Myth—DevOps is Incompatible with Information Security and Compliance: The absence of traditional controls (e.g., segregation of duty, change approval processes, manual security reviews at the end of the project) may dismay information security and compliance professionals.
However, that doesn’t mean that DevOps organizations don’t have effective controls. Instead of security and compliance activities only being performed at the end of the project, controls are integrated into every stage of daily work in the software development life cycle, resulting in better quality, security, and compliance outcomes.
A statement in support of the notion that compliance (SDLC compliance) can be an integral part of DevOps. Need to dig further for examples of 'controls integrated into every stage of daily work'.
Share this highlighthttp://www.safaribooksonline.com/a/the-devops-handbook/9793048/