We are thrilled to announce 📢 Kosli is now SOC 2 Type 2 compliant - Read more
✨ New Feature: Kosli Trails is live ✨ Create comprehensive audit trails for any DevOps activity - Read more

How Firi delivered over 100,000 changes without worrying about compliance

published February 3, 2023
  • Financial
  • Crytpocurrency
  • Europe
  • Startup
Based in Norway, Firi operates under some of the most demanding sets of regulatory standards in the world. They need to be diligent about following their legal obligations, but they didn’t want an ITIL process. With Kosli they deployed over 100,000 changes to production last year and can provide regulators with provable audit trails on demand.
  • Challenges

    • How to ensure software compliance with their existing tool stack
    • How to deliver changes with their “always compliant” core value
    • How to extract and format tamper proof evidence for the auditors
  • Solutions

    • Automated reporting for every change made to test and production
    • Slack integration providing alerts for real time compliance status
    • Easily exportable audit trails of all changes to CSV format

Firi

Location
Oslo, Norway
Industry
Cryptocurrency Exchange
Profile
Founded 2017
FTE 50
Website
firi.com

The Slack integration alerts us when environments go from compliant to non compliant

Cato Auestad, Chief Technology Officer @Firi

Cato Auestad, Chief Technology Officer @Firi

Our big challenge is that we must have a record of our IT environment. We need tamper proof evidence that shows who approved the changes that are running in production. 
We also need a balance between simplicity and compliance.

In theory, maybe we should be running an ITIL process, but we prefer to keep things as simple as possible and rely on our tooling which ensures all boxes are ticked before deployment. So, we run Kosli as a background job in our CI tool for every deployment. For every service deployed to our test environment, we make a request to Kosli for the container. And we do the same for every release. 

It’s an automated process, but Kosli’s Slack integration alerts us when environments go from compliant to non compliant. We always know our compliance status in real time and that gives us a lot of freedom to deliver changes quickly.

We always know our compliance status in real time and that gives us a lot of freedom to deliver our changes

During our audit the regulator asked us to provide a list of all our deployments, when they were made, who approved them, and what the change was. This might sound like a nasty job, but Kosli has this feature where all of that information can be exported in CSV format for the auditors. 

They don’t want us to explain JSON files to them and we definitely don’t want to dig them out. They simply want a spreadsheet where they can select rows at random and see all of the necessary metadata for every change. Having the ability to easily export these reports is really helpful for everyone.

Ready to ship with more confidence?

Get security and compliance you can trust without slowing down or changing your tools.
Request a demo Start for free
Auditor and Kosli user

Got a question about Kosli?

We’re here to help, our customers range from larges fintechs, medtechs and regulated business all looking to streamline their DevOps audit trails

Contact us