Security & Compliance

Whilst there is an argument for introducing security and compliance early in the SDLC, there is no point in stifling creativity. There is a pragmatic balance to be achieved between making something work in a prototype and making it secure and compliant for use with live or sensitive data.

New World, New Ways

The collaborative, iteration driven nature of Agile and DevOps means there is now an even greater need for the appropriate security and compliance to be incorporated at the right time. Implementing the right level at each stage of development is critical to progress and viability.


DevSecOps is not just about implementing security tools. You need to understand the business needs and risk management parameters as well as the motivations behind, risks posed by and potential impact of threats so you know what to mitigate against and when.


Whether you need PCI DSS, SOC2, ISO 27001 or all of these, built in compliance greatly reduces time and effort as well as potential exposure. Whilst compliance may be a moving target, there is no reason the fundamentals cannot be programmed in and tailored to suit.

Get in Touch

Contact us to discuss how we might play a part in your digital transformation.

Containers are still a buzz word today and one I think we will see die out in the not too distant future and here are my reasons for thinking that.
Testing does not need to be a tedious burden that delays releases. Building an automated framework to facilitate testing early and often in the SDLC as part of a CI/CD pipeline is working smart.