IT compliance: Optimize development and manufacturing processes without breaking existing rules.
Author: Cyrill Rüttimann
The exhaust gas scandal around diesel vehicles is a good example to explain compliance. In order to bring innovations to market faster than the competition, the efficiency of the development and manufacturing process is being optimized. At the same time, however, car manufacturers have to comply with increasingly strict regulations. This slows down and makes processes more expensive.
VW has undermined compliance by interpreting the rules differently and deliberately violating them. The challenge of compliance is the same for all industries. Only the degree of competition and the respective rules are different. Examples of regulatory requirements and best practices that affect IT infrastructure:
Agile software development is the recognized instrument to react quickly to customer needs. Whereas development cycles used to take months or years, today it is days or weeks. However, agile software development has no answer to the integration of non-functional requirements from operations or security. Agile software development is only one discipline in the entire development process.
A solution is compliant if it complies with the rules. For this purpose, the solution or product is subjected to an audit. In this process, it must be possible to prove compliance with the set of rules. These are complex and manual processes. One reason for this is that rules in written form can be interpreted differently. And each time the set of rules or the solution is adapted, these processes must be run through. This counteracts the achievements of agile software development. Compliance is seen as a brake and a hindrance.
The exhaust gas scandal has shown that levering out compliance can have serious consequences. The loss of image and record-high fines can drive a company into bankruptcy in a very short time and destroy its stock market value. Have you ever wondered whether your products and services are really compliant? Or has compliance been consciously or unconsciously undermined to give preference to speed? Believe me, the next audit is bound to come. And someone must take responsibility for any violations that are discovered.
With the Chef Compliance solution, ensuring compliance of the IT infrastructure can be automatically integrated into the development process. With this solution, the compliance check and audit is carried out automatically each time the product is adapted. A dashboard visualizes the automatically checked compliance.
This approach enables all parties involved (software developers, system engineers, security engineers) to implement compliance according to clear rules. The automation allows to test the impact of adjustments on compliance at any time with minimal effort. The compliance officer is elevated to a new role: He is no longer the unpopular policeman who takes manual random samples and reacts reactively to compliance violations. Instead, he proactively specifies rules to ensure that the development process reliably meets compliance in the long term.
Development and manufacturing processes are optimized without breaking existing rules. In recent months, we have been able to observe the consequences of the VW scandal to see what can be avoided in this way.