framework provides: Standard reporting and transparency Explanations on failure Control test independence Easy integration with CI processes
- 20. @meekrosoft Google Binary Authentication for Borg BAB Product Management Software Development Release Control Production
- 21. @meekrosoft Automating your compliance controls with Test Driven Compliance Mike Long @meekrosoft