ChefConf 2018 Session: How to Prepare for an Audit (AKA Make Audits Suck Less)
Seth Thoenen
Systems Engineer, Jack Henry & Associates

Most companies are subject to some form of audit compliance. Whether it’s HIPAA, SOX, FFIEC, PCI, or any number of other acronyms, providing compliance data in a large environment can be extremely challenging.

Fragmentation and siloing between audit, operations, and security teams leads to extremely painful audits, taking thousands of staff hours across multiple teams. Operations teams end up providing similar information to multiple audit and compliance teams. Auditor requests can also be non-standard, sometimes asking to run untrusted data collection scripts.

But all is not lost. Using tools like Automate, Chef, and InSpec, it’s possible to break down silos by giving the audit, compliance, and security teams more control over compliance policies and bring these teams together to solve a common problem. Learn how one large enterprise with over 10K nodes is making this journey toward continual compliance. Highlights include some lessons learned along with some current challenges.

ChefConf 2018 Videos