kosli devops control ctl framework devops loop

How to define your software process using the DevOpsCTL Framework

Mike Long
Mike Long
Published October 28, 2022 in technology

Something I’ve learned over the last 10 years of helping organizations with DevOps is that teams frequently struggle to define a software development process. You’ll find a lot of content on Google around refining your process, ensuring compliance in your process, making your process more secure, etc. But there’s not so much advice on actually defining one.

What I’ve heard from teams is that they don’t really know what their process should look like in the first instance. No two frameworks are ever the same and mapping requirements to a set of tools and processes is an underrated challenge. 

But, whether a company is a financially regulated institution operating under license, or simply trying to conform to industry standards like ISO27001, SOC2 or HIPAA, there is a basic need to follow a software development process of some kind. And in my experience there’s no better guiding star than DevOps.

Defining good processes is hard and tools aren’t enough

One of the great benefits of adopting DevOps automation in your development culture is that it really helps you to conform to a process. A word of caution here though. It is a classic mistake to think that superimposing new tools on top of the status quo will somehow lead to great efficiencies. You don’t want to lock in conformity when a process is poorly defined or otherwise suboptimal. This will stop you from realizing the full potential of hard won improvements. 

Simply adopting new tools isn’t enough. Being open minded about how they might enable new ways of working, of defining a new and better process, is vital. 

This is harder than it might seem. In many cases software processes tend to become static and hard to change. Those doing the work can feel unempowered or even threatened by changes to the status quo. After all, their old process was how they’d passed audits in the past.

With DevOps we can share a common starting point

Having helped many customers through the journey from an old process to a new one I’ve seen many patterns emerge. Perhaps most surprising is that the governance framework, industry, and software technology don’t really matter - most software development processes are inherently the same.  

That’s why we have created the DevOpsCTL Framework, as a common starting point for written process documentation.

DevOps Control Framework introduction screengrab

We have distilled real processes used by leading regulated DevOps institutions to deliver compliant, secure, and audit-ready software. And we’ve done it in a way that means teams can get started quickly, and then iterate quickly. Our framework is based on the following basic principles: 

  • Easily configurable, versionable, and easy to replicate
  • Self-host as an open source static website 
  • Shared with a permissive license MIT
  • A common process documentation start point

DevOps Values and Continuous Compliance

The DevOps Control Framework is a defined secure software development process with DevOps Culture at its heart and it’s already used in many companies. It provides a great way for teams to understand process compliance while also showing how DevOps values can help them achieve the goal of continuous compliance. 

devops control framework devops values and continuous compliance

One company using the framework successfully is Norwegian fintech, Stacc. Here’s the verdict from Espen, their CTO.  

“When embarking on our ISO27001 journey, we knew we needed a process that could preserve our DevOps culture, but also stand up to audit. It had to fit our wide range of teams and technologies, while still ensuring standards and controls were in place. The DevOpsCTL process gave us a great starting point for building our own custom and evolving software process.” 

You can find the framework at www.devopsctl.com, fork the repo, and get compliant! Pull requests are welcome! 🤗


About this article

Published October 28, 2022 in technology

About the author

Mike Long

Mike Long


ABOUT THIS ARTICLE

Published October 28, 2022, in technology

AUTHOR
Mike Long
Mike Long
Live in Git Blame? Don’t spend hours searching for the change that broke your application! Query, search and discover all the changes in one place

Latest articles

Kosli announces Innovation Partnership with DNB and Firi

We are pleased to announce that Innovasjon Norge has awarded Kosli an innovation grant of 3.4 million NOK to pursue a R&D project with DNB and Firi. In this blog we’ll give you an overview of the …

The Ultimate Guide to git blame: A How To with Examples

Source control tools give users many powers and one of the big ones is traceability. With traceability tools you can know exactly who made each change and when they made it. In Git, you use the git …

Git Blame in VS Code: The 4 Best Options

Most production projects have a team collaborating on them, so even in a single file there can be multiple contributors. When things go wrong, it’s useful to understand how and why certain changes …

Sign up to our newsletter

We'll let you know about the Kosli launch, product news, features and updates
Kosli is committed to protecting and respecting your privacy. By submitting this newsletter request, I consent to Kosli sending me marketing communications via email. I may opt out at any time. For information about our privacy practices, please visit Kosli's privacy policy.
Kosli team reading the newsletter

Let’s chat!

Got a question about Kosli? An idea for a new feature? Join Kosli Slack and talk to us.

Join
Developers using Kosli