Why did we join FINOS?
The financial services industry faces unique challenges in balancing rapid innovation with stringent regulatory requirements and security standards. While many organizations have individually developed solutions for DevOps controls and change management, there's a pressing need for standardization and shared best practices.
FINOS already has projects focused on DevOps Automation and Common Cloud Controls. This provides the ideal collaborative platform to bring industry leaders together to solve these common challenges.
Industry Challenges in SDLC Controls
Today's financial institutions grapple with fundamental questions about software delivery lifecycle (SDLC) controls. Each organization defines and implements controls differently, leading to uncertainty about effectiveness and best practices. Questions like "Are we doing the right things?" and "What does good look like?"; remain challenging to answer without industry-wide standards. Meanwhile, legacy change management approaches built around tickets, forms, manual approvals, and trust-based attestations are increasingly incompatible with modern DevOps practices.
We believe the path forward lies in open source, vendor- and technology-agnostic solutions. By working together through FINOS, we can develop standards and tools that will have longevity and broad applicability across the industry.
A Community-Driven Approach to Standard SDLC Controls
We believe that the most effective solutions emerge through open collaboration. By joining FINOS, we aim to:
- Be part of industry-wide discussions on standardizing DevOps controls and
change management practices
- Work towards a shared open source framework for automated compliance that
benefits all financial institutions
- Help establish best practices for implementing automated controls in modern
delivery pipelines
- Develop common standards for audit trails and change documentation that meet
regulatory requirements
Looking Ahead to Common SDLC Design Patterns
We envision a future where financial institutions can leverage community-driven standards and tools to implement robust DevOps controls without sacrificing speed or agility. Our immediate focus areas for collaboration include:
- Establishing common “design patterns” for automated controls
- Defining standardized approaches to change management automation
- Creating shared specifications for audit trails and compliance documentation
- Developing reference implementations that demonstrate best practices
Joining the Conversation
We understand that many of these conversations are already underway in FINOS, and are eager to join the party. Whether you're currently struggling with DevOps controls, have solutions to share, or are interested in shaping industry standards, your voice
matters in this conversation.
To learn more about our work in this space or to collaborate with us through FINOS, please reach out!
---
About Kosli: Kosli helps financial institutions automate their SDLC controls and audit trails, enabling them to deliver compliant and secure changes at the speed of DevOps. Our platform provides real-time visibility and control of software delivery processes, ensuring that all changes meet regulatory requirements while maintaining the agility needed in modern development environments.
Author: Mike Long, CEO, Kosli