Agile-DevOps integration in regulated environments : challenges and strategies for compliance-driven industries

Abstract

Strict regulatory controls in banking, healthcare and energy sectors make it hard for their software development and operations teams to fully implement Agile and DevOps practices. This study explores how organizations combine mandatory compliance with iterative software delivery. With interviewing a number of senior practitioners from banking and energy sectors and systematically analysing thirteen published industry cases, this research finds out the common constraints, adaptive practices and evidence mechanisms. All data were analysed using a unified Constraint-Practice-Evidence (C-P-E) coding framework to identify the recurring patterns across different sectors. The findings present four dominant regulatory constraint categories which are mitigated by automating compliance directly into CI/CD pipelines, integrating compliance tasks into sprint planning and enforcing policies through code and service accounts. The resulting Constraint-Practice-Evidence framework shows that agility and regulatory control can coexist when compliance is integrated as automated rather than being a separate manual process. Overall, this research offers practical guidelines for DevOps teams along with suggesting a clear and short Constraint-Practice-Evidence model.