How CICC’s iBanker Project Achieved Advanced DevSecOps Certification

Standardization and tooling are key for enterprise success; the DevOps standards and continuous delivery pipeline platform significantly improve quality, efficiency, and security.

On October 26, 2023, the 21st GOPS Global Operations Conference in Shanghai announced the latest DevOps standards assessment results released by the China Academy of Information and Communications Technology (CAICT).

China International Capital Corporation (CICC) participated with two projects: the Integrated Risk Management System Business Platform and the iBanker integrated investment‑banking platform. Both projects passed CAICT’s “DevSecOps” Level‑2 security development and delivery assessments, demonstrating an advanced domestic capability.

CICC also passed one Continuous Testing (CT) assessment.

To date, CICC has passed ten continuous‑delivery assessments, two DevSecOps assessments, one CT assessment, and one system‑and‑tool assessment.

Interviews with CICC’s chief information officer Cheng Long and senior IT executives Luo Chang, Lin Tao, and Ye Mingdeng detail how the company integrated DevSecOps, covering cultural training, process redesign, and technical tooling, the challenges encountered, and future plans such as strengthening security awareness, enhancing testing and monitoring, and expanding automation.

Industry statistics show the number of securities and fund‑sector enterprises that have undergone DevOps capability maturity model assessments as of October 26, 2023.

The DevOps Capability Maturity Model, led by CAICT and supported by major internet, financial, and telecom firms, is the first comprehensive domestic and international DevOps standard, officially released by the Ministry of Industry and Information Technology and recognized by the ITU‑T.