Sponsored by IBM

September 26 2018



Compliance and audit readiness are more important than ever, as our customers demand more control over their personal data, while sophisticated attackers try to break into our IT systems.  Many standard practices related to regulatory compliance assume a waterfall delivery model and a clear separation between development and operations.  DevOps practices, such as continuous delivery and removing barriers between dev and ops, can make those standards more difficult to follow.  On the other hand, the business value of DevOps practices is well known and proven. 

To set the stage, we'll describe some relevant standards and regulations.  We'll discuss the difference between security and data privacy.  Then we'll discuss Separation of Duties, its purpose and goals, and different ways to implement it.  Throughout, we'll show how we we can adapt DevOps practices to help us harden our systems, while we adapt our standards to enable DevOps.  You'll learn how you can make compliance easier for your development teams, and collect the relevant process documentation needed for audit readiness.  In the process, we can move from compliance gates to continuous compliance.


Ann Marie Fred

DevOps Lead - Commerce Platform, IBM Digital Business Group


Ann Marie Fred has worked at IBM as a Software Engineer since 1998, and a manager since 2015. She has a Bachelor of Science in Computer Science degree from Duke University, and a Master's of Computer Science degree from the University of North Carolina at Chapel Hill. She worked on the first DevOps-focused team at IBM in 2011, and currently works in the IBM Marketplace organization, where development squads deploy dozens of changes per day to production, monitor their own components, and support them.

David Jenkins[204032]

David Jenkins

IBM Distinguished Engineer, IBM

David Jenkins is an IBM Distinguished Engineer in the Office of the US Federal CTO. He has over 29yrs experience in designing and developing enterprise grade IT solutions.  David has a passion for technology that has led to experience across a variety of industries; commercial, industrial, government, manufacturing, and media.  He provides leadership across the IBM portfolio working with scores of IBM offering teams to address security and compliance requirements.