The DevOps Change Management Content Hub is a set of resources for modern software teams who struggle to align their DevOps automation with their change management requirements.
In our experience, cloud native teams with lots of automation struggle when they run into a compliance event like an audit, or need to achieve a security standard like SOC2 or ISO27001. How do you comply without adopting old fashioned change management practices and screwing up your DevOps?
For legacy organizations the challenge is how to move past existing change management processes as they go through digital transformations. How do you get to daily/hourly deployments when every change requires a manual sign off?
The resources in this hub are for teams of all ages, shapes and sizes, who need automated audit, compliance, and security as part of their DevOps.
Does your team struggle with software audits? Is it a mess of screenshots and spreadsheets?
Learn how to automate it
What is DevOps Change Management?
What do we mean by DevOps Change Management? Surely these terms are in complete opposition? One is all about automation and speed while the other is all about manual processes and delays for change approvals?
Starting in 2019 we began to see how change management could be automated as part of a DevOps approach. Years of DevOps consultancy in regulated industries had taught us that the only barriers to automated change and risk controls were ignorance of what regulations and standards actually ask for and a lack of imagination. There’s nothing in any security standard or regulation that we know of that demands manual sign-offs and meetings. If you think we’re wrong about that - let us know.
These introductory articles explain the basic principles behind DevOps change management. In summary - you can use automation to go faster with better compliance and stronger security.
- DevOps and the future of Change Management
- What the FCA found when analyzing 1 million production changes
- Is faster actually safer? How software physics beats human psychology
How to build a DevOps Change Management Solution
You’ve heard some of the theory, what about some of the practice? In these articles we’ll outline essential properties of DevOps change managment such as immutable data storage, CI pipeline integration, environment monitoring, automated risk controls, automated test evidence collection, and more. The idea with these guides is to show you what an efficient change management system that meets regulatory standards and aligns with DevOps actually looks like.
- How to design a DevOps Compliance System of Record
- How to automate a secure chain of custody across your pipelines in 5 steps
- How to Automate Change Management for DevOps
DevOps and ITIL
We know that for many of you in legacy organizations the ITIL framework and ITSM tooling are basic facts of life. Large companies aren’t throwing their Service Now in the trash any time soon - however much they’re committed to adopting DevOps. The good news is there are ways to incorporate DevOps into your existing systems. These articles address the need to adapt ITIL’s traditional change management process to accommodate the rapid deployment cycles of DevOps. With automation you can redefine deployments to production as ‘standard’ rather than ’normal’ changes, enabling quicker and more efficient software releases while still adhering to the ITIL framework’s core principles.
- Continuous Delivery Change Management in ITIL Frameworks
- Why ITIL Change Management doesn’t work for DevOps teams
- How regulated teams can avoid the DevOps Lite trap with DevOps Change Management