Compliance is mostly achieved by having ops people who have credentials to do stuff on prod server. They don't do dev, they do 2nd line support and they work with devs on new releases. Prod and acceptance changes are always 4 eyes. Though if no config changes then it is 0 eyes, because automated deploys, and ops guy just pushes button. So team is devops and those ops people are in the team having tasks on delivering releases.
So whole devops is just working together not just throwing stuff over the fence. It works great with QA, security, ops. It is all about people willing to work with each other. No amount of tools will substitute that.
So whole devops is just working together not just throwing stuff over the fence. It works great with QA, security, ops. It is all about people willing to work with each other. No amount of tools will substitute that.