|
|
|
|
|
|
by jiveturkey
1410 days ago
|
|
|
Not impossible. even in a prescriptive framework like ISO 27001, adequate SOD is a judgement call between you and the auditor. Generally speaking, if a single dev can push a code change to prod, in a way that would escape audit or not require a second pair of eyes, that would not be compliant. So if a dev writing code, also manages the deploy environment, that may not pass muster. But it's not that cut and dried. There are degrees of rigor. |
|
|