Tuesday, April 27, 2021
Security and development teams might not have a lot in common, but there's always a collective sigh of relief when a difficult compliance audit ends. Auditors for SOC 2, ISO 27001 — or really, any framework — will inevitably pull your developers into providing evidence, explaining vague processes, and correcting identified issues. If both teams don't start following best practices well before the audit begins, it sidetracks roadmaps and hurts your ability to deliver on business-critical projects.
So what can development leads do now to minimize disruption later? What changes can your team start already, and what items should you be expecting from your security colleagues? I'll aim to answer both these questions, pulling from 8+ years of experience in leading security teams through compliance audits across a variety of business sizes and industries.
Download these images to your phone and post using the Instagram app.