Explore Our Venue

Don't miss our next announcement

Subscribe to our newsletter:

DevOps All Attendees Gaige Hall 202

Engineering for security compliance: How to prepare before the audit

A man with a full reddish beard and beige cap looks to the side outdoors with a blurred green background.

Matthew Connerton

Security and privacy compliance certifications—like SOC 2 (a leading audit standard for security, availability, and confidentiality) and HITRUST (a healthcare-focused security framework) — are becoming requirements for healthcare, finance, and other high-trust industries. Waiting until audit season to start to prepare can be overwhelming.

This session shares engineering-side lessons from Encore Healthcare’s journey to SOC 2 and HITRUST readiness. Instead of a checklist of requirements, we’ll focus on designing systems, processes, and documentation so you’re always ready to provide evidence to an auditor. We’ll walk through how we integrated compliance into our SDLC, infrastructure, access control, logging, and team processes—what worked, what didn’t, and the pitfalls we wish we’d avoided.

You’ll leave with a blueprint for making security compliance part of your natural engineering workflow, not a stressful scramble.

Learning Objectives

By the end of this session, attendees will be able to:

  1. Apply engineering practices (SDLC, logging, IaC, access control) that generate audit-ready evidence automatically.
  2. Perform internal reviews (onboarding checklists, policy adherence, vendor management) that reduce last-minute compliance gaps.
  3. Develop a practical plan for working with consultants, clarifying ambiguous audit requests, and avoiding common pitfalls in SOC 2/HITRUST readiness.

Target Audience

  • Engineering leaders and senior developers responsible for compliance-sensitive Drupal applications
  • DevOps and infrastructure teams preparing for SOC 2 or HITRUST
  • Technical managers balancing product delivery with compliance requirements

Prerequisites

  • Familiarity with modern software development practices (version control, CI/CD, IaC)
  • Experience operating Drupal or other SaaS/web applications in production
  • No prior compliance experience required — this is about engineering preparation, not legal fine print

Additional Details:

  • Audience level: All Attendees
  • Topic: DevOps
  • Room: Gaige Hall 202

Updates

Join Us at the Higher Education Summit Keynote: Higher Ed, Civic Trust and the Role of the Web

Discover how higher ed websites can build civic trust and reflect community values. Join Jessica Pontarelli Evans of Brown University as she explores the web’s public purpose at the New England Drupal Camp’s Higher Education Summit keynote.

2025 Keynote Announced!

What happens when you treat curiosity not as a means to an end, but as a design tool in its own right? In this year’s keynote, Jason Pamental unpacks how following hunches, chasing questions, and poking at the edges of the unknown can lead to richer, more resonant digital experiences.