Question

A company is considering adopting DevOps practices.Why is compliance made easier when you practice DevOps?

a. Control objectives are manually enforced.
b. Compliance relies on inspection.
c. You can certify for a pipeline and not the release.

Answer 1

Compliance is made easier by practicing DevOps because it integrates automated compliance checks within the CI/CD pipeline, ensuring continuous enforcement of control objectives and removing the need for separate compliance certification for each release.

Step-by-step explanation:

The question asks why compliance is made easier when a company practices DevOps. One of the key advantages of DevOps is the integration of compliance and quality assurance into the continuous integration/continuous deployment (CI/CD) pipeline. By automating compliance checks within the pipeline, control objectives are consistently enforced throughout the software development life cycle.

This ensures that all code commits, builds, and deployments are in line with the required compliance standards, which can be verified automatically rather than relying on manual inspection. Additionally, when the CI/CD pipeline is certified for compliance, individual releases, which are subject to this pipeline, inherit this compliance check, negating the need for separate certification for each release.