I am going through (my first) PCI audit right now (so much fun). The auditors have been quite accepting of "devops" as long as you do a good job documenting WHY the people have the access they do.
--- Jeremy M Page From: [email protected] [[email protected]] on behalf of Pete Jansson [[email protected]] Sent: Friday, September 25, 2015 6:55 AM To: Yves Dorfsman Cc: [email protected] Subject: Re: [lopsa-tech] DevOps, continuous delivery and separation of duty (SOX/PCI) The DevOps Audit Defense Toolkit can help: http://itrevolution.com/devops-and-auditors-the-devops-audit-defense-toolkit/ Pete. On Fri, Sep 25, 2015 at 5:11 AM, Yves Dorfsman <[email protected]> wrote: I'd like to hear from people who worked in environments requiring "separation of duty" (SOX, PCI) and how they have dealt with: - continuous delivery: how do you automate deploys if a "trusted human who is not a dev" has to sign off each deploy? - mixed team and separation of duty: especially on smaller teams, the ops people might be involved in some of the developments, in some areas, both dev and ops will be involved (build and deploy code), which leads with people with needing both repository access to code and ops access to infrastructure. Thanks. -- http://yves.zioup.com gpg: 4096R/32B0F416 _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/ Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment. _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
