[mugsie]

With difficulty. For example - you can still have an Ops team, and they have the required access. The developers access to production is done on a case by case basis, with some sort of tracking of who logged in. and why. Also, doing full pre - merge code review helps, as it is yet another set of eyes on the code that will be pushed to production...

In short - its not a "one solution fits all", and it is something that needs to be discussed with you SOX auditors, to find a working solution for your company

[chomp]

Thanks for the response! We keep a distinct separation of duties, but we try to keep both groups in constant contact to minimize animosity in both groups. We pick and choose some DevOps ideals to make it fit, was just curious about other people's experience.