Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Watch this 49-minute InfoQ conference talk that exposes the fundamental flaws in traditional IT compliance and audit approaches while introducing a revolutionary DevOps-based solution. Discover why manual spreadsheets, periodic audits, and static Confluence pages are obsolete for modern engineering teams and learn about the Continuous Compliance Framework (CCF), an open-source architectural shift that applies DevOps and observability principles to compliance management. Explore the four critical problems plaguing current audit processes: their manual nature, periodic timing, process-focused approach, and bespoke implementations, while understanding the "compliance tax" that creates resistance to innovation in regulated industries. Examine the regulatory shift toward machine-readable regulations like DORA and witness a live demonstration of CCF in action, including real-time dashboards that display findings by type, subject, and catalog across hybrid cloud environments spanning AWS, Azure, and on-premises infrastructure. Learn how CCF maps findings to NIST SP 800-53 controls for auditors and understand the OSCAL standard's role in achieving compliance interoperability. Gain insights into the accidental development of CCF, key architectural decisions, and practical lessons learned from implementing continuous, real-time evidence gathering. Participate in comprehensive Q&A sessions covering subjective requirements handling, automation scope, auto-remediation capabilities, data sovereignty considerations, and determining whether technical teams or audit teams should champion this transformation.
