Compliance is Broken: The DevOps Revolution for Audit & Controls (Stop Spreadsheets!)

Are you an engineering leader, architect, or senior developer frustrated by manual spreadsheets, periodic audits, and Confluence pages every six months? Ian Miell exposes why the traditional approach to IT controls and audits is obsolete and reveals a radical, open-source solution.

In this InfoQ video, he introduces the Continuous Compliance Framework (CCF), an architectural shift that applies DevOps and observability principles to compliance. Forget point-in-time checks - learn how to achieve continuous, real-time evidence gathering across your hybrid cloud estate (AWS, Azure, On-Prem) and finally get the single pane of glass you need to sleep at night.

⏱️ Video Timestamps (For Navigation)

0:00 Intro: Compliance is Broken & The Revolution
1:55 Why Regulated Industries are Adopting Cloud-Native
3:20 Part 1: What is Wrong with Compliance & Audit Today?
5:45 The 4 Problems with Audits: Manual, Periodic, Process-Focused, Bespoke
9:15 Why is it like this? The "Compliance Tax" & Resistance to Innovation
12:00 The Regulatory Shift: DORA & Machine-Readable Regulations
14:00 DEMO: The Continuous Compliance Framework (CCF) Live
16:50 CCF Dashboards: Viewing Findings by Type, Subject, and Catalog
19:30 Mapping Findings to NIST SP 800-53 Controls for Auditors
21:05 How We Accidentally Built CCF & Architectural Decisions
23:25 OSCAL Standard: The Key to Interoperability in Compliance
26:10 Lessons Learned & The "Help Me Sleep at Night" Use Case
28:05 Q&A: Handling Subjective Requirements & Automation Scope
30:20 Q&A: Auto-Remediation and Taking Action from Findings
31:40 Q&A: Data Sovereignty and Why CCF is NOT SaaS
32:55 Q&A: Who Should Be Excited—Tech Team or Audit Team?

🔗 Transcript available on InfoQ: https://bit.ly/4oZEivq

#DevOps #ComplianceAsCode #CloudNative