We are thrilled to announce 📢 Kosli is now SOC 2 Type 2 compliant - Read more
New Feature: Kosli Trails is liveCreate comprehensive audit trails for any DevOps activity - Read more
kosli Secure SDLC process template image loop

How to define your software process using the Secure SDLC process template

Mike Long
Author Mike Long
Published October 28, 2022 in technology
clock icon 3 min read

Something I’ve learned over the last 10 years of helping organizations with DevOps is that teams frequently struggle to define a software development process. You’ll find a lot of content on Google around refining your process, ensuring compliance in your process, making your process more secure, etc. But there’s not so much advice on actually defining one.

What I’ve heard from teams is that they don’t really know what their process should look like in the first instance. No two frameworks are ever the same and mapping requirements to a set of tools and processes is an underrated challenge. 

But, whether a company is a financially regulated institution operating under license, or simply trying to conform to industry standards like ISO27001, SOC2 or HIPAA, there is a basic need to follow a software development process of some kind. And in my experience there’s no better guiding star than DevOps.

Defining good processes is hard and tools aren’t enough

One of the great benefits of adopting DevOps automation in your development culture is that it really helps you to conform to a process. A word of caution here though. It is a classic mistake to think that superimposing new tools on top of the status quo will somehow lead to great efficiencies. You don’t want to lock in conformity when a process is poorly defined or otherwise suboptimal. This will stop you from realizing the full potential of hard won improvements. 

Simply adopting new tools isn’t enough. Being open minded about how they might enable new ways of working, of defining a new and better process, is vital. 

This is harder than it might seem. In many cases software processes tend to become static and hard to change. Those doing the work can feel unempowered or even threatened by changes to the status quo. After all, their old process was how they’d passed audits in the past.

With DevOps we can share a common starting point

Having helped many customers through the journey from an old process to a new one I’ve seen many patterns emerge. Perhaps most surprising is that the governance framework, industry, and software technology don’t really matter - most software development processes are inherently the same.  

That’s why we have created the Secure SDLC Process Template, as a common starting point for written process documentation.

Secure SDLC Process Template introduction screengrab

We have distilled real processes used by leading regulated DevOps institutions to deliver compliant, secure, and audit-ready software. And we’ve done it in a way that means teams can get started quickly, and then iterate quickly. Our framework is based on the following basic principles: 

  • Easily configurable, versionable, and easy to replicate
  • Self-host as an open source static website 
  • Shared with a permissive license MIT
  • A common process documentation start point

DevOps Values and Continuous Compliance

The Secure SDLC Process Template is a defined secure software development process with DevOps Culture at its heart and it’s already used in many companies. It provides a great way for teams to understand process compliance while also showing how DevOps values can help them achieve the goal of continuous compliance

Secure SDLC Process Template devops values and continuous compliance

One company using the framework successfully is Norwegian fintech, Stacc. Here’s the verdict from Espen, their CTO.  

“When embarking on our ISO27001 journey, we knew we needed a process that could preserve our DevOps culture, but also stand up to audit. It had to fit our wide range of teams and technologies, while still ensuring standards and controls were in place. The DevOpsCTL process gave us a great starting point for building our own custom and evolving software process.” 

You can find the framework at www.devopsctl.com, fork the repo, and get compliant! Pull requests are welcome! 🤗


Published October 28, 2022, in technology


Stay in the loop with the Kosli newsletter

Get the latest updates, tutorials, news and more, delivered right to your inbox
Kosli is committed to protecting and respecting your privacy. By submitting this newsletter request, I consent to Kosli sending me marketing communications via email. I may opt out at any time. For information about our privacy practices, please visit Kosli's privacy policy.
Kosli team reading the newsletter

Got a question about Kosli?

We’re here to help, our customers range from larges fintechs, medtechs and regulated business all looking to streamline their DevOps audit trails

Contact us
Developers using Kosli