AWS re:Invent 2025 - A leader's guide to achieving compliance through software excellence (SNR304)

Source: Dev.to

Overview

AWS re:Invent 2025 – A leader’s guide to achieving compliance through software excellence (SNR304)

In this session Tom Godden (AWS Executive in Residence, former CIO of Foundation Medicine) and Ian Sutcliffe (Principal Tech Strategist) present a framework for achieving compliance through software excellence rather than “documentation theater.”
They introduce natural compliance, where quality emerges from engineering practices instead of manual processes.

The framework consists of four pillars:

1. Culture – Shift from a compliance‑first mindset to a quality‑first mindset with weekly demos.
2. Organization – Embed compliance experts directly in product teams, eliminating silos.
3. Mechanisms – Automate testing, use CI/CD pipelines as validators, and leverage existing tools (e.g., JIRA) to generate immutable compliance evidence.
4. Execution – Run 90‑day transformation sprints that deliver incremental wins.

Key points highlighted

• FDA and other regulators now encourage automation over extensive documentation.
• Reported compliance costs in financial services average $30 M annually, with a 2.71× penalty ratio for non‑investment.
• The approach enables daily deployments while maintaining regulatory compliance through automated controls and immutable evidence.

This article is auto‑generated from the original presentation; minor typos or inaccuracies may be present.

Introduction: Rethinking the Relationship Between Compliance and Innovation

“Hello everyone. Thank you so much for joining us today. This is A Leader’s Guide to Achieving Compliance through Software Excellence.”

Tom Godden introduces himself as an Executive in Residence at AWS, formerly CIO of Foundation Medicine, the world’s largest genomics company. Ian Sutcliffe, Principal Tech Strategist for the Healthcare and Life Sciences vertical, joins him.

They note that many organizations view compliance and innovation as opposing forces—compliance feels overwhelming, drowning teams in documentation, while competitors seem to move faster. The session challenges this assumption, proposing that software excellence can make compliance a natural outcome, reinforcing rather than hindering innovation.

Watch the video on YouTube

Natural Compliance

The speakers coin the term “natural compliance” to describe a state where compliance emerges automatically from high‑quality engineering practices, without additional manual effort.

• Compliance is engineered into the workflow rather than bolted on at the end.
• It does not lower standards; instead, it raises quality by making compliance an intrinsic property of the software development process.
• Executives in highly regulated sectors confirm that they are not seeking to be reckless—rather, they want to achieve compliance more efficiently.

“When you build software with excellence, compliance becomes automatic, like a healthy tree bearing fruit—no extra force, no additives.”

Traditional Compliance vs. Natural Compliance

Traditional Approach

1. Build → Document → Scramble – Teams develop software first, then add compliance documentation as an after‑thought.
2. Results in “documentation theater” – impressive stacks of paperwork that look good but provide little real assurance.

Natural Compliance Approach

1. Integrate compliance into development – Use automated testing, CI/CD pipelines, and embedded compliance experts to generate immutable evidence continuously.
2. Automation over manual paperwork – Regulators increasingly accept automated evidence as proof of compliance.

Implementation Tactics

• Weekly demos to showcase compliance‑ready features to stakeholders.
• Embedding compliance experts within product squads to break down silos.
• Leveraging existing tools (e.g., JIRA) to automatically generate audit trails and compliance artifacts.
• 90‑day transformation sprints that focus on delivering measurable compliance improvements incrementally.

Closing Thoughts

The session concludes that software excellence and compliance are not mutually exclusive. By re‑architecting culture, organization, mechanisms, and execution, organizations can achieve regulatory compliance as a natural by‑product of their development processes, enabling faster innovation and higher quality outcomes.